Refine your search
26 vulnerabilities found for NX-OS by Cisco
CERTFR-2024-AVI-1043
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco NX-OS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des produits affect\u00e9s par la vuln\u00e9rabilit\u00e9 CVE-2024-20397 (cf. section Documentation).",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20397"
}
],
"initial_release_date": "2024-12-05T00:00:00",
"last_revision_date": "2024-12-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1043",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco NX-OS. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": "2024-12-04",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-image-sig-bypas-pQDRQvjL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL"
}
]
}
CERTFR-2024-AVI-0174
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco NX-OS. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Nexus 9500 R-Series Line Cards versions 9.3 antérieures à 9.3(12) | ||
| Cisco | NX-OS | Nexus 9500 R-Series Line Cards versions 10.2 antérieures à 10.2(6) | ||
| Cisco | NX-OS | Nexus 9500 R-Series Line Cards versions 10.3 antérieures à 10.3(4a) | ||
| Cisco | NX-OS | Nexus 3000, 3600, 9000 Series versions 9.3 antérieures à 9.3(12) | ||
| Cisco | NX-OS | Nexus 3600 Series versions 10.2 antérieures à 10.2(6) | ||
| Cisco | NX-OS | Nexus 3600, 9000 Series versions 10.3 antérieures à 10.3(4a) |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nexus 9500 R-Series Line Cards versions 9.3 ant\u00e9rieures \u00e0 9.3(12)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9500 R-Series Line Cards versions 10.2 ant\u00e9rieures \u00e0 10.2(6)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9500 R-Series Line Cards versions 10.3 ant\u00e9rieures \u00e0 10.3(4a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000, 3600, 9000 Series versions 9.3 ant\u00e9rieures \u00e0 9.3(12)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3600 Series versions 10.2 ant\u00e9rieures \u00e0 10.2(6)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3600, 9000 Series versions 10.3 ant\u00e9rieures \u00e0 10.3(4a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20321"
},
{
"name": "CVE-2024-20267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20267"
}
],
"initial_release_date": "2024-02-29T00:00:00",
"last_revision_date": "2024-02-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0174",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco NX-OS. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ipv6-mpls-dos-R9ycXkwM du 28 f\u00e9vrier 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM#fs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-ebgp-dos-L3QCwVJ du 28 f\u00e9vrier 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ"
}
]
}
CERTFR-2022-AVI-769
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco ACI MSO versions antérieures à 3.1(1n) | ||
| Cisco | NX-OS | Cisco NX-OS Software versions antérieures à 9.3(9) sans le correctif de sécurité nxos.CSCwb70210-n9k_ALL-1.0.0-9.3.9.lib32_n9000.rpm | ||
| Cisco | NX-OS | Cisco NX-OS Software versions antérieures à 8.2(8) sans les correctifs de sécurité n7000-s2-dk9.8.2.8.CSCwc36631.bin et n7700-s2-dk9.8.2.8.CSCwc36631.bin |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco ACI MSO versions ant\u00e9rieures \u00e0 3.1(1n)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS Software versions ant\u00e9rieures \u00e0 9.3(9) sans le correctif de s\u00e9curit\u00e9 nxos.CSCwb70210-n9k_ALL-1.0.0-9.3.9.lib32_n9000.rpm",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS Software versions ant\u00e9rieures \u00e0 8.2(8) sans les correctifs de s\u00e9curit\u00e9 n7000-s2-dk9.8.2.8.CSCwc36631.bin et n7700-s2-dk9.8.2.8.CSCwc36631.bin",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20824"
},
{
"name": "CVE-2022-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20921"
},
{
"name": "CVE-2022-20823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20823"
}
],
"initial_release_date": "2022-08-25T00:00:00",
"last_revision_date": "2022-08-25T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-769",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mso-prvesc-BPFp9cZs du 24 ao\u00fbt 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-cdp-dos-ce-wWvPucC9 du 24 ao\u00fbt 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-ospfv3-dos-48qutcu du 24 ao\u00fbt 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu"
}
]
}
CERTFR-2022-AVI-183
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco NX-OS et Nexus. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco NX-OS version 7.0(3)I7(10) sans les correctifs nxos.CSCvy95696-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm, nxos.CSCvz80191-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm et nxos.CSCvx75912-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm | ||
| Cisco | NX-OS | Cisco UCS versions 4.2 antérieures à 4.2(1l) | ||
| Cisco | NX-OS | Cisco UCS versions 4.x antérieures à 4.1(3h) | ||
| Cisco | NX-OS | Cisco NX-OS version 9.3(8) sans les correctifs CSCvy95696-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm, nxos.CSCvz80191-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm et nxos.CSCvx75912-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NX-OS version 7.0(3)I7(10) sans les correctifs nxos.CSCvy95696-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm, nxos.CSCvz80191-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm et nxos.CSCvx75912-n9k_ALL-1.0.0-7.0.3.I7.10.lib32_n9000.rpm",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions 4.2 ant\u00e9rieures \u00e0 4.2(1l)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions 4.x ant\u00e9rieures \u00e0 4.1(3h)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS version 9.3(8) sans les correctifs CSCvy95696-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm, nxos.CSCvz80191-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm et nxos.CSCvx75912-n9k_ALL-1.0.0-9.3.8.lib32_n9000.rpm",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20623"
},
{
"name": "CVE-2022-20650",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20650"
},
{
"name": "CVE-2022-20624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20624"
}
],
"initial_release_date": "2022-02-24T00:00:00",
"last_revision_date": "2022-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-183",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco NX-OS et\nNexus. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco NX-OS et Nexus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 du 23 f\u00e9vrier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cfsoip-dos-tpykyDr du 23 f\u00e9vrier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-bfd-dos-wGQXrzxn du 23 f\u00e9vrier 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn"
}
]
}
CERTFR-2021-AVI-658
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco Nexus 9000 Series Switches in standalone NX-OS mode sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Nexus 3000 Series Switches sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 4.x antérieures à 4.2(7l) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) versions 4.x antérieures à 4.2(7l) | ||
| Cisco | N/A | Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 5.0, 5.1 et 5.2 antérieures à 5.2(2f) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) versions 3.x antérieures à 3.2(10f) | ||
| Cisco | N/A | Cisco Nexus 7000 Series Switches sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Nexus 9000 Series Fabric Switches en mode ACI sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 3.x antérieures à 3.2(10f) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) versions 5.0, 5.1 et 5.2 antérieures à 5.2(2f) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Nexus 9000 Series Switches in standalone NX-OS mode sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000 Series Switches sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 4.x ant\u00e9rieures \u00e0 4.2(7l)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) versions 4.x ant\u00e9rieures \u00e0 4.2(7l)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 5.0, 5.1 et 5.2 ant\u00e9rieures \u00e0 5.2(2f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) versions 3.x ant\u00e9rieures \u00e0 3.2(10f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 7000 Series Switches sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series Fabric Switches en mode ACI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) versions 3.x ant\u00e9rieures \u00e0 3.2(10f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) versions 5.0, 5.1 et 5.2 ant\u00e9rieures \u00e0 5.2(2f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1588"
},
{
"name": "CVE-2021-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1579"
},
{
"name": "CVE-2021-1578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1578"
},
{
"name": "CVE-2021-1586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1586"
},
{
"name": "CVE-2021-1587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1587"
},
{
"name": "CVE-2021-1523",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1523"
},
{
"name": "CVE-2021-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1577"
}
],
"initial_release_date": "2021-08-26T00:00:00",
"last_revision_date": "2021-08-26T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-ngoam-dos-LTDb9Hv du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-mpls-oam-dos-sGO9x5GM du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-n9kaci-queue-wedge-cLDDEfKF du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-n9kaci-tcp-dos-YXukt6gM du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capic-frw-Nt3RYxR2 du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capic-chvul-CKfGYBh8 du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-capic-pesc-pkmGK4J du 25 ao\u00fbt 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J"
}
]
}
CERTFR-2021-AVI-108
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
L'éditeur indique les dates de mises à disposition des versions corrigeant cette vulnérabilité dans son bulletin de sécurité, il est donc nécessaire de surveiller leurs publications pour chaque produit affecté (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco Nexus 9000 Series Switches in standalone NX-OS mode | ||
| Cisco | N/A | Cisco Ultra Cloud | ||
| Cisco | N/A | Cisco Nexus 3000 Series Switches | ||
| Cisco | N/A | Cisco Prime Service Catalog Virtual Appliance | ||
| Cisco | N/A | Cisco Smart Net Total Care - On-Premises | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager On-Prem | ||
| Cisco | N/A | Cisco Elastic Services Controller (ESC) | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning | ||
| Cisco | N/A | Cisco Common Services Platform Collector | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Paging Server (InformaCast) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Nexus 9000 Series Switches in standalone NX-OS mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Ultra Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Service Catalog Virtual Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Net Total Care - On-Premises",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager On-Prem",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Elastic Services Controller (ESC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Common Services Platform Collector",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Paging Server (InformaCast)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nL\u0027\u00e9diteur indique les dates de mises \u00e0 disposition des versions\ncorrigeant cette vuln\u00e9rabilit\u00e9 dans son bulletin de s\u00e9curit\u00e9, il est\ndonc n\u00e9cessaire de surveiller leurs publications pour chaque produit\naffect\u00e9 (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
}
],
"initial_release_date": "2021-02-11T00:00:00",
"last_revision_date": "2021-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-108",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet\n\u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sudo-privesc-jan2021-qnYQfcM du 29 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
}
]
}
CERTFR-2020-AVI-340
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco IOx sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco séries CGR1000 sans le dernier correctif de sécurité | ||
| Cisco | NX-OS | Cisco NX-OS sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS XE | Cisco IOS et IOS XE sans le dernier correctif de sécurité (voir le site du constructeur pour la liste des produits vulnérables) | ||
| Cisco | IOS | Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de sécurité | ||
| Cisco | IOS XR | Cisco IOS XR versions 5.2 et 5.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOx sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco s\u00e9ries CGR1000 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE sans le dernier correctif de s\u00e9curit\u00e9 (voir le site du constructeur pour la liste des produits vuln\u00e9rables)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS pour routeurs Cisco 809 et 829 (Industrial ISRs) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 5.2 et 5.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3211"
},
{
"name": "CVE-2020-3257",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3257"
},
{
"name": "CVE-2020-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3212"
},
{
"name": "CVE-2020-3205",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3205"
},
{
"name": "CVE-2020-3218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3218"
},
{
"name": "CVE-2020-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3200"
},
{
"name": "CVE-2020-3234",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3234"
},
{
"name": "CVE-2020-3229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3229"
},
{
"name": "CVE-2020-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3217"
},
{
"name": "CVE-2020-3208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3208"
},
{
"name": "CVE-2020-3235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3235"
},
{
"name": "CVE-2020-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3219"
},
{
"name": "CVE-2020-3230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3230"
},
{
"name": "CVE-2020-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3209"
},
{
"name": "CVE-2020-3258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3258"
},
{
"name": "CVE-2020-3199",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3199"
},
{
"name": "CVE-2020-3227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3227"
},
{
"name": "CVE-2020-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3203"
},
{
"name": "CVE-2020-3210",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3210"
},
{
"name": "CVE-2020-3198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3198"
},
{
"name": "CVE-2020-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3225"
},
{
"name": "CVE-2020-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3224"
},
{
"name": "CVE-2020-3238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3238"
},
{
"name": "CVE-2020-3221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3221"
}
],
"initial_release_date": "2020-06-04T00:00:00",
"last_revision_date": "2020-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-04T00:00:00.000000"
},
{
"description": "Correction de la date de certains avis.",
"revision_date": "2020-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-digsig-bypass-FYQ3bmVq du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-vds-cred-uPMp9zbY du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-fnfv9-dos-HND6Fc9u du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sip-Cv28sQw2 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-cmdinj-zM283Zdw du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ioxPE-KgGvCAf9 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj2-fOnjk2LD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-caf-3dXM8exv du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-snmp-dos-USxSyTk5 du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ngwc-cmdinj-KEwWVWR du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-rce-uk8BXcUD du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cipdos-hkfTZXEx du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj4-S2TmH7GA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webui-PZgQxjfG du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewlc-dos-TkuPVmZN du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-web-cmdinj3-44st5CcA du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-gos-vuln-s9qS8kYL du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ssh-dos-Un22sd2A du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-9p23Jj2a du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-iot-rce-xYRSeMNH du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ios-ir800-img-verif-wHhLYHjK du 03 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK"
}
]
}
CERTFR-2020-AVI-330
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco NX-OS. Elle permet à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco UCS versions 4.0.x antérieures à 4.0(4i) (disponible courant juin 2020) | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.3(6)D1(1) sur les commutateurs Cisco Nexus séries 7000 | ||
| Cisco | NX-OS | Cisco UCS versions 4.1.x antérieures à 4.1(1d) (disponible courant juin 2020) | ||
| Cisco | NX-OS | Cisco UCS versions antérieures à 3.2(3o) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco UCS versions 4.0.x ant\u00e9rieures \u00e0 4.0(4i) (disponible courant juin 2020)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.3(6)D1(1) sur les commutateurs Cisco Nexus s\u00e9ries 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions 4.1.x ant\u00e9rieures \u00e0 4.1(1d) (disponible courant juin 2020)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions ant\u00e9rieures \u00e0 3.2(3o)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-10136",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10136"
}
],
"initial_release_date": "2020-06-02T00:00:00",
"last_revision_date": "2020-06-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-330",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco NX-OS. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nxos-ipip-dos-kCT9X4 du 01 juin 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
}
]
}
CERTFR-2020-AVI-118
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco NX-OS, voir le site de l'éditeur pour les versions affectées (cf. section Documentation) | ||
| Cisco | N/A | Cisco ASA versions antérieures à 9.9.2.66 pour Firepower séries 1000 et 2100 (disponible en mars 2020) | ||
| Cisco | N/A | Cisco UCS versions 4.x antérieures à 4.0(4g) pour UCS séries 6200, 6300 et 6400 Fabric Interconnects | ||
| Cisco | N/A | Cisco FXOS versions 2.7.x antérieures à 2.7.1.106 pour Firepower séries 4100 et 9300 | ||
| Cisco | N/A | Cisco UCS versions antérieures à 3.2(3n) pour UCS séries 6200, 6300 et 6400 Fabric Interconnects | ||
| Cisco | N/A | Cisco ASA versions 9.13.x antérieures à 9.13.1.5 pour Firepower séries 1000 et 2100 | ||
| Cisco | N/A | Cisco ASA versions 9.10.x et 9.12.x antérieures à 9.12.3.6 pour Firepower séries 1000 et 2100 | ||
| Cisco | N/A | Cisco FTD versions 6.5.x antérieures à 6.5.0.2 pour Firepower séries 1000 et 2100 | ||
| Cisco | N/A | Cisco FXOS versions antérieures à 2.6.1.187 pour Firepower séries 4100 et 9300 | ||
| Cisco | N/A | Cisco FTD versions antérieures à 6.2.3.16 pour Firepower séries 1000 et 2100 (disponible en avril 2020) | ||
| Cisco | N/A | Cisco FTD versions 6.3.x et 6.4.x antérieures à 6.4.0.8 pour Firepower séries 1000 et 2100 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NX-OS, voir le site de l\u0027\u00e9diteur pour les versions affect\u00e9es (cf. section Documentation)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions ant\u00e9rieures \u00e0 9.9.2.66 pour Firepower s\u00e9ries 1000 et 2100 (disponible en mars 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions 4.x ant\u00e9rieures \u00e0 4.0(4g) pour UCS s\u00e9ries 6200, 6300 et 6400 Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.7.x ant\u00e9rieures \u00e0 2.7.1.106 pour Firepower s\u00e9ries 4100 et 9300",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS versions ant\u00e9rieures \u00e0 3.2(3n) pour UCS s\u00e9ries 6200, 6300 et 6400 Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.13.x ant\u00e9rieures \u00e0 9.13.1.5 pour Firepower s\u00e9ries 1000 et 2100",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.10.x et 9.12.x ant\u00e9rieures \u00e0 9.12.3.6 pour Firepower s\u00e9ries 1000 et 2100",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FTD versions 6.5.x ant\u00e9rieures \u00e0 6.5.0.2 pour Firepower s\u00e9ries 1000 et 2100",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions ant\u00e9rieures \u00e0 2.6.1.187 pour Firepower s\u00e9ries 4100 et 9300",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FTD versions ant\u00e9rieures \u00e0 6.2.3.16 pour Firepower s\u00e9ries 1000 et 2100 (disponible en avril 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FTD versions 6.3.x et 6.4.x ant\u00e9rieures \u00e0 6.4.0.8 pour Firepower s\u00e9ries 1000 et 2100",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3172",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3172"
},
{
"name": "CVE-2020-3175",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3175"
},
{
"name": "CVE-2020-3168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3168"
},
{
"name": "CVE-2020-3167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3167"
},
{
"name": "CVE-2020-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3171"
},
{
"name": "CVE-2020-3173",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3173"
}
],
"initial_release_date": "2020-02-27T00:00:00",
"last_revision_date": "2020-02-27T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-118",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-ucs-cli-cmdinj du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-fxos-ucs-cli-cmdinj du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-mds-ovrld-dos du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-fxos-nxos-cdp du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-fxos-ucs-cmdinj du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200226-nexus-1000v-dos du 26 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos"
}
]
}
CERTFR-2020-AVI-073
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | IP Conference Phone 8832 versions antérieures à 12.7(1) | ||
| Cisco | N/A | IP Conference Phone 7832 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | N/A | Cisco FXOS, IOS XR, et NX-OS (se référer au bulletin de sécurité de l'éditeur cisco-sa-20200205-fxnxos-iosxr-cdp-dos, cf. section Documentation) | ||
| Cisco | N/A | Unified IP Conference Phone 8831 for Third-Party Call Control | ||
| Cisco | IP Phone | IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones versions antérieures à 12.7(1) | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)I7(8) (disponible en février 2020) | ||
| Cisco | IP Phone | IP Phone 6821, 6841, 6851, 6861 et 6871 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IOS XR | Cisco IOS XR versions 7.0.x antérieures à 7.0.2 (disponible en mars 2020) | ||
| Cisco | N/A | IP Conference Phone 7832 versions antérieures à 12.7(1) | ||
| Cisco | IP Phone | Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR2 | ||
| Cisco | IP Phone | IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IP Phone | IP Phone 7811, 7821, 7841 et 7861 Desktop Phones avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 | ||
| Cisco | IP Phone | IP Phone 7811, 7821, 7841 et 7861 Desktop Phones versions antérieures à 12.7(1) | ||
| Cisco | NX-OS | Cisco NX-OS versions7.0(3)F, 9.2 et 9.3 antérieures à 9.3(2) | ||
| Cisco | IOS XR | Cisco IOS XR versions 5.2.5, 6.4.2, 6.5.3, 6.6.12, 6.6.25 et 7.0.1 sans le dernier correctif de sécurité (se référer au bulletin de sécurité de l'éditeurcisco-sa-20200205-iosxr-cdp-rce, cf. section Documentation) | ||
| Cisco | IOS XR | Cisco IOS XR versions antérieures à 6.6.3 | ||
| Cisco | N/A | Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6 (disponible en mars 2020) | ||
| Cisco | N/A | Cisco Video Surveillance 8000 Series IP Cameras versions antérieures à 1.0.7 | ||
| Cisco | N/A | IP Conference Phone 8832 avec microgiciel multi-plateformes versions antérieures à 11.3(1)SR1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IP Conference Phone 8832 versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 7832 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS, IOS XR, et NX-OS (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur cisco-sa-20200205-fxnxos-iosxr-cdp-dos, cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 for Third-Party Call Control",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I7(8) (disponible en f\u00e9vrier 2020)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 6821, 6841, 6851, 6861 et 6871 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 7.0.x ant\u00e9rieures \u00e0 7.0.2 (disponible en mars 2020)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 7832 versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)SR2",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 8811, 8841, 8851, 8861, 8845 et 8865 Desktop Phones avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7811, 7821, 7841 et 7861 Desktop Phones avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Phone 7811, 7821, 7841 et 7861 Desktop Phones versions ant\u00e9rieures \u00e0 12.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions7.0(3)F, 9.2 et 9.3 ant\u00e9rieures \u00e0 9.3(2)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 5.2.5, 6.4.2, 6.5.3, 6.6.12, 6.6.25 et 7.0.1 sans le dernier correctif de s\u00e9curit\u00e9 (se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteurcisco-sa-20200205-iosxr-cdp-rce, cf. section Documentation)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions ant\u00e9rieures \u00e0 6.6.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 versions ant\u00e9rieures \u00e0 10.3(1)SR6 (disponible en mars 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance 8000 Series IP Cameras versions ant\u00e9rieures \u00e0 1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IP Conference Phone 8832 avec microgiciel multi-plateformes versions ant\u00e9rieures \u00e0 11.3(1)SR1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3111"
},
{
"name": "CVE-2020-3119",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3119"
},
{
"name": "CVE-2020-3110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3110"
},
{
"name": "CVE-2020-3118",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3118"
},
{
"name": "CVE-2020-3120",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3120"
}
],
"initial_release_date": "2020-02-06T00:00:00",
"last_revision_date": "2020-02-06T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-073",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-nxos-cdp-rce du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-nxos-cdp-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-voip-phones-rce-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-iosxr-cdp-rce du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-ipcameras-rce-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-ipcameras-rce-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200205-fxnxos-iosxr-cdp-dos du 05 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
}
]
}
CERTFR-2019-AVI-414
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Integrated Services Virtual Router | ||
| Cisco | NX-OS | Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 9500 R-Series Switches et Nexus 9000 Series Switches en mode Standalone NX-OS versions antérieures à 9.2(3) | ||
| Cisco | N/A | Nexus 7000 et 7700 Series Switches dans les branches 8.0, 8.1 et 8.2 aux versions antérieures à 8.2(3) | ||
| Cisco | N/A | Nexus 9000 Series Fabric Switches en mode ACI Mode dans la branche 14.1 aux versions antérieures à 14.1(1i) | ||
| Cisco | N/A | Firepower 4100 Series et Firepower 9300 Security dans la branche 2.4 aux versions antérieures à 2.4.1.222 | ||
| Cisco | N/A | UCS 6200, 6300 et 6400 Series Fabric Interconnects dans toutes les versions | ||
| Cisco | N/A | Nexus 7000 et 7700 Series Switches dans les branches 7.x aux versions antérieures à 7.3(4)D1(1) | ||
| Cisco | N/A | Cisco 4000 Series Integrated Services Routers | ||
| Cisco | N/A | MDS 9000 Series versions antérieures à 6.2(29) (Version prévue pour septembre 2019) | ||
| Cisco | N/A | Nexus 7000 et 7700 Series Switches dans la branche 8.3 aux versions antérieures à 8.4(1) | ||
| Cisco | N/A | Nexus 5500 et 5600 Platform Switches et Nexus 6000 Series Switches, versions antérieures à 7.1(5)N1(1b), ou, pour la branche 7.3, aux versions antérieures à 7.3(5)N1(1) | ||
| Cisco | N/A | Nexus 7000 et 7700 Series Switches versions antérieures à 6.2(22) | ||
| Cisco | N/A | MDS 9000 Series dans les branches 7.3 à 8.4 aux versions antérieures à 8.4(1) | ||
| Cisco | N/A | Firepower 4100 Series et Firepower 9300 Security dans la branche 2.3 aux versions antérieures à 2.3.1.130 | ||
| Cisco | N/A | Nexus 1000V Switch for Microsoft Hyper-V versions antérieures à 5.2(1)SV3(4.1a) | ||
| Cisco | N/A | Cisco Cloud Services Router 1000V Series | ||
| Cisco | N/A | Nexus 9000 Series Fabric Switches en mode ACI Mode aux versions antérieures à 13.2(7k) | ||
| Cisco | N/A | Firepower 4100 Series et Firepower 9300 Security versions antérieures à 2.2.2.91 | ||
| Cisco | N/A | Nexus 9000 Series Fabric Switches en mode ACI Mode dans la branche 14.0 aux versions antérieures à 14.0(2c) | ||
| Cisco | N/A | Cisco ASR 1000 Series Aggregation Services Routers | ||
| Cisco | N/A | Nexus 1000 Virtual Edge for VMware vSphere, versions antérieures à 5.2(1)SV5(1.2) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Integrated Services Virtual Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 9500 R-Series Switches et Nexus 9000 Series Switches en mode Standalone NX-OS versions ant\u00e9rieures \u00e0 9.2(3)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 et 7700 Series Switches dans les branches 8.0, 8.1 et 8.2 aux versions ant\u00e9rieures \u00e0 8.2(3)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Fabric Switches en mode ACI Mode dans la branche 14.1 aux versions ant\u00e9rieures \u00e0 14.1(1i)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series et Firepower 9300 Security dans la branche 2.4 aux versions ant\u00e9rieures \u00e0 2.4.1.222",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6200, 6300 et 6400 Series Fabric Interconnects dans toutes les versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 et 7700 Series Switches dans les branches 7.x aux versions ant\u00e9rieures \u00e0 7.3(4)D1(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 4000 Series Integrated Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MDS 9000 Series versions ant\u00e9rieures \u00e0 6.2(29) (Version pr\u00e9vue pour septembre 2019)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 et 7700 Series Switches dans la branche 8.3 aux versions ant\u00e9rieures \u00e0 8.4(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5500 et 5600 Platform Switches et Nexus 6000 Series Switches, versions ant\u00e9rieures \u00e0 7.1(5)N1(1b), ou, pour la branche 7.3, aux versions ant\u00e9rieures \u00e0 7.3(5)N1(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 et 7700 Series Switches versions ant\u00e9rieures \u00e0 6.2(22)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MDS 9000 Series dans les branches 7.3 \u00e0 8.4 aux versions ant\u00e9rieures \u00e0 8.4(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series et Firepower 9300 Security dans la branche 2.3 aux versions ant\u00e9rieures \u00e0 2.3.1.130",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1000V Switch for Microsoft Hyper-V versions ant\u00e9rieures \u00e0 5.2(1)SV3(4.1a)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Fabric Switches en mode ACI Mode aux versions ant\u00e9rieures \u00e0 13.2(7k)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series et Firepower 9300 Security versions ant\u00e9rieures \u00e0 2.2.2.91",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Fabric Switches en mode ACI Mode dans la branche 14.0 aux versions ant\u00e9rieures \u00e0 14.0(2c)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASR 1000 Series Aggregation Services Routers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1000 Virtual Edge for VMware vSphere, versions ant\u00e9rieures \u00e0 5.2(1)SV5(1.2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1964"
},
{
"name": "CVE-2019-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1962"
},
{
"name": "CVE-2019-12643",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12643"
},
{
"name": "CVE-2019-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1965"
},
{
"name": "CVE-2019-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1966"
},
{
"name": "CVE-2019-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1963"
}
],
"initial_release_date": "2019-08-29T00:00:00",
"last_revision_date": "2019-08-29T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-414",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur NX-OS Software IPv6 du 28 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur IOS XE Software du 29 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur UCS du 28 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur NX-OS Software Cisco Fabric Services over IP du 28 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur FX et NX-OS Software du 28 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco sur NX-OS Software Remote Management du 28 ao\u00fbt 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos"
}
]
}
CERTFR-2019-AVI-228
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.2(10) sur Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 14.1(x) antérieures à 14.1(1i) sur Nexus 9000 Series Fabric Switches Mode ACI | ||
| Cisco | N/A | Webex Network Recording Player versions antérieures à Version 2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2 ou 4.0 sur Cisco Webex Meetings Server | ||
| Cisco | Small Business | Small Business Sx250, Sx350, Sx550 Series Switches versions antérieures à 2.5.0.78 | ||
| Cisco | N/A | Cisco PI Software versions antérieures à 3.4.1, 3.5 et 3.6 | ||
| Cisco | N/A | Cisco FXOS versions 2.4.x antérieures à 2.4.1.222 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | IOS XR | Cisco IOS XR versions antérieures à 5.3.3 Service Pack 11 | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.6.x antérieures à 6.6.12 | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0.x antérieures à 7.0(3)I7(2) sur Nexus 3500 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0(3).x antérieures à 7.0(3)F3(1) sur Nexus 9500 R-Series Switching Platform | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.4.x antérieures à 6.4.2 | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 14.0(2c) sur Nexus 9000 Series Fabric Switches Mode ACI | ||
| Cisco | Small Business | Small Business Sx200, Sx300, Sx500 et ESW2 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco FXOS versions antérieures à 2.2.2.91 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.2(11) sur MDS 9000 Series Multilayer Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.1(5)N1(1b) sur Nexus 5500, 5600 et 6000 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0(3)I7(x) antérieures à 7.0(3)I7(2) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode | ||
| Cisco | N/A | Cisco FXOS versions 2.6.x antérieures à 2.6.1.131 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.3.x antérieures à 6.3.3 | ||
| Cisco | N/A | EPN Manager versions antérieures à 3.0.1 | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SM3(2.1) sur Nexus 1000V Switch for Microsoft Hyper-V | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.3.x antérieures à 7.3(4)N1(1a) sur Nexus 5500, 5600 et 6000 Series Switches | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à Version 1.3.42 sur Cisco Webex Meetings Online | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.1.x, 6.2.x et 6.5.x antérieures à 6.5.3 | ||
| Cisco | N/A | Cisco Video Surveillance Manager versions antérieures à 7.12.1 | ||
| Cisco | NX-OS | Cisco NX-OS versions 8.0.x antérieures à 8.1(1) sur Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.0(2)A8(4) sur Nexus 3500 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 8.1(x) antérieures à 8.1(1) sur MDS 9000 Series Multilayer Switches | ||
| Cisco | N/A | Cisco FXOS versions 2.3.x antérieures à 2.3.1.130 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à WBS39.2.205 sur Cisco Webex Business Suite sites | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)I4(8) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SV3(4.1a) sur Nexus 1000V Switch for VMware vSphere | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.2.x antérieures à 7.2(0)D1(1) sur Nexus 7000 et 7700 Series Switches |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(10) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 14.1(x) ant\u00e9rieures \u00e0 14.1(1i) sur Nexus 9000 Series Fabric Switches Mode ACI",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player versions ant\u00e9rieures \u00e0 Version 2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2 ou 4.0 sur Cisco Webex Meetings Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business Sx250, Sx350, Sx550 Series Switches versions ant\u00e9rieures \u00e0 2.5.0.78",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco PI Software versions ant\u00e9rieures \u00e0 3.4.1, 3.5 et 3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.4.x ant\u00e9rieures \u00e0 2.4.1.222 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions ant\u00e9rieures \u00e0 5.3.3 Service Pack 11",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.6.x ant\u00e9rieures \u00e0 6.6.12",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0.x ant\u00e9rieures \u00e0 7.0(3)I7(2) sur Nexus 3500 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0(3).x ant\u00e9rieures \u00e0 7.0(3)F3(1) sur Nexus 9500 R-Series Switching Platform",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 14.0(2c) sur Nexus 9000 Series Fabric Switches Mode ACI",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business Sx200, Sx300, Sx500 et ESW2 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions ant\u00e9rieures \u00e0 2.2.2.91 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(11) sur MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.1(5)N1(1b) sur Nexus 5500, 5600 et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0(3)I7(x) ant\u00e9rieures \u00e0 7.0(3)I7(2) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.6.x ant\u00e9rieures \u00e0 2.6.1.131 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.3.x ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "EPN Manager versions ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SM3(2.1) sur Nexus 1000V Switch for Microsoft Hyper-V",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.3.x ant\u00e9rieures \u00e0 7.3(4)N1(1a) sur Nexus 5500, 5600 et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 Version 1.3.42 sur Cisco Webex Meetings Online",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.1.x, 6.2.x et 6.5.x ant\u00e9rieures \u00e0 6.5.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Manager versions ant\u00e9rieures \u00e0 7.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 8.0.x ant\u00e9rieures \u00e0 8.1(1) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.0(2)A8(4) sur Nexus 3500 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 8.1(x) ant\u00e9rieures \u00e0 8.1(1) sur MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.3.x ant\u00e9rieures \u00e0 2.3.1.130 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS39.2.205 sur Cisco Webex Business Suite sites",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I4(8) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SV3(4.1a) sur Nexus 1000V Switch for VMware vSphere",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.2.x ant\u00e9rieures \u00e0 7.2(0)D1(1) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1823"
},
{
"name": "CVE-2019-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1717"
},
{
"name": "CVE-2019-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1771"
},
{
"name": "CVE-2019-1821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1821"
},
{
"name": "CVE-2019-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1849"
},
{
"name": "CVE-2019-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1806"
},
{
"name": "CVE-2019-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1772"
},
{
"name": "CVE-2019-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1846"
},
{
"name": "CVE-2019-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1824"
},
{
"name": "CVE-2019-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1825"
},
{
"name": "CVE-2019-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1773"
},
{
"name": "CVE-2019-1822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1822"
},
{
"name": "CVE-2019-1858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1858"
}
],
"initial_release_date": "2019-05-16T00:00:00",
"last_revision_date": "2019-05-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-228",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-nxos-snmp-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-iosxr-evpn-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-sb-snmpdos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-webex-player",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-pi-rce",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-iosxr-mpls-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-mpls-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-cvsm",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-pi-sqlinject",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject"
}
]
}
CERTFR-2019-AVI-092
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco FXOS versions 2.4.x antérieures à 2.4.1.122 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SM3(2.1) pour Nexus 1000V Switch for Microsoft Hyper-V | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.2(x) et 7.3(x) antérieures à 7.3(5)N1(1) pour Nexus 2000, 5500, 5600 et 6000 Series Switches | ||
| Cisco | N/A | Cisco FXOS versions 2.3.x antérieures à 2.3.1.110 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance | ||
| Cisco | NX-OS | Cisco NX-OS versions 4.0(x) antérieures à 4.0(2a) pour UCS 6200 et 6300 Fabric Interconnects | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 3.2(3j) pour UCS 6200 et 6300 Fabric Interconnects | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.0(2)A8(11) pour Nexus 3500 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 5.2(x) et 6.2(x) antérieures à 6.2(27) pour MDS 9000 Series Multilayer Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.x et 8.2(x) antérieures à 8.2(3) pour Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.3(x) et 8.x antérieures à 8.3(2) pour MDS 9000 Series Multilayer Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 8.3(x) antérieures à 8.3(2) pour Nexus 7000 et 7700 Series Switches | ||
| Cisco | N/A | Nexus 9500 R-Series Line Cards and Fabric Modules avec un BIOS d'une version antérieure à 8.34 | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.1(5)N1(1b) pour Nexus 2000, 5500, 5600, et 6000 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)I7(6) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches et Nexus 3500 Platform Switches, | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 14.0(3d) pour Nexus 9000 Series Fabric Switches in ACI Mode | ||
| Cisco | N/A | Nexus 3000 Series Switches avec un BIOS d'une version antérieure à 7.63 ou 8.34 (voir le site du constructeur pour plus de détails) | ||
| Cisco | NX-OS | Cisco NX-OS versions 9.2(x) antérieures à 9.2(2) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.2(22) pour Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SV3(4.1a) pour Nexus 1000V Switch for VMware vSphere | ||
| Cisco | N/A | Nexus 9000 Series Switches avec un BIOS d'une version antérieure à 7.63 ou 8.34 (voir le site du constructeur pour plus de détails) | ||
| Cisco | N/A | Cisco FXOS versions antérieures à 2.2.2.91 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)F3(5) pour Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco FXOS versions 2.4.x ant\u00e9rieures \u00e0 2.4.1.122 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SM3(2.1) pour Nexus 1000V Switch for Microsoft Hyper-V",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.2(x) et 7.3(x) ant\u00e9rieures \u00e0 7.3(5)N1(1) pour Nexus 2000, 5500, 5600 et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.3.x ant\u00e9rieures \u00e0 2.3.1.110 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 4.0(x) ant\u00e9rieures \u00e0 4.0(2a) pour UCS 6200 et 6300 Fabric Interconnects",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 3.2(3j) pour UCS 6200 et 6300 Fabric Interconnects",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.0(2)A8(11) pour Nexus 3500 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 5.2(x) et 6.2(x) ant\u00e9rieures \u00e0 6.2(27) pour MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.x et 8.2(x) ant\u00e9rieures \u00e0 8.2(3) pour Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.3(x) et 8.x ant\u00e9rieures \u00e0 8.3(2) pour MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 8.3(x) ant\u00e9rieures \u00e0 8.3(2) pour Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9500 R-Series Line Cards and Fabric Modules avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 8.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.1(5)N1(1b) pour Nexus 2000, 5500, 5600, et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I7(6) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches et Nexus 3500 Platform Switches,",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 14.0(3d) pour Nexus 9000 Series Fabric Switches in ACI Mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000 Series Switches avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 7.63 ou 8.34 (voir le site du constructeur pour plus de d\u00e9tails)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 9.2(x) ant\u00e9rieures \u00e0 9.2(2) pour Nexus 9000 Series Switches in Standalone NX-OS Mode, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(22) pour Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SV3(4.1a) pour Nexus 1000V Switch for VMware vSphere",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Switches avec un BIOS d\u0027une version ant\u00e9rieure \u00e0 7.63 ou 8.34 (voir le site du constructeur pour plus de d\u00e9tails)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions ant\u00e9rieures \u00e0 2.2.2.91 pour Firepower 4100 Series Next-Generation Firewalls et Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)F3(5) pour Nexus 9500 R-Series Line Cards and Fabric Modules et Nexus 3600 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1607"
},
{
"name": "CVE-2019-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1597"
},
{
"name": "CVE-2019-1593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1593"
},
{
"name": "CVE-2019-1599",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1599"
},
{
"name": "CVE-2019-1617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1617"
},
{
"name": "CVE-2019-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1605"
},
{
"name": "CVE-2019-1616",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1616"
},
{
"name": "CVE-2019-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1594"
},
{
"name": "CVE-2019-1591",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1591"
},
{
"name": "CVE-2019-1604",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1604"
},
{
"name": "CVE-2019-1603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1603"
},
{
"name": "CVE-2019-1611",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1611"
},
{
"name": "CVE-2019-1601",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1601"
},
{
"name": "CVE-2019-1606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1606"
},
{
"name": "CVE-2019-1602",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1602"
},
{
"name": "CVE-2019-1614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1614"
},
{
"name": "CVE-2019-1596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1596"
},
{
"name": "CVE-2019-1598",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1598"
},
{
"name": "CVE-2019-1618",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1618"
},
{
"name": "CVE-2019-1613",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1613"
},
{
"name": "CVE-2019-1612",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1612"
},
{
"name": "CVE-2019-1608",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1608"
},
{
"name": "CVE-2019-1600",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1600"
},
{
"name": "CVE-2019-1609",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1609"
},
{
"name": "CVE-2019-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1615"
},
{
"name": "CVE-2019-1610",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1610"
}
],
"initial_release_date": "2019-03-07T00:00:00",
"last_revision_date": "2019-03-07T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-092",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-privesc du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1610 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1610"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-escalation du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-escalation"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-tetra-ace du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-tetra-ace"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-sig-verif du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-sig-verif"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-lan-auth du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-lan-auth"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1611 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1608 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1608"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-npv-dos du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-npv-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1609 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1609"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1607 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-file-access du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1612 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-NXAPI-cmdinj du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-api-ex du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-api-ex"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1613 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-fabric-dos du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-fabric-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-directory du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-directory"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nx-os-bash-escal du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nx-os-bash-escal"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxosldap du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxosldap"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-netstack du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-netstack"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-cmdinj-1606 du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-cmdinj-1606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-aci-shell-escape du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-aci-shell-escape"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-pe du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-pe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190306-nxos-privesca du 06 mars 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-privesca"
}
]
}
CERTFR-2018-AVI-502
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | UCS séries 6100, 6200 et 6300 avec NX-OS UCS versions 4.0.x antérieures à 4.0(1a) | ||
| Cisco | N/A | Cisco WLC versions 8.4.x et 8.5.x antérieures à 8.5.110.0 | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions antérieures à 8.2.170.0 | ||
| Cisco | N/A | Cisco WLC versions antérieures à 8.3.140.0 | ||
| Cisco | NX-OS | Commutateurs Nexus série 3000 avec NX-OS versions antérieures à 6.0(2)U1(2) | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.6.x et 8.7.x antérieures à 8.7.106.0 | ||
| Cisco | N/A | Pare-feux Firepower séries 4100 et 9300 avec FXOS versions antérieures à 2.3.1.58 | ||
| Cisco | N/A | Nexus 3600 Platform Switches and 9500 R-Series Line Cards and Fabric Modules version 7.0(3) sans le correctif de sécurité 7.0(3)F3(4) | ||
| Cisco | NX-OS | UCS séries 6100, 6200 et 6300 avec NX-OS UCS versions 3.1.x antérieures à 3.1(3j) | ||
| Cisco | NX-OS | Commutateurs Nexus séries 7000 et 7700 avec NX-OS versions 5.2.x antérieures à 5.2(9) | ||
| Cisco | NX-OS | Commutateurs MDS série 9000 avec NX-OS versions antérieures à 6.2(1) | ||
| Cisco | N/A | Cisco Wireless LAN Controller versions 8.4.x et 8.5.x antérieures à 8.5.135.0 | ||
| Cisco | NX-OS | Commutateurs Nexus séries 2000, 5500, 5600 et 6000 avec NX-OS versions antérieures à 7.0(0)N1(1) | ||
| Cisco | NX-OS | Commutateurs Nexus 3500 avec NX-OS versions antérieures à 6.0(2)A1(1b) | ||
| Cisco | NX-OS | Commutateurs Nexus séries 3000 et 9000 en mode Standalone NX-OS version 7.0(3)I7 sans le correctif de sécurité 7.0(3)I7(4) | ||
| Cisco | NX-OS | Commutateurs Nexus séries 5500, 5600 et 6000 avec NX-OS versions antérieures à 7.3(3)N1(1) | ||
| Cisco | NX-OS | UCS séries 6100, 6200 et 6300 avec NX-OS UCS versions 3.2.x antérieures à 3.2(3g) | ||
| Cisco | NX-OS | Commutateurs Nexus séries 7000 et 7700 avec NX-OS versions 6.1.x antérieures à 6.1(3) | ||
| Cisco | NX-OS | Commutateurs Nexus séries 9000 en mode ACI avec NX-OS versions antérieures à 13.2(2l) / 3.2(2l) | ||
| Cisco | NX-OS | UCS séries 6100, 6200 et 6300 avec NX-OS UCS versions antérieures à 2.2(8l) | ||
| Cisco | IOS | Cisco AP IOS versions antérieures à 15.3(3)JD13 ou 15.3(3)JF4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "UCS s\u00e9ries 6100, 6200 et 6300 avec NX-OS UCS versions 4.0.x ant\u00e9rieures \u00e0 4.0(1a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.4.x et 8.5.x ant\u00e9rieures \u00e0 8.5.110.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions ant\u00e9rieures \u00e0 8.2.170.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions ant\u00e9rieures \u00e0 8.3.140.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9rie 3000 avec NX-OS versions ant\u00e9rieures \u00e0 6.0(2)U1(2)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions 8.6.x et 8.7.x ant\u00e9rieures \u00e0 8.7.106.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Pare-feux Firepower s\u00e9ries 4100 et 9300 avec FXOS versions ant\u00e9rieures \u00e0 2.3.1.58",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3600 Platform Switches and 9500 R-Series Line Cards and Fabric Modules version 7.0(3) sans le correctif de s\u00e9curit\u00e9 7.0(3)F3(4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS s\u00e9ries 6100, 6200 et 6300 avec NX-OS UCS versions 3.1.x ant\u00e9rieures \u00e0 3.1(3j)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 7000 et 7700 avec NX-OS versions 5.2.x ant\u00e9rieures \u00e0 5.2(9)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs MDS s\u00e9rie 9000 avec NX-OS versions ant\u00e9rieures \u00e0 6.2(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless LAN Controller versions 8.4.x et 8.5.x ant\u00e9rieures \u00e0 8.5.135.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 2000, 5500, 5600 et 6000 avec NX-OS versions ant\u00e9rieures \u00e0 7.0(0)N1(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus 3500 avec NX-OS versions ant\u00e9rieures \u00e0 6.0(2)A1(1b)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 3000 et 9000 en mode Standalone NX-OS version 7.0(3)I7 sans le correctif de s\u00e9curit\u00e9 7.0(3)I7(4)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 5500, 5600 et 6000 avec NX-OS versions ant\u00e9rieures \u00e0 7.3(3)N1(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS s\u00e9ries 6100, 6200 et 6300 avec NX-OS UCS versions 3.2.x ant\u00e9rieures \u00e0 3.2(3g)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 7000 et 7700 avec NX-OS versions 6.1.x ant\u00e9rieures \u00e0 6.1(3)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Nexus s\u00e9ries 9000 en mode ACI avec NX-OS versions ant\u00e9rieures \u00e0 13.2(2l) / 3.2(2l)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS s\u00e9ries 6100, 6200 et 6300 avec NX-OS UCS versions ant\u00e9rieures \u00e0 2.2(8l)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AP IOS versions ant\u00e9rieures \u00e0 15.3(3)JD13 ou 15.3(3)JF4",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0395"
},
{
"name": "CVE-2018-0378",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0378"
},
{
"name": "CVE-2018-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0417"
},
{
"name": "CVE-2018-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0443"
},
{
"name": "CVE-2018-0441",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0441"
},
{
"name": "CVE-2018-0442",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0442"
},
{
"name": "CVE-2018-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0456"
}
],
"initial_release_date": "2018-10-18T00:00:00",
"last_revision_date": "2018-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-502",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-nxos-snmp du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-ap-ft-dos du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-ap-ft-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-fxnx-os-dos du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-nexus-ptp-dos du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-wlc-capwap-dos du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-wlc-gui-privesc du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181017-wlc-capwap-memory-leak du 17 octobre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak"
}
]
}
CERTFR-2018-AVI-298
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Nexus 9000 Series Switches en mode NX-OS autonome | ||
| Cisco | N/A | Nexus 4000 Series Switch | ||
| Cisco | N/A | Nexus 5500 Platform Switches | ||
| Cisco | N/A | Nexus 3600 Platform Switches | ||
| Cisco | N/A | Firepower 9300 Security Appliance | ||
| Cisco | N/A | UCS 6200 Series Fabric Interconnects | ||
| Cisco | N/A | Firepower 2100 Series | ||
| Cisco | N/A | Nexus 6000 Series Switches | ||
| Cisco | N/A | Nexus 7000 Series Switches | ||
| Cisco | N/A | Nexus 9000 Series Fabric Switches en mode Application Centric Infrastructure (ACI | ||
| Cisco | N/A | Nexus 1100 Series Cloud Services Platforms | ||
| Cisco | N/A | Nexus 7700 Series Switches | ||
| Cisco | N/A | UCS 6300 Series Fabric Interconnects | ||
| Cisco | N/A | Nexus 3500 Platform Switches | ||
| Cisco | N/A | Nexus 5600 Platform Switches | ||
| Cisco | N/A | Nexus 1000V Series Switches | ||
| Cisco | N/A | UCS 6100 Series Fabric Interconnects | ||
| Cisco | N/A | MDS 9000 Series Multilayer Switches | ||
| Cisco | NX-OS | Nexus 9000 Series Switches en mode NX-OS | ||
| Cisco | N/A | Nexus 9500 R-Series Line Cards et modules Fabric | ||
| Cisco | N/A | Firepower 4100 Series Next-Generation Firewalls | ||
| Cisco | N/A | MDS 9000 Series Multilayer Director Switches | ||
| Cisco | N/A | Nexus 3000 Series Switches | ||
| Cisco | N/A | Firepower 4100 Series Next-Generation Firewall | ||
| Cisco | N/A | Nexus 4000 Series Switches | ||
| Cisco | N/A | Nexus 2000 Series Switches | ||
| Cisco | N/A | Nexus 2000 Series Fabric Extenders |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nexus 9000 Series Switches en mode NX-OS autonome",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 4000 Series Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3600 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6200 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 2100 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 6000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Fabric Switches en mode Application Centric Infrastructure (ACI",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1100 Series Cloud Services Platforms",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7700 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6300 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5600 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1000V Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6100 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MDS 9000 Series Multilayer Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Switches en mode NX-OS",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9500 R-Series Line Cards et modules Fabric",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series Next-Generation Firewalls",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MDS 9000 Series Multilayer Director Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series Next-Generation Firewall",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 4000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 2000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 2000 Series Fabric Extenders",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0292"
},
{
"name": "CVE-2018-0310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0310"
},
{
"name": "CVE-2018-0314",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0314"
},
{
"name": "CVE-2018-0295",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0295"
},
{
"name": "CVE-2018-0313",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0313"
},
{
"name": "CVE-2018-0331",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0331"
},
{
"name": "CVE-2018-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0293"
},
{
"name": "CVE-2018-0312",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0312"
},
{
"name": "CVE-2018-0301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0301"
},
{
"name": "CVE-2018-0294",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0294"
},
{
"name": "CVE-2018-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0291"
},
{
"name": "CVE-2018-0300",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0300"
},
{
"name": "CVE-2018-0307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0307"
},
{
"name": "CVE-2018-0311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0311"
},
{
"name": "CVE-2018-0302",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0302"
},
{
"name": "CVE-2018-0299",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0299"
},
{
"name": "CVE-2018-0309",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0309"
},
{
"name": "CVE-2018-0303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0303"
},
{
"name": "CVE-2018-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0330"
},
{
"name": "CVE-2018-0308",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0308"
},
{
"name": "CVE-2018-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0305"
},
{
"name": "CVE-2018-0298",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0298"
},
{
"name": "CVE-2018-0304",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0304"
},
{
"name": "CVE-2018-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0306"
}
],
"initial_release_date": "2018-06-21T00:00:00",
"last_revision_date": "2018-06-21T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fxos-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxosbgp du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fxos-ace du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxos-nxapi du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nx-os-fabric-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-n3k-n9k-clisnmp du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n3k-n9k-clisnmp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fx-os-fabric-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-n4k-snmp-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n4k-snmp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nx-os-fabric-services-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nx-os-api-execution du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-execution"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fxnxos-dos du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nx-os-cli-injection du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fxnxos-ace du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxosrbac du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxos-cdp du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fxnxos-fab-ace du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nx-os-cli-execution du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-execution"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxosigmp du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxosadmin du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fx-os-cli-execution du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxossnmp du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-firepwr-pt du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepwr-pt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-nxos-bo du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180620-fx-os-fabric-execution du 20 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution"
}
]
}
CERTFR-2017-AVI-372
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Nexus 9500 R-Series Line Cards et Fabric Modules | ||
| Cisco | N/A | Nexus 5500 Platform Switches | ||
| Cisco | N/A | Firepower 9300 Security Appliance | ||
| Cisco | N/A | UCS 6200 Series Fabric Interconnects | ||
| Cisco | N/A | Nexus 6000 Series Switches | ||
| Cisco | N/A | Nexus 7000 Series Switches | ||
| Cisco | N/A | Nexus 1100 Series Cloud Services Platforms | ||
| Cisco | Small Business | Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou antérieure | ||
| Cisco | N/A | Nexus 7700 Series Switches | ||
| Cisco | N/A | UCS 6300 Series Fabric Interconnects | ||
| Cisco | N/A | Nexus 3500 Platform Switches | ||
| Cisco | N/A | Nexus 5600 Platform Switches | ||
| Cisco | N/A | Nexus 1000V Series Switches | ||
| Cisco | N/A | Multilayer Director Switches | ||
| Cisco | N/A | Unified Computing System (UCS) 6100 Series Fabric Interconnects | ||
| Cisco | NX-OS | Nexus 9000 Series Switches en mode NX-OS | ||
| Cisco | N/A | Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2 | ||
| Cisco | N/A | Nexus 5000 Series Switches | ||
| Cisco | N/A | Nexus 3000 Series Switches | ||
| Cisco | N/A | Firepower 4100 Series Next-Generation Firewall | ||
| Cisco | N/A | Nexus 2000 Series Switches |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nexus 9500 R-Series Line Cards et Fabric Modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6200 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 6000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1100 Series Cloud Services Platforms",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou ant\u00e9rieure",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7700 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6300 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5600 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1000V Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Multilayer Director Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Computing System (UCS) 6100 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Switches en mode NX-OS",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series Next-Generation Firewall",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 2000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12259"
},
{
"name": "CVE-2017-12260",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12260"
},
{
"name": "CVE-2017-12251",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12251"
},
{
"name": "CVE-2017-3883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3883"
}
],
"initial_release_date": "2017-10-19T00:00:00",
"last_revision_date": "2017-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-ccs du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip1 du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-aaavty du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
}
]
}
CERTFR-2016-AVI-107
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | Produits Cisco exécutant Cisco IOS ou IOS XE, voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | IOS | Produits Cisco exécutant Cisco IOS avec WAAS Express configuré sur une ou plusieurs interfaces sans fil, voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | N/A | Produits Cisco exécutant Cisco IOS, IOS XE ou Cisco Unified Communications Manager Software, configurés pour traiter les messages SIP , voir sur le site du constructeur pour vérifier si votre système est vulnérable (lien fourni dans la rubrique Documentation) | ||
| Cisco | IOS XR | Routeurs Cisco Network Convergence System séries 6000 exécutant Cisco IOS XR | ||
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 7000 et 7700 avec un module Gigabit Ethernet série M1 exécutant Cisco NX-OS avec LISP configuré | ||
| Cisco | IOS | Commutateurs Cisco Catalyst séries 6500 et 6800 exécutant Cisco IOS avec LISP configuré |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS ou IOS XE, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS avec WAAS Express configur\u00e9 sur une ou plusieurs interfaces sans fil, voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Produits Cisco ex\u00e9cutant Cisco IOS, IOS XE ou Cisco Unified Communications Manager Software, configur\u00e9s pour traiter les messages SIP , voir sur le site du constructeur pour v\u00e9rifier si votre syst\u00e8me est vuln\u00e9rable (lien fourni dans la rubrique Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs Cisco Network Convergence System s\u00e9ries 6000 ex\u00e9cutant Cisco IOS XR",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 7000 et 7700 avec un module Gigabit Ethernet s\u00e9rie M1 ex\u00e9cutant Cisco NX-OS avec LISP configur\u00e9",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Catalyst s\u00e9ries 6500 et 6800 ex\u00e9cutant Cisco IOS avec LISP configur\u00e9",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1344"
},
{
"name": "CVE-2016-1366",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1366"
},
{
"name": "CVE-2016-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1350"
},
{
"name": "CVE-2016-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1349"
},
{
"name": "CVE-2016-1348",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1348"
},
{
"name": "CVE-2016-1347",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1347"
},
{
"name": "CVE-2016-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1351"
}
],
"initial_release_date": "2016-03-24T00:00:00",
"last_revision_date": "2016-03-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-sip du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-smi du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-l4f du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-dhcpv6 du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-lisp du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ncs du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ncs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ios-ikev2 du 23 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2"
}
],
"reference": "CERTFR-2016-AVI-107",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-smi du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-dhcpv6 du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ncs du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-ios-ikev2 du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-lisp du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-l4f du 23 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160323-sip du 23 mars 2016",
"url": null
}
]
}
CERTFR-2016-AVI-079
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les commutateurs Cisco Nexus séries 3000 et 3500. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 3500 exécutant Cisco NX-OS versions 6.0(2)A6(x) antérieures à 6.0(2)A6(5a) | ||
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 3500 exécutant Cisco NX-OS versions 6.0(2)A7(x) antérieures à 6.0(2)A7(1a) | ||
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 3000 exécutant Cisco NX-OS versions 6.0(2)U6(x) antérieures à 6.0(2)U6(5a) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 3500 ex\u00e9cutant Cisco NX-OS versions 6.0(2)A6(x) ant\u00e9rieures \u00e0 6.0(2)A6(5a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 3500 ex\u00e9cutant Cisco NX-OS versions 6.0(2)A7(x) ant\u00e9rieures \u00e0 6.0(2)A7(1a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 3000 ex\u00e9cutant Cisco NX-OS versions 6.0(2)U6(x) ant\u00e9rieures \u00e0 6.0(2)U6(5a)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1329",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1329"
}
],
"initial_release_date": "2016-03-03T00:00:00",
"last_revision_date": "2016-03-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160302-n3k du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k"
}
],
"reference": "CERTFR-2016-AVI-079",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles\ncommutateurs Cisco Nexus s\u00e9ries 3000 et 3500\u003c/span\u003e. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco Nexus s\u00e9ries 3000 et 3500",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160302-n3k du 02 mars 2016",
"url": null
}
]
}
CERTFR-2016-AVI-080
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 5500, 5600 et 6000 exécutant les versions de Cisco NX-OS 7.1 antérieures à 7.1(2)N1(1) | ||
| Cisco | N/A | Cisco Prime Infrastructure version 3.0 | ||
| Cisco | N/A | Cisco FireSIGHT System Software version 6.1.0 | ||
| Cisco | N/A | Commutateurs Cisco Nexus séries 1000V, 3000, 4000, 5000, 6000 et 7000 | ||
| Cisco | N/A | Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0 | ||
| Cisco | Unified Communications | Cisco Unified Communications Domain Manager versions 8.x antérieures à 8.1.1 | ||
| Cisco | N/A | Voir le site du constructeur pour la liste des systèmes potentiellement affectés par les vulnérabilités concernant OpenSSL (lien fourni dans la section Documentation) | ||
| Cisco | N/A | Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0) | ||
| Cisco | N/A | Cisco Web Security Appliance (WSA) exécutant les versions d'AsyncOS antérieures à 8.5.3-051 et 9.0.0-485. |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 5500, 5600 et 6000 ex\u00e9cutant les versions de Cisco NX-OS 7.1 ant\u00e9rieures \u00e0 7.1(2)N1(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Infrastructure version 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software version 6.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 1000V, 3000, 4000, 5000, 6000 et 7000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Domain Manager versions 8.x ant\u00e9rieures \u00e0 8.1.1",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Voir le site du constructeur pour la liste des syst\u00e8mes potentiellement affect\u00e9s par les vuln\u00e9rabilit\u00e9s concernant OpenSSL (lien fourni dans la section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Web Security Appliance (WSA) ex\u00e9cutant les versions d\u0027AsyncOS ant\u00e9rieures \u00e0 8.5.3-051 et 9.0.0-485.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2016-1356",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1356"
},
{
"name": "CVE-2016-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1354"
},
{
"name": "CVE-2016-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
},
{
"name": "CVE-2015-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0718"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2016-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
},
{
"name": "CVE-2016-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1353"
},
{
"name": "CVE-2015-6260",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6260"
},
{
"name": "CVE-2016-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1355"
},
{
"name": "CVE-2016-1288",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1288"
},
{
"name": "CVE-2016-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
},
{
"name": "CVE-2016-1359",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1359"
},
{
"name": "CVE-2016-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2016-1357",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1357"
}
],
"initial_release_date": "2016-03-03T00:00:00",
"last_revision_date": "2016-03-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-psc du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi1"
}
],
"reference": "CERTFR-2016-AVI-080",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-psc du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016",
"url": null
}
]
}
CERTFR-2014-AVI-238
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco NX-OS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco Nexus 5000 versions antérieures à 7.0(2)N1(1) | ||
| Cisco | NX-OS | Cisco UCS 6100 versions antérieures à 2.2(1d) | ||
| Cisco | NX-OS | Cisco Nexus 3000 versions antérieures à 6.0(2)U2(4) | ||
| Cisco | NX-OS | Cisco MDS 9000 versions antérieures à 6.2(7) | ||
| Cisco | NX-OS | Cisco CGR 1000 versions antérieures à 15.4(1)CG | ||
| Cisco | NX-OS | Cisco Nexus 5000 versions antérieures à 6.0(2)N2(4) | ||
| Cisco | NX-OS | Cisco Nexus 3000 versions antérieures à 5.0(3)U5(1) | ||
| Cisco | NX-OS | Cisco Nexus 5000 versions antérieures à 5.2(1)N1(7) | ||
| Cisco | NX-OS | Cisco Nexus 4000 versions antérieures à 4.1(2)E1(1l) | ||
| Cisco | NX-OS | Cisco Nexus 7000 versions antérieures à 6.2(8) | ||
| Cisco | NX-OS | Cisco CGR 1000 versions antérieures à CG4(3) | ||
| Cisco | NX-OS | Cisco UCS 6200 versions antérieures à 2.2(1d) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Nexus 5000 versions ant\u00e9rieures \u00e0 7.0(2)N1(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS 6100 versions ant\u00e9rieures \u00e0 2.2(1d)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000 versions ant\u00e9rieures \u00e0 6.0(2)U2(4)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MDS 9000 versions ant\u00e9rieures \u00e0 6.2(7)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CGR 1000 versions ant\u00e9rieures \u00e0 15.4(1)CG",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 5000 versions ant\u00e9rieures \u00e0 6.0(2)N2(4)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000 versions ant\u00e9rieures \u00e0 5.0(3)U5(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 5000 versions ant\u00e9rieures \u00e0 5.2(1)N1(7)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 4000 versions ant\u00e9rieures \u00e0 4.1(2)E1(1l)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 7000 versions ant\u00e9rieures \u00e0 6.2(8)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CGR 1000 versions ant\u00e9rieures \u00e0 CG4(3)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS 6200 versions ant\u00e9rieures \u00e0 2.2(1d)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2201"
},
{
"name": "CVE-2013-1191",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1191"
},
{
"name": "CVE-2014-2200",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2200"
},
{
"name": "CVE-2014-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3261"
}
],
"initial_release_date": "2014-05-22T00:00:00",
"last_revision_date": "2014-05-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140521-nxos du 21 mai 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos"
}
],
"reference": "CERTFR-2014-AVI-238",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco NX-OS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140521-nxos du 21 mai 2014",
"url": null
}
]
}
CERTA-2013-AVI-272
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco NX-OS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco CGR 1000 | ||
| Cisco | NX-OS | Cisco Nexus 3000 | ||
| Cisco | NX-OS | Cisco Nexus 4000 | ||
| Cisco | NX-OS | Cisco Nexus 5500 | ||
| Cisco | NX-OS | Cisco Nexus 7000 | ||
| Cisco | NX-OS | Cisco UCS 6100 | ||
| Cisco | NX-OS | Cisco Nexus 1000v | ||
| Cisco | NX-OS | Cisco UCS 6200 | ||
| Cisco | NX-OS | Cisco MDS 9000 | ||
| Cisco | NX-OS | Cisco Nexus 6000 | ||
| Cisco | NX-OS | Cisco Nexus 5000 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco CGR 1000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 4000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 5500",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS 6100",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 1000v",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS 6200",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MDS 9000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 6000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 5000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1179",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1179"
},
{
"name": "CVE-2013-1180",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1180"
},
{
"name": "CVE-2013-1178",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1178"
},
{
"name": "CVE-2013-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1181"
}
],
"initial_release_date": "2013-04-25T00:00:00",
"last_revision_date": "2013-04-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130424-nxosmulti du 24 avril 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti"
}
],
"reference": "CERTA-2013-AVI-272",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco NX-OS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130424-nxosmulti du 24 avril 2013",
"url": null
}
]
}
CERTA-2013-AVI-102
Vulnerability from certfr_avis
Une vulnérabilité a été identifiée dans Cisco NX-OS. Elle permet à un attaquant de provoquer un déni de service à distance.
Contournement provisoire
Le CERTA conseille de limiter les accès aux équipements concernés au moyen de réseaux privés virtuels (VPN) et pare-feux.
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NX-OS version 5.2 sur Cisco Nexus 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS version 5.0 sur Cisco Nexus 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS version 5.1 sur Cisco Nexus 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS version 4.2 sur Cisco Nexus 7000",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nLe CERTA conseille de limiter les acc\u00e8s aux \u00e9quipements concern\u00e9s au\nmoyen de r\u00e9seaux priv\u00e9s virtuels (VPN) et pare-feux.\n",
"cves": [
{
"name": "CVE-2012-2469",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2469"
}
],
"initial_release_date": "2013-02-07T00:00:00",
"last_revision_date": "2013-02-07T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-102",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans \u003cspan class=\"textit\"\u003eCisco\nNX-OS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco NX-OS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin d\u0027alerte Cisco 26619 du 05 f\u00e9vrier 2013",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=26619"
}
]
}
CERTA-2011-AVI-499
Vulnerability from certfr_avis
Une vulnérabilité dans les commutateurs Cisco Nexus 5000 et 3000 series permet à une personne malintentionnée de contourner la politique de sécurité.
Description
Une vulnérabilité dans les commutateurs Cisco Nexus 5000 et 3000 series permet de contourner le rejet du trafic configuré dans les ACL (Access Control Lists).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Nexus 3000 NX-OS Software versions ant\u00e9rieures \u00e0 la 5.0(3)U1(2a) ou 5.0(3)U2(1).",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 5000 NX-OS Software versions 5.0(2) et 5.0(3) ant\u00e9rieures \u00e0 la version 5.0(3)N2(1) ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco Nexus 5000 et 3000 series\npermet de contourner le rejet du trafic configur\u00e9 dans les ACL (Access\nControl Lists).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2581"
}
],
"initial_release_date": "2011-09-08T00:00:00",
"last_revision_date": "2011-09-08T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110907-nexus du 07 septembre 2011 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110907-nexus.shtml"
}
],
"reference": "CERTA-2011-AVI-499",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco Nexus 5000 et 3000 series\npermet \u00e0 une personne malintentionn\u00e9e de contourner la politique de\ns\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco Nexus 5000 et 3000 series",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110907-nexus du 07 septembre 2011",
"url": null
}
]
}
CERTA-2011-AVI-488
Vulnerability from certfr_avis
Une vulnérabilité dans Cisco NX-OS peut être utilisée pour réaliser un déni de service à distance.
Description
Une vulnérabilitié a été corrigée dans Cisco NX-OS. Cette vulnérabilité affecte le serveur httpd Apache. Elle peut être utilisée à l'aide de requêtes HTTP spécialement conçues (utilisation de l'entête range avec des intervalles se chevauchant) pour provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | TelePresence VCS | Cisco TelePresence Video Communication Server (Cisco TelePresence VCS) ; | ||
| Cisco | N/A | Cisco Quad ; | ||
| Cisco | N/A | CiscoWorks LAN Management Solution. | ||
| Cisco | N/A | Cisco Mobility Services Engine ; | ||
| Cisco | N/A | Cisco Wireless Control System (WCS) ; | ||
| Cisco | N/A | Cisco Wild Area Application Services (WAAS) Software ; | ||
| Cisco | NX-OS | Cisco MDS 9000 NX-OS versions antérieures à la 4.2 ; | ||
| Cisco | N/A | Cisco Video Surveillance Manager (VSM) ; | ||
| Cisco | N/A | Cisco Network Collector ; | ||
| Cisco | N/A | CiscoWorks Common Services ; | ||
| Cisco | N/A | Cisco SAN-OS 3.x ; | ||
| Cisco | NX-OS | Cisco NX-OS Software pour Cisco Nexus 7000 Series Switches versions antérieures à la 5.1 ; | ||
| Cisco | N/A | Cisco Video Surveillance Operations Manager (VSOM) ; | ||
| Cisco | N/A | Tous les systèmes Cisco CTS TelePresence ; | ||
| Cisco | N/A | Management Center for Cisco Security Agent ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco TelePresence Video Communication Server (Cisco TelePresence VCS) ;",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quad ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CiscoWorks LAN Management Solution.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Services Engine ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless Control System (WCS) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wild Area Application Services (WAAS) Software ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MDS 9000 NX-OS versions ant\u00e9rieures \u00e0 la 4.2 ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Manager (VSM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Collector ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CiscoWorks Common Services ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SAN-OS 3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS Software pour Cisco Nexus 7000 Series Switches versions ant\u00e9rieures \u00e0 la 5.1 ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Operations Manager (VSOM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Tous les syst\u00e8mes Cisco CTS TelePresence ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Management Center for Cisco Security Agent ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabiliti\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Cisco NX-OS. Cette vuln\u00e9rabilit\u00e9\naffecte le serveur httpd Apache. Elle peut \u00eatre utilis\u00e9e \u00e0 l\u0027aide de\nrequ\u00eates HTTP sp\u00e9cialement con\u00e7ues (utilisation de l\u0027ent\u00eate range avec\ndes intervalles se chevauchant) pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
}
],
"initial_release_date": "2011-09-01T00:00:00",
"last_revision_date": "2011-09-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110830-apache du 30 ao\u00fbt 2011 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml"
}
],
"reference": "CERTA-2011-AVI-488",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-01T00:00:00.000000"
},
{
"description": "modification du titre et ajout de syst\u00e8mes vuln\u00e9rables.",
"revision_date": "2011-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Cisco NX-OS peut \u00eatre utilis\u00e9e pour r\u00e9aliser un\nd\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20110830-apache",
"url": null
}
]
}
CERTA-2009-AVI-377
Vulnerability from certfr_avis
Plusieurs produits Cisco présentent des vulnérabilités permettant à utilisateur malveillant de provoquer un déni de service à distance.
Description
Plusieurs vulnérabilités des produits Cisco ont été publiées :
- (CVE-2008-4609) les produits listés en section « systèmes affectés » présentent des faiblesses dans le traitement du protocole TCP. Celles-ci permettent à un attaquant de provoquer un déni de service à distance par épuisement des ressources utilisées dans la gestion du protocole TCP ;
- (CVE-2009-0627) les systèmes Cisco NX-OS sur plateforme Cisco Nexus 5000 peuvent s'arrêter de manière inopinée lors de la récéption d'une séquence particulière TCP. Ce défaut est exploitable par un attaquant pour provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS-XE ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CatOS ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "gamme Lynksys.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco PIX ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "gamme Scientific Atlanta ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s des produits Cisco ont \u00e9t\u00e9 publi\u00e9es :\n\n- (CVE-2008-4609) les produits list\u00e9s en section \u00ab syst\u00e8mes affect\u00e9s \u00bb\n pr\u00e9sentent des faiblesses dans le traitement du protocole TCP.\n Celles-ci permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n \u00e0 distance par \u00e9puisement des ressources utilis\u00e9es dans la gestion\n du protocole TCP\u00a0;\n- (CVE-2009-0627) les syst\u00e8mes Cisco NX-OS sur plateforme Cisco Nexus\n 5000 peuvent s\u0027arr\u00eater de mani\u00e8re inopin\u00e9e lors de la r\u00e9c\u00e9ption\n d\u0027une s\u00e9quence particuli\u00e8re TCP. Ce d\u00e9faut est exploitable par un\n attaquant pour provoquer un d\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-0627",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0627"
},
{
"name": "CVE-2008-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
}
],
"initial_release_date": "2009-09-09T00:00:00",
"last_revision_date": "2009-09-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20090908-tcp24 du 08 septembre 2009 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml"
}
],
"reference": "CERTA-2009-AVI-377",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Plusieurs produits \u003cspan class=\"textit\"\u003eCisco\u003c/span\u003e pr\u00e9sentent des\nvuln\u00e9rabilit\u00e9s permettant \u00e0 utilisateur malveillant de provoquer un d\u00e9ni\nde service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s des produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20090908-tcp24 du 08 septembre 2009",
"url": null
}
]
}
CERTA-2008-AVI-310
Vulnerability from certfr_avis
Une vulnérabilité affectant des produits Cisco permet à une personne malintentionnée de contourner la politique de sécurité.
Description
La vulnérabilité détaillée dans l'avis CERTA-2008-AVI-302 du 10 juin 2008 affecte également certains produits Cisco. Ainsi, une personne malveillante peut usurper des paquets en envoyant des messages d'authentification HMAC spécialement construits.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco CATOS 6.x, 7.x, 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cicso Application Control Engine XML Gateway ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Control Engine Appliance ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS 4.x ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SAN-OS 2.x, 3.x (MDS 9000).",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS 12.x, R12.x, XR 3.x ;",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLa vuln\u00e9rabilit\u00e9 d\u00e9taill\u00e9e dans l\u0027avis CERTA-2008-AVI-302 du 10 juin\n2008 affecte \u00e9galement certains produits Cisco. Ainsi, une personne\nmalveillante peut usurper des paquets en envoyant des messages\nd\u0027authentification HMAC sp\u00e9cialement construits.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0960",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0960"
}
],
"initial_release_date": "2008-06-11T00:00:00",
"last_revision_date": "2008-06-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20080610-snmpv3 du 10 juin 2008 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"title": "Document du CERTA CERTA-2008-AVI-302 du 10 juin 2008 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-302/index.html"
}
],
"reference": "CERTA-2008-AVI-310",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 affectant des produits Cisco permet \u00e0 une personne\nmalintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits CISCO",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis cisco-sa-20080610-snmpv3",
"url": null
}
]
}