Refine your search
19 vulnerabilities found for Identity Services Engine by Cisco
CERTFR-2025-AVI-0539
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco Identity Services Engine. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Cisco indique que les vulnérabilités CVE-2025-20281 et CVE-2025-20337 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Identity Services Engine (ISE) et ISE Passive Identity Connector (ISE-PIC) versions 3.3.x sans le correctif 3.3 Patch 6ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) et ISE Passive Identity Connector (ISE-PIC) versions 3.4.x sans le correctif 3.4 Patch 2ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Identity Services Engine (ISE) et ISE Passive Identity Connector (ISE-PIC) versions 3.3.x sans le correctif 3.3 Patch 6ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) et ISE Passive Identity Connector (ISE-PIC) versions 3.4.x sans le correctif 3.4 Patch 2ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20281"
},
{
"name": "CVE-2025-20337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20337"
},
{
"name": "CVE-2025-20282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20282"
}
],
"initial_release_date": "2025-06-26T00:00:00",
"last_revision_date": "2025-08-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0539",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-26T00:00:00.000000"
},
{
"description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-20337",
"revision_date": "2025-07-17T00:00:00.000000"
},
{
"description": "L\u0027\u00e9diteur indique que les vuln\u00e9rabilit\u00e9s CVE-2025-20281, CVE-2025-20282 et CVE-2025-20337 sont activement exploit\u00e9es.",
"revision_date": "2025-07-22T00:00:00.000000"
},
{
"description": "La vuln\u00e9rabilit\u00e9 CVE-2025-20282 n\u0027est plus annonc\u00e9e comme exploit\u00e9e par l\u0027\u00e9diteur.",
"revision_date": "2025-08-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Identity Services Engine. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nCisco indique que les vuln\u00e9rabilit\u00e9s CVE-2025-20281 et CVE-2025-20337 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Identity Services Engine",
"vendor_advisories": [
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
]
}
CERTFR-2025-AVI-0479
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | UCS Server Software versions 4.x antérieures à 4.1(3n) pour UCS B-Series et X-Series Servers en mode UCS Manager | ||
| Cisco | Nexus Dashboard Fabric Controller | Nexus Dashboard versions postérieures à 3.1 et antérieures à 3.2(2f) | ||
| Cisco | N/A | Intersight Server Firmware versions postérieures à 5.1 et antérieures à 5.2(2.240073) pour UCS X-Series Servers | ||
| Cisco | N/A | UCS Server Software versions 4.3 antérieures à 4.3(4c) pour UCS B-Series et X-Series Servers en mode UCS Manager | ||
| Cisco | N/A | IEC6400 Edge Compute Appliances sans la mise à jour IEC6400-HUU-4.2.3j.img | ||
| Cisco | N/A | Secure Malware Analytics Appliances versions antérieures à 2.19.4 | ||
| Cisco | Identity Services Engine | ISE versions 3.1 à 3.4 sans le patch de sécurité ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz | ||
| Cisco | N/A | UCS Server Software versions 4.2 antérieures à 4.2(3k) pour UCS B-Series et X-Series Servers en mode UCS Manager | ||
| Cisco | N/A | Secure Firewall Management Center Appliances sans le dernier patch de sécurité | ||
| Cisco | N/A | Intersight Server Firmware versions 5.0 antérieures à 5.0(4f) pour UCS X-Series Servers en mode Intersight Managed | ||
| Cisco | N/A | UCS Server Software versions 5.X antérieures à 5.2(2.240073) pour UCS B-Series Servers in Intersight Managed Mode | ||
| Cisco | N/A | UCS Server Software versions 4.X antérieures à 4.2(3i) pour UCS B-Series Servers in Intersight Managed Mode | ||
| Cisco | N/A | Secure Network Analytics Appliances sans le correctif de sécurité patch-common-SNA-FIRMWARE-20240305-v2-01.swu | ||
| Cisco | N/A | UCS Server Software versions 4.x antérieures à 4.2(2f), 4.2(3b) pour UCS C-Series et S-Series servers en mode standalone ou Intersight Managed Mode | ||
| Cisco | N/A | Secure Endpoint Private Cloud Appliances sans le dernier patch de sécurité | ||
| Cisco | N/A | Intersight Server Firmware versions 5.x antérieures à 5.2(2.240073) pour UCS B-Series Servers en mode Intersight Managed | ||
| Cisco | N/A | Cisco Telemetry Broker Appliance sans le microgiciel m6-tb2300-ctb-firmware-4.3-2.240009.iso | ||
| Cisco | N/A | UCS Server Software versions 4.x antérieures à 4.2(2c), 4.2(3b) pour UCS C-Series and S-Series Servers en mode UCS Manager |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UCS Server Software versions 4.x ant\u00e9rieures \u00e0 4.1(3n) pour UCS B-Series et X-Series Servers en mode UCS Manager ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus Dashboard versions post\u00e9rieures \u00e0 3.1 et ant\u00e9rieures \u00e0 3.2(2f)",
"product": {
"name": "Nexus Dashboard Fabric Controller",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server Firmware versions post\u00e9rieures \u00e0 5.1 et ant\u00e9rieures \u00e0 5.2(2.240073) pour UCS X-Series Servers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 4.3 ant\u00e9rieures \u00e0 4.3(4c) pour UCS B-Series et X-Series Servers en mode UCS Manager ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IEC6400 Edge Compute Appliances sans la mise \u00e0 jour IEC6400-HUU-4.2.3j.img ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Malware Analytics Appliances versions ant\u00e9rieures \u00e0 2.19.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ISE versions 3.1 \u00e0 3.4 sans le patch de s\u00e9curit\u00e9 ise-apply-CSCwn63400_3.1.x_patchall-SPA.tar.gz",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 4.2 ant\u00e9rieures \u00e0 4.2(3k) pour UCS B-Series et X-Series Servers en mode UCS Manager ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Firewall Management Center Appliances sans le dernier patch de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server Firmware versions 5.0 ant\u00e9rieures \u00e0 5.0(4f) pour UCS X-Series Servers en mode Intersight Managed ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 5.X ant\u00e9rieures \u00e0 5.2(2.240073) pour UCS B-Series Servers in Intersight Managed Mode",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 4.X ant\u00e9rieures \u00e0 4.2(3i) pour UCS B-Series Servers in Intersight Managed Mode",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Network Analytics Appliances sans le correctif de s\u00e9curit\u00e9 patch-common-SNA-FIRMWARE-20240305-v2-01.swu ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 4.x ant\u00e9rieures \u00e0 4.2(2f), 4.2(3b) pour UCS C-Series et S-Series servers en mode standalone ou Intersight Managed Mode ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Endpoint Private Cloud Appliances sans le dernier patch de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Intersight Server Firmware versions 5.x ant\u00e9rieures \u00e0 5.2(2.240073) pour UCS B-Series Servers en mode Intersight Managed ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telemetry Broker Appliance sans le microgiciel m6-tb2300-ctb-firmware-4.3-2.240009.iso",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS Server Software versions 4.x ant\u00e9rieures \u00e0 4.2(2c), 4.2(3b) pour UCS C-Series and S-Series Servers en mode UCS Manager ",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20261"
},
{
"name": "CVE-2025-20163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20163"
},
{
"name": "CVE-2025-20286",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20286"
}
],
"initial_release_date": "2025-06-05T00:00:00",
"last_revision_date": "2025-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0479",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucs-ssh-priv-esc-2mZDtdjM",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"
},
{
"published_at": "2025-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ndfc-shkv-snQJtjrp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp"
},
{
"published_at": "2025-06-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-aws-static-cred-FPMjUcm7",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"
}
]
}
CERTFR-2025-AVI-0438
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Identity Service Engine versions 3.4 antérieures à 3.4P1 | ||
| Cisco | Unified Intelligence Center | Unified Intelligence Center versions 12.5 antérieures à 12.5(1)SU ES04 | ||
| Cisco | Unified Contact Center Express | Unified Contact Center Express versions antérieures à 15 | ||
| Cisco | Unified Intelligence Center | Unified Intelligence Center versions 12.6 antérieures à 12.6(2)ES04 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Identity Service Engine versions 3.4 ant\u00e9rieures \u00e0 3.4P1",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center versions 12.5 ant\u00e9rieures \u00e0 12.5(1)SU ES04",
"product": {
"name": "Unified Intelligence Center",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express versions ant\u00e9rieures \u00e0 15",
"product": {
"name": "Unified Contact Center Express",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center versions 12.6 ant\u00e9rieures \u00e0 12.6(2)ES04",
"product": {
"name": "Unified Intelligence Center",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20114"
},
{
"name": "CVE-2025-20113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20113"
},
{
"name": "CVE-2025-20152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20152"
}
],
"initial_release_date": "2025-05-22T00:00:00",
"last_revision_date": "2025-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0438",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cuis-priv-esc-3Pk96SU4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
},
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-restart-ss-uf986G2Q",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q"
}
]
}
CERTFR-2024-AVI-0602
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les correctifs de sécurité pour la vulnérabilité CVE-2024-20435 affectant Secure Web Appliance seront publiés en juillet (14.5.3 MR) et août (15.0 MR) 2024. Les correctifs pour la vulnérabilité CVE-2024-20296 affectant ISE seront publiés en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est déjà disponible.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.0.x antérieures à 15.0 MR | ||
| Cisco | Secure Email Gateway | Secure Email Gateway avec une version de paquet de Content Scanner Tools antérieure à 23.3.0.4823 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions antérieures à 3.1P10 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.1.x | ||
| Cisco | Intelligent Node Software | iNode Software versions antérieures à 4.0.0 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P7 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.3.x antérieures à 3.3P3 | ||
| Cisco | Intelligent Node Software | iNode Manager Software versions antérieures à 24.1 | ||
| Cisco | Smart Software Manager | Smart Software Manager (SSM) On-Prem verions 8.x antérieures à 8-202212 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions antérieures à 14.5.3 MR |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Web Appliance avec AsyncOS versions 15.0.x ant\u00e9rieures \u00e0 15.0 MR ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Email Gateway avec une version de paquet de Content Scanner Tools ant\u00e9rieure \u00e0 23.3.0.4823",
"product": {
"name": "Secure Email Gateway",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 3.1P10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions 15.1.x ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Software versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.2.x ant\u00e9rieures \u00e0 3.2P7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.3.x ant\u00e9rieures \u00e0 3.3P3",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Manager Software versions ant\u00e9rieures \u00e0 24.1",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Smart Software Manager (SSM) On-Prem verions 8.x ant\u00e9rieures \u00e0 8-202212",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions ant\u00e9rieures \u00e0 14.5.3 MR",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-20435 affectant Secure Web Appliance seront publi\u00e9s en juillet (14.5.3 MR) et ao\u00fbt (15.0 MR) 2024. Les correctifs pour la vuln\u00e9rabilit\u00e9 CVE-2024-20296 affectant ISE seront publi\u00e9s en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est d\u00e9j\u00e0 disponible.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20435",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20435"
},
{
"name": "CVE-2024-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20401"
},
{
"name": "CVE-2024-20419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20419"
},
{
"name": "CVE-2024-20323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20323"
},
{
"name": "CVE-2024-20296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20296"
}
],
"initial_release_date": "2024-07-18T00:00:00",
"last_revision_date": "2024-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0602",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esa-afw-bGG2UsjH",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-inode-static-key-VUVCeynn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-swa-priv-esc-7uHpZsCC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-file-upload-krW2TxA9",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-auth-sLw3uhUy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy"
}
]
}
CERTFR-2023-AVI-1019
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.0.x sans le correctif de sécurité Hot fix ISE 3.0 Patch 7 ou Hot fix ISE 3.0 Patch 8 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 2.7.x sans le correctif de sécurité Hot fix ISE 2.7 Patch 10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Identity Services Engine (ISE) versions 3.0.x sans le correctif de s\u00e9curit\u00e9 Hot fix ISE 3.0 Patch 7 ou Hot fix ISE 3.0 Patch 8",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 2.7.x sans le correctif de s\u00e9curit\u00e9 Hot fix ISE 2.7 Patch 10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50164"
}
],
"initial_release_date": "2023-12-13T00:00:00",
"last_revision_date": "2024-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1019",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
},
{
"description": "Correction des syst\u00e8mes affect\u00e9s",
"revision_date": "2024-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-struts-C2kCMkmT du 12 d\u00e9cembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT"
}
]
}
CERTFR-2023-AVI-0906
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Dans le bulletin de sécurité Cisco cisco-sa-ftd-intrusion-dos-DfT7wyGC du 01 novembre 2023, Cisco fournit des indicateurs de compromission pour vérifier si la vulnérabilité CVE-2023-20244 a été exploitée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions antérieures à 2.7P10 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions 3.1.x antérieures à 3.1P8 (annoncée courant novembre 2023, la vulnérabilité CVE-2023-20213 est corrigée dans la version 3.1P6) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P3 | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation) | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions 3.0.x antérieures à 3.0P8 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Adaptive Security Appliance (ASA), se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour v\u00e9rifier les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 2.7P10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions 3.1.x ant\u00e9rieures \u00e0 3.1P8 (annonc\u00e9e courant novembre 2023, la vuln\u00e9rabilit\u00e9 CVE-2023-20213 est corrig\u00e9e dans la version 3.1P6)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions 3.2.x ant\u00e9rieures \u00e0 3.2P3",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD), se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour v\u00e9rifier les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC), se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour v\u00e9rifier les versions vuln\u00e9rables (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions 3.0.x ant\u00e9rieures \u00e0 3.0P8",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20213",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20213"
},
{
"name": "CVE-2023-20155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20155"
},
{
"name": "CVE-2023-20063",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20063"
},
{
"name": "CVE-2023-20219",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20219"
},
{
"name": "CVE-2023-20196",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20196"
},
{
"name": "CVE-2023-20086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20086"
},
{
"name": "CVE-2023-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20244"
},
{
"name": "CVE-2023-20220",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20220"
},
{
"name": "CVE-2023-20083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20083"
},
{
"name": "CVE-2023-20175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20175"
},
{
"name": "CVE-2023-20170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20170"
},
{
"name": "CVE-2023-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20095"
},
{
"name": "CVE-2023-20048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20048"
},
{
"name": "CVE-2023-20195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20195"
}
],
"initial_release_date": "2023-11-02T00:00:00",
"last_revision_date": "2023-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0906",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\nDans le bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-intrusion-dos-DfT7wyGC\ndu 01 novembre 2023, Cisco fournit des indicateurs de compromission pour\nv\u00e9rifier si la vuln\u00e9rabilit\u00e9 CVE-2023-20244 a \u00e9t\u00e9 exploit\u00e9e.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asa-icmpv6-t5TzqwNd du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-icmpv6-t5TzqwNd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-intrusion-dos-DfT7wyGC du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-file-upload-FceLP4xs du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-FceLP4xs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fmc-cmd-inj-29MP49hN du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-icmpv6-dos-4eMkLuN du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmpv6-dos-4eMkLuN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-injection-QeXegrCw du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fmc-logview-dos-AYJdeX55 du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-logview-dos-AYJdeX55"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fmc-cmdinj-bTEgufOX du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asa-webvpn-dos-3GhZQBAS du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-dos-3GhZQBAS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ftd-fmc-code-inj-wSHrgz8L du 01 novembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-fmc-code-inj-wSHrgz8L"
}
]
}
CERTFR-2023-AVI-0715
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Plateformes Cisco BroadWorks Application Delivery et Cisco BroadWorks Xtended Services versions Release Independent (RI) antérieures à 2023.06_1.333 et 2023.07_1.332 | ||
| Cisco | N/A | Plateformes Cisco BroadWorks Application Delivery et Cisco BroadWorks Xtended Services versions 23.0.x antérieures à AP.platform.23.0.1075.ap385341 | ||
| Cisco | Identity Services Engine | Cisco ISE (Identity Services Engine) versions 3.2.x antérieures à 3.2P3 | ||
| Cisco | Identity Services Engine | Cisco ISE (Identity Services Engine) versions 3.1.x antérieures à 3.1P7 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Plateformes Cisco BroadWorks Application Delivery et Cisco BroadWorks Xtended Services versions Release Independent (RI) ant\u00e9rieures \u00e0 2023.06_1.333 et 2023.07_1.332",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Plateformes Cisco BroadWorks Application Delivery et Cisco BroadWorks Xtended Services versions 23.0.x ant\u00e9rieures \u00e0 AP.platform.23.0.1075.ap385341",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE (Identity Services Engine) versions 3.2.x ant\u00e9rieures \u00e0 3.2P3",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE (Identity Services Engine) versions 3.1.x ant\u00e9rieures \u00e0 3.1P7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20238"
},
{
"name": "CVE-2023-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20243"
}
],
"initial_release_date": "2023-09-07T00:00:00",
"last_revision_date": "2023-09-07T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0715",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco kCggMWhX du 06 septembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco W7cNn7gt du 06 septembre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt"
}
]
}
CERTFR-2022-AVI-200
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Cisco Identity Services Engine RADIUS versions antérieures à 2.7P6 | ||
| Cisco | N/A | Cisco Ultra Cloud Core versions antérieures à 2020.02.7.07 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine RADIUS versions antérieures à 2.6P11 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine RADIUS versions antérieures à 3.1P1 | ||
| Cisco | N/A | Cisco Ultra Cloud Core versions antérieures à 2020.02.2.47 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine RADIUS versions antérieures à 3.0P5 | ||
| Cisco | N/A | Cisco Expressway Series et Cisco TelePresence VCS Release versions antérieures à 14.0.5 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Identity Services Engine RADIUS versions ant\u00e9rieures \u00e0 2.7P6",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Ultra Cloud Core versions ant\u00e9rieures \u00e0 2020.02.7.07",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine RADIUS versions ant\u00e9rieures \u00e0 2.6P11",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine RADIUS versions ant\u00e9rieures \u00e0 3.1P1",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Ultra Cloud Core versions ant\u00e9rieures \u00e0 2020.02.2.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine RADIUS versions ant\u00e9rieures \u00e0 3.0P5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series et Cisco TelePresence VCS Release versions ant\u00e9rieures \u00e0 14.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20754"
},
{
"name": "CVE-2022-20756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20756"
},
{
"name": "CVE-2022-20755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20755"
},
{
"name": "CVE-2022-20762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20762"
}
],
"initial_release_date": "2022-03-03T00:00:00",
"last_revision_date": "2022-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-200",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-uccsmi-prvesc-BQHGe4cm du 02 mars 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-dos-JLh9TxBp du 02 mars 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-expressway-filewrite-87Q5YRk du 02 mars 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk"
}
]
}
CERTFR-2021-AVI-761
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Intersight Virtual Appliance versions antérieures à 1.0.9-302 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 12.5.x antérieures à 12.5.2-007 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions antérieures à 2.6 Patch10 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.7 antérieures à 2.7 Patch5 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 12.0.x antérieures à 12.0.3-005 | ||
| Cisco | Small Business | Cisco Small Business 220 Series Smart Switches versions antérieures à 1.2.1.2 | ||
| Cisco | N/A | ATA 190 Analog Telephone Adapter (produit en fin de vie) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 3.x antérieures à 3.1 | ||
| Cisco | N/A | ATA 192 Multiplatform Analog Telephone Adapter versions antérieures à 11.2.1 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 14.0.x antérieures à 14.0.1-014 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Linux et Mac OS versions antérieures à 4.10.03104 | ||
| Cisco | N/A | ATA 191 Multiplatform Analog Telephone Adapter versions antérieures à 11.2.1 | ||
| Cisco | N/A | ATA 191 Analog Telephone Adapter versions antérieures à 12.0(1)SR4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Intersight Virtual Appliance versions ant\u00e9rieures \u00e0 1.0.9-302",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 12.5.x ant\u00e9rieures \u00e0 12.5.2-007",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 2.6 Patch10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.7 ant\u00e9rieures \u00e0 2.7 Patch5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 12.0.x ant\u00e9rieures \u00e0 12.0.3-005",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 220 Series Smart Switches versions ant\u00e9rieures \u00e0 1.2.1.2",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 190 Analog Telephone Adapter (produit en fin de vie)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 3.x ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 192 Multiplatform Analog Telephone Adapter versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 14.0.x ant\u00e9rieures \u00e0 14.0.1-014",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Linux et Mac OS versions ant\u00e9rieures \u00e0 4.10.03104",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 191 Multiplatform Analog Telephone Adapter versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 191 Analog Telephone Adapter versions ant\u00e9rieures \u00e0 12.0(1)SR4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34788"
},
{
"name": "CVE-2021-34779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34779"
},
{
"name": "CVE-2021-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1594"
},
{
"name": "CVE-2021-34775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34775"
},
{
"name": "CVE-2021-34777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34777"
},
{
"name": "CVE-2021-34780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34780"
},
{
"name": "CVE-2021-34735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34735"
},
{
"name": "CVE-2021-34698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34698"
},
{
"name": "CVE-2021-34710",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34710"
},
{
"name": "CVE-2021-34748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34748"
},
{
"name": "CVE-2021-34776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34776"
},
{
"name": "CVE-2021-34778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34778"
}
],
"initial_release_date": "2021-10-07T00:00:00",
"last_revision_date": "2021-10-07T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-761",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wsa-dos-fmHdKswk du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-priv-esc-UwqPrBM3 du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ata19x-multivuln-A4J57F3 du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucsi2-command-inject-CGyC8y2R du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-lib-hija-cAFB7x4q du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb220-lldp-multivuls-mVRUtQ8T du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
}
CERTFR-2020-AVI-622
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Caméras IP Cisco Vidéo Surveillance 8000 micrologiciel versions antérieures à 1.0.9-5 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine 2.4.x versions antérieures à 2.4 patch 13 | ||
| Cisco | N/A | Cisco Webex Teams pour Windows versions antérieures à 3.0.16269.0 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine 2.6.x versions antérieures à 2.6 patch 7 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine 2.3 toutes versions | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine 2.5 toutes versions | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine 2.7.x versions antérieures à 2.7 patch |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cam\u00e9ras IP Cisco Vid\u00e9o Surveillance 8000 micrologiciel versions ant\u00e9rieures \u00e0 1.0.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine 2.4.x versions ant\u00e9rieures \u00e0 2.4 patch 13",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Webex Teams pour Windows versions ant\u00e9rieures \u00e0 3.0.16269.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine 2.6.x versions ant\u00e9rieures \u00e0 2.6 patch 7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine 2.3 toutes versions",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine 2.5 toutes versions",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine 2.7.x versions ant\u00e9rieures \u00e0 2.7 patch",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3535",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3535"
},
{
"name": "CVE-2020-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3544"
},
{
"name": "CVE-2020-3467",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3467"
}
],
"initial_release_date": "2020-10-08T00:00:00",
"last_revision_date": "2020-10-08T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-auth-bypass-uJWqLTZM du 07 octobre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-uJWqLTZM"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-teams-dll-drsnH5AN du 07 octobre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-dll-drsnH5AN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cdp-rcedos-mAHR8vNx du 07 octobre 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx"
}
]
}
CERTFR-2019-AVI-034
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco FND versions antérieures à 4.1.2-19 | ||
| Cisco | N/A | Cisco Webex Teams versions antérieures à 3.0.10260 | ||
| Cisco | N/A | Microgiciels des routeurs RV320 et RV325 Dual Gigabit WAN VPN versions antérieures à 1.4.2.20 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions antérieures à 2.2.0 Patch 10 | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à WBS32.15.33 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 2.2.1 antérieures à 2.2.1 Patch 1 | ||
| Cisco | N/A | Cisco FND versions 4.2.0 et 4.3.0 antérieures à 4.3.0-133 | ||
| Cisco | N/A | Cisco SD-WAN Solution versions antérieures à 18.4.0 | ||
| Cisco | N/A | Webex Network Recording Player versions antérieures à 2.8MR3 SecurityPatch1 ou 3.0MR2 SecurityPatch2 | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à WBS33.6.1 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 2.3 antérieures à 2.3 Patch 5 | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à 1.3.40 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 2.5 antérieures à 2.4 Patch 2 | ||
| Cisco | N/A | Cisco Firepower version 6.30 sans le correctif de sécurité Hotfix B |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco FND versions ant\u00e9rieures \u00e0 4.1.2-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Webex Teams versions ant\u00e9rieures \u00e0 3.0.10260",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Microgiciels des routeurs RV320 et RV325 Dual Gigabit WAN VPN versions ant\u00e9rieures \u00e0 1.4.2.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 2.2.0 Patch 10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS32.15.33",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 2.2.1 ant\u00e9rieures \u00e0 2.2.1 Patch 1",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FND versions 4.2.0 et 4.3.0 ant\u00e9rieures \u00e0 4.3.0-133",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player versions ant\u00e9rieures \u00e0 2.8MR3 SecurityPatch1 ou 3.0MR2 SecurityPatch2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS33.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 2.3 ant\u00e9rieures \u00e0 2.3 Patch 5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 1.3.40",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 2.5 ant\u00e9rieures \u00e0 2.4 Patch 2",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower version 6.30 sans le correctif de s\u00e9curit\u00e9 Hotfix B",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1653",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1653"
},
{
"name": "CVE-2019-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1640"
},
{
"name": "CVE-2019-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1651"
},
{
"name": "CVE-2019-1636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1636"
},
{
"name": "CVE-2019-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1648"
},
{
"name": "CVE-2018-15459",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15459"
},
{
"name": "CVE-2019-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1647"
},
{
"name": "CVE-2019-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1644"
},
{
"name": "CVE-2019-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1641"
},
{
"name": "CVE-2019-1637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1637"
},
{
"name": "CVE-2019-1639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1639"
},
{
"name": "CVE-2019-1638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1638"
},
{
"name": "CVE-2019-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1650"
},
{
"name": "CVE-2019-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1652"
},
{
"name": "CVE-2019-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1646"
},
{
"name": "CVE-2019-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1669"
}
],
"initial_release_date": "2019-01-24T00:00:00",
"last_revision_date": "2019-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-034",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-ise-privilege du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-webex-teams du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-sdwan-unaccess du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-sdwan-sol-escal du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-firepowertds-bypass du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-sdwan-file-write du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-iot-fnd-dos du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-sdwan-bo du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-webex-rce du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-sdwan-escal du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-rv-inject du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190123-rv-info du 23 janvier 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info"
}
]
}
CERTFR-2018-AVI-454
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco Identity Services Engine. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.4 antérieures à la version 1.1.4.218-7 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.2 antérieures à la version 1.1.2.145-10 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.2 antérieures à la version 1.2.0.899-2 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.1 antérieures à la version 1.1.1.268-7 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.0 et 1.1.0 antérieures à la version 1.1.0.665-5 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.3 antérieures à la version 1.1.3.124-7 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Identity Services Engine versions 1.1.4 ant\u00e9rieures \u00e0 la version 1.1.4.218-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.2 ant\u00e9rieures \u00e0 la version 1.1.2.145-10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.2 ant\u00e9rieures \u00e0 la version 1.2.0.899-2",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.1 ant\u00e9rieures \u00e0 la version 1.1.1.268-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.0 et 1.1.0 ant\u00e9rieures \u00e0 la version 1.1.0.665-5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.3 ant\u00e9rieures \u00e0 la version 1.1.3.124-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6323",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6323"
},
{
"name": "CVE-2013-5530",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5530"
},
{
"name": "CVE-2013-5531",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5531"
}
],
"initial_release_date": "2018-09-25T00:00:00",
"last_revision_date": "2018-09-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20131023-ise du 24 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20160113-ise du 24 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
}
],
"reference": "CERTFR-2018-AVI-454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Identity\nServices Engine. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Identity Services Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise du 24 septembre 2018",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-ise du 24 septembre 2018",
"url": null
}
]
}
CERTFR-2018-AVI-240
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.0.0.x antérieures à 2.0.0.306-Patch6 | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions 3.7.1, 3.6.3 et antérieures lorsque l'accès au serveur Secure Copy Protocol (SCP) est autorisé. | ||
| Cisco | N/A | Cisco IoT Field Network Director (ou Connected Grid Network Management System) versions antérieures à 4.1.1-6 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.1.x antérieures à 2.1.0 Patch7 | ||
| Cisco | N/A | Cisco Meeting Server versions 2.0, 2.1, 2.2, et 2.3 sans le dernier correctif de sécurité | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.0.1.x antérieures à 2.0.1.130-Patch5 | ||
| Cisco | N/A | Cisco DNA Center versions antérieures à 1.1.3 | ||
| Cisco | N/A | Cisco IoT Field Network Director versions 4.2.x antérieures à 4.2.0-123 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions antérieures à 1.4.0. 253-Patch12 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.2.x antérieures à 2.2.0.470-Patch5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Identity Services Engine versions 2.0.0.x ant\u00e9rieures \u00e0 2.0.0.306-Patch6",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions 3.7.1, 3.6.3 et ant\u00e9rieures lorsque l\u0027acc\u00e8s au serveur Secure Copy Protocol (SCP) est autoris\u00e9.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IoT Field Network Director (ou Connected Grid Network Management System) versions ant\u00e9rieures \u00e0 4.1.1-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.1.x ant\u00e9rieures \u00e0 2.1.0 Patch7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server versions 2.0, 2.1, 2.2, et 2.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.0.1.x ant\u00e9rieures \u00e0 2.0.1.130-Patch5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IoT Field Network Director versions 4.2.x ant\u00e9rieures \u00e0 4.2.0-123",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 1.4.0. 253-Patch12",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.2.x ant\u00e9rieures \u00e0 2.2.0.470-Patch5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0270"
},
{
"name": "CVE-2018-0268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0268"
},
{
"name": "CVE-2018-0277",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0277"
},
{
"name": "CVE-2018-0279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0279"
},
{
"name": "CVE-2018-0271",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0271"
},
{
"name": "CVE-2018-0280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0280"
},
{
"name": "CVE-2018-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0222"
}
],
"initial_release_date": "2018-05-17T00:00:00",
"last_revision_date": "2018-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-240",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-fnd du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-dna du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-dna2 du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dna2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-iseeap du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-msms du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-msms"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-dnac du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180516-nfvis du 16 mai 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis"
}
]
}
CERTFR-2017-AVI-389
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Points d'accès Cisco 1560, 2800 et 3800 versions 8.5.x antérieures à 8.5.105.0 | ||
| Cisco | N/A | Firepower 4100 et 9300 Series Security Appliances FX-OS Code Trains versions 2.0.x antérieures à 2.0.1.135 | ||
| Cisco | N/A | Points d'accès Cisco 1560, 2800 et 3800 versions 8.4.x antérieures à 8.4.100.0 | ||
| Cisco | N/A | Firepower 4100 et 9300 Series Security Appliances FX-OS Code Trains versions antérieures à 1.1.4.175 | ||
| Cisco | N/A | Contrôleur de réseau sans fil Cisco versions 8.3.x antérieures à 8.3.132.0 | ||
| Cisco | N/A | Contrôleur de réseau sans fil Cisco versions 8.1.x et 8.2.x antérieures à 8.2.164.0 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.0.1 et 2.1.0 antérieures à 2.1 patch 5 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 2.2.0 antérieure à 2.2.0 patch 2 | ||
| Cisco | N/A | Points d'accès Cisco 1560, 2800 et 3800 versions 8.1.x et 8.2.x antérieures à 8.2.164.0 | ||
| Cisco | N/A | Cisco APIC-EM versions antérieures à 1.5 | ||
| Cisco | N/A | Points d'accès Cisco 1560, 2800 et 3800 versions antérieures à 8.0.152.0 | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning Software versions antérieures à 12.3 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 2.0 antérieure à 2.0 patch 6 | ||
| Cisco | N/A | Points d'accès Cisco 1560, 2800 et 3800 versions 8.3.x antérieures à 8.3.132.0 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions antérieures à 1.4 patch 12 | ||
| Cisco | N/A | Contrôleur de réseau sans fil Cisco versions 8.4.x antérieures à 8.4.100.0 | ||
| Cisco | N/A | Contrôleur de réseau sans fil Cisco versions antérieures à 8.0.152.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Points d\u0027acc\u00e8s Cisco 1560, 2800 et 3800 versions 8.5.x ant\u00e9rieures \u00e0 8.5.105.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 et 9300 Series Security Appliances FX-OS Code Trains versions 2.0.x ant\u00e9rieures \u00e0 2.0.1.135",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Points d\u0027acc\u00e8s Cisco 1560, 2800 et 3800 versions 8.4.x ant\u00e9rieures \u00e0 8.4.100.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 et 9300 Series Security Appliances FX-OS Code Trains versions ant\u00e9rieures \u00e0 1.1.4.175",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur de r\u00e9seau sans fil Cisco versions 8.3.x ant\u00e9rieures \u00e0 8.3.132.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur de r\u00e9seau sans fil Cisco versions 8.1.x et 8.2.x ant\u00e9rieures \u00e0 8.2.164.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.0.1 et 2.1.0 ant\u00e9rieures \u00e0 2.1 patch 5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 2.2.0 ant\u00e9rieure \u00e0 2.2.0 patch 2",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Points d\u0027acc\u00e8s Cisco 1560, 2800 et 3800 versions 8.1.x et 8.2.x ant\u00e9rieures \u00e0 8.2.164.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Points d\u0027acc\u00e8s Cisco 1560, 2800 et 3800 versions ant\u00e9rieures \u00e0 8.0.152.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning Software versions ant\u00e9rieures \u00e0 12.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 2.0 ant\u00e9rieure \u00e0 2.0 patch 6",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Points d\u0027acc\u00e8s Cisco 1560, 2800 et 3800 versions 8.3.x ant\u00e9rieures \u00e0 8.3.132.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 1.4 patch 12",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur de r\u00e9seau sans fil Cisco versions 8.4.x ant\u00e9rieures \u00e0 8.4.100.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur de r\u00e9seau sans fil Cisco versions ant\u00e9rieures \u00e0 8.0.152.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12277",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12277"
},
{
"name": "CVE-2017-12273",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12273"
},
{
"name": "CVE-2017-12261",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12261"
},
{
"name": "CVE-2017-12274",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12274"
},
{
"name": "CVE-2017-12262",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12262"
},
{
"name": "CVE-2017-12276",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12276"
},
{
"name": "CVE-2017-12278",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12278"
},
{
"name": "CVE-2017-12275",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12275"
}
],
"initial_release_date": "2017-11-02T00:00:00",
"last_revision_date": "2017-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-389",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-wlc2 du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-aironet2 du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-cpcp du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-ise du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-wlc1 du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-apicem du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-aironet1 du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171101-fpwr du 01 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr"
}
]
}
CERTFR-2017-AVI-160
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco UCS C-Series Rack Servers | ||
| Cisco | N/A | Cisco Remote Expert Manager | ||
| Cisco | N/A | Commutateurs Ethernet Cisco Industrial séries 1000 | ||
| Cisco | N/A | Cisco Policy Suite versions antérieures à 11.1.0, 12.0.0 et 12.1.0 | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning versions antérieures à 12.1 | ||
| Cisco | N/A | Cisco TelePresence IX5000 Series versions antérieures à 8.2.1 | ||
| Cisco | N/A | Cisco FirePOWER System | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) | ||
| Cisco | N/A | Commutateurs Cisco Nexus séries 5000 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager | ||
| Cisco | IP Phone | Cisco IP Phone 8851 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco UCS C-Series Rack Servers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Remote Expert Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Ethernet Cisco Industrial s\u00e9ries 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions ant\u00e9rieures \u00e0 11.1.0, 12.0.0 et 12.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence IX5000 Series versions ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 5000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8851",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6632",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6632"
},
{
"name": "CVE-2017-6650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6650"
},
{
"name": "CVE-2017-6645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6645"
},
{
"name": "CVE-2017-6623",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6623"
},
{
"name": "CVE-2017-6642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6642"
},
{
"name": "CVE-2017-6652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6652"
},
{
"name": "CVE-2017-6647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6647"
},
{
"name": "CVE-2017-6621",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6621"
},
{
"name": "CVE-2017-6636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6636"
},
{
"name": "CVE-2017-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6637"
},
{
"name": "CVE-2017-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6622"
},
{
"name": "CVE-2017-6635",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6635"
},
{
"name": "CVE-2017-6630",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6630"
},
{
"name": "CVE-2017-6654",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6654"
},
{
"name": "CVE-2017-6646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6646"
},
{
"name": "CVE-2017-6649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6649"
},
{
"name": "CVE-2017-6653",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6653"
},
{
"name": "CVE-2017-6641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6641"
},
{
"name": "CVE-2017-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6644"
},
{
"name": "CVE-2017-6633",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6633"
},
{
"name": "CVE-2017-6634",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6634"
},
{
"name": "CVE-2017-6643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6643"
}
],
"initial_release_date": "2017-05-18T00:00:00",
"last_revision_date": "2017-05-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6"
}
],
"reference": "CERTFR-2017-AVI-160",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": null
}
]
}
CERTFR-2016-AVI-284
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de sécurité | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.0.3 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 6.0.0 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco APIC-EM versions antérieures à 1.2 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x antérieures à 5.4.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Aironet 1800, 2800, et 3800 AP platforms versions antérieures à 8.2.110.0, 8.2.121.0 ou 8.3.102.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 11.5 sans le dernier correctif de sécurité | ||
| Cisco | IP Phone | Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x antérieures à 5.4.0.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.1.2 | ||
| Cisco | N/A | Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800, 2800, et 3800 AP platforms versions ant\u00e9rieures \u00e0 8.2.110.0, 8.2.121.0 ou 8.3.102.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 11.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1458",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1458"
},
{
"name": "CVE-2016-6361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6361"
},
{
"name": "CVE-2016-1457",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1457"
},
{
"name": "CVE-2016-6363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6363"
},
{
"name": "CVE-2016-6362",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6362"
},
{
"name": "CVE-2016-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1485"
},
{
"name": "CVE-2016-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1479"
},
{
"name": "CVE-2016-6365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6365"
},
{
"name": "CVE-2016-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1365"
},
{
"name": "CVE-2016-6364",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6364"
},
{
"name": "CVE-2016-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1484"
}
],
"initial_release_date": "2016-08-18T00:00:00",
"last_revision_date": "2016-08-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1"
}
],
"reference": "CERTFR-2016-AVI-284",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-08-18T00:00:00.000000"
},
{
"description": "changement \u0027Cisco APIC-EM version 1.0 sans le dernier correctif de s\u00e9curit\u00e9\u0027 \u00e0 \u0027Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2\u0027 dans syst\u00e8mes affect\u00e9s",
"revision_date": "2016-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": null
}
]
}
CERTFR-2016-AVI-177
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco ASA versions 9.3x antérieures à 9.3(3.8) | ||
| Cisco | N/A | Cisco ASA versions antérieures à 9.1(7.6) | ||
| Cisco | N/A | Cisco ASA versions 9.5x antérieures à 9.5(2.6) | ||
| Cisco | IOS | Commutateurs Cisco Industrial Ethernet séries 4000 exécutant Cisco IOS versions antérieures à 15.2(2)EA3 et 15.2(4)EA1 | ||
| Cisco | N/A | Cisco ASA versions 9.2x antérieures à 9.2(4.8) | ||
| Cisco | N/A | Cisco Cloud Network Automation Provisioner versions 1.0 et 1.1 | ||
| Cisco | N/A | Cisco ASA versions 9.4x antérieures à 9.4(2.6) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions antérieures à 1.2.0.899 patch 7 | ||
| Cisco | IOS | Commutateurs Cisco Industrial Ethernet séries 5000 exécutant Cisco IOS versions antérieures à 15.2(2)EB2 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS X8.x versions antérieures à X8.7.2 | ||
| Cisco | N/A | Cisco Unified Computing System (UCS) Central Software version 1.4(1a) | ||
| Cisco | N/A | Cisco AsyncOS versions antérieures à 9.0.1-162 pour Cisco WSA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco ASA versions 9.3x ant\u00e9rieures \u00e0 9.3(3.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions ant\u00e9rieures \u00e0 9.1(7.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.5x ant\u00e9rieures \u00e0 9.5(2.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Industrial Ethernet s\u00e9ries 4000 ex\u00e9cutant Cisco IOS versions ant\u00e9rieures \u00e0 15.2(2)EA3 et 15.2(4)EA1",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.2x ant\u00e9rieures \u00e0 9.2(4.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Network Automation Provisioner versions 1.0 et 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.4x ant\u00e9rieures \u00e0 9.4(2.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 1.2.0.899 patch 7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Industrial Ethernet s\u00e9ries 5000 ex\u00e9cutant Cisco IOS versions ant\u00e9rieures \u00e0 15.2(2)EB2",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS X8.x versions ant\u00e9rieures \u00e0 X8.7.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Computing System (UCS) Central Software version 1.4(1a)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions ant\u00e9rieures \u00e0 9.0.1-162 pour Cisco WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1402",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1402"
},
{
"name": "CVE-2016-1393",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1393"
},
{
"name": "CVE-2016-1381",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1381"
},
{
"name": "CVE-2016-1400",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1400"
},
{
"name": "CVE-2016-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1382"
},
{
"name": "CVE-2016-1399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1399"
},
{
"name": "CVE-2016-1383",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1383"
},
{
"name": "CVE-2016-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1379"
},
{
"name": "CVE-2016-1401",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1401"
},
{
"name": "CVE-2016-1385",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1385"
},
{
"name": "CVE-2016-1380",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1380"
}
],
"initial_release_date": "2016-05-19T00:00:00",
"last_revision_date": "2016-05-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-ucs du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160513-ies du 13 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-asa-xml du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa2 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160510-cnap du 10 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa4 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-asa-vpn du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa1 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa3 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-ise du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160516-vcs du 16 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs"
}
],
"reference": "CERTFR-2016-AVI-177",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160510-cnap du 10 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa4 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa2 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-asa-vpn du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160513-ies du 13 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-ise du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160516-vcs du 16 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa1 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-asa-xml du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa3 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-ucs du 17 mai 2016",
"url": null
}
]
}
CERTFR-2014-AVI-307
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Media Experience Engine (MXE) 3500 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 3000 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Enterprise (Cisco Unified CCE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-1870",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1870"
}
],
"initial_release_date": "2014-07-10T00:00:00",
"last_revision_date": "2014-07-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140709-struts2 du 09 juillet 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"
}
],
"reference": "CERTFR-2014-AVI-307",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140709-struts2 du 09 juillet 2014",
"url": null
}
]
}
CERTA-2013-AVI-606
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Media Experience Engine (MXE) 3500 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 3000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified SIP Proxy (CUSP)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2251"
}
],
"initial_release_date": "2013-10-24T00:00:00",
"last_revision_date": "2013-10-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-struts2 du 23 octobre 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2"
}
],
"reference": "CERTA-2013-AVI-606",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-struts2 du 23 octobre 2013",
"url": null
}
]
}