Refine your search
34 vulnerabilities found for Small Business by Cisco
CERTFR-2023-AVI-0026
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco BroadWorks Xtended Services Platform version 22.0 (Cisco recommande de migrer en version 23 avec les derniers correctifs de sécurité) | ||
| Cisco | N/A | Cisco BroadWorks Xtended Services Platform version 23.0 sans les correctifs de sécurité AP.xsp.23.0.1075.ap384245 et AP.platform.23.0.1075.ap384245 | ||
| Cisco | N/A | Cisco SIP sur les téléphones IP sans-fil 8821 versions antérieures à 11.0(6)SR4 | ||
| Cisco | N/A | Cisco Industrial Network Director (IND) versions antérieures à 1.7.0 | ||
| Cisco | N/A | Cisco SIP sur les téléphones IP des séries 7800 et 8800 versions antérieures à 14.1(1)SR2 | ||
| Cisco | Small Business | Routeurs Cisco Small Business RV016, RV042, RV042G et RV082 (Cisco indique que ces routeurs sont en fin de vie) | ||
| Cisco | N/A | Cisco BroadWorks Application Delivery Platform Device Management versions 22.0 sans les correctifs de sécurité ADP_Rel_2022.11_1.273 et dms_2022.11_1.273 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco BroadWorks Xtended Services Platform version 22.0 (Cisco recommande de migrer en version 23 avec les derniers correctifs de s\u00e9curit\u00e9)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco BroadWorks Xtended Services Platform version 23.0 sans les correctifs de s\u00e9curit\u00e9 AP.xsp.23.0.1075.ap384245 et AP.platform.23.0.1075.ap384245",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SIP sur les t\u00e9l\u00e9phones IP sans-fil 8821 versions ant\u00e9rieures \u00e0 11.0(6)SR4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Network Director (IND) versions ant\u00e9rieures \u00e0 1.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SIP sur les t\u00e9l\u00e9phones IP des s\u00e9ries 7800 et 8800 versions ant\u00e9rieures \u00e0 14.1(1)SR2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routeurs Cisco Small Business RV016, RV042, RV042G et RV082 (Cisco indique que ces routeurs sont en fin de vie)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco BroadWorks Application Delivery Platform Device Management versions 22.0 sans les correctifs de s\u00e9curit\u00e9 ADP_Rel_2022.11_1.273 et dms_2022.11_1.273",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20037"
},
{
"name": "CVE-2023-20018",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20018"
},
{
"name": "CVE-2023-20038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20038"
},
{
"name": "CVE-2023-20020",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20020"
},
{
"name": "CVE-2023-20025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20025"
},
{
"name": "CVE-2023-20026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20026"
}
],
"initial_release_date": "2023-01-12T00:00:00",
"last_revision_date": "2023-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-12T00:00:00.000000"
},
{
"description": "Correction coquille.",
"revision_date": "2023-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ip-phone-auth-bypass-pSqxZRPR du 11 janvier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sbr042-multi-vuln-ej76Pke5 du 11 janvier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ind-fZyVjJtG du 11 janvier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-bw-dos-HpkeYzp du 11 janvier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp"
}
]
}
CERTFR-2021-AVI-761
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Intersight Virtual Appliance versions antérieures à 1.0.9-302 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 12.5.x antérieures à 12.5.2-007 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions antérieures à 2.6 Patch10 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 2.7 antérieures à 2.7 Patch5 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 12.0.x antérieures à 12.0.3-005 | ||
| Cisco | Small Business | Cisco Small Business 220 Series Smart Switches versions antérieures à 1.2.1.2 | ||
| Cisco | N/A | ATA 190 Analog Telephone Adapter (produit en fin de vie) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 3.x antérieures à 3.1 | ||
| Cisco | N/A | ATA 192 Multiplatform Analog Telephone Adapter versions antérieures à 11.2.1 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco WSA versions 14.0.x antérieures à 14.0.1-014 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Linux et Mac OS versions antérieures à 4.10.03104 | ||
| Cisco | N/A | ATA 191 Multiplatform Analog Telephone Adapter versions antérieures à 11.2.1 | ||
| Cisco | N/A | ATA 191 Analog Telephone Adapter versions antérieures à 12.0(1)SR4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Intersight Virtual Appliance versions ant\u00e9rieures \u00e0 1.0.9-302",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 12.5.x ant\u00e9rieures \u00e0 12.5.2-007",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions ant\u00e9rieures \u00e0 2.6 Patch10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 2.7 ant\u00e9rieures \u00e0 2.7 Patch5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 12.0.x ant\u00e9rieures \u00e0 12.0.3-005",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 220 Series Smart Switches versions ant\u00e9rieures \u00e0 1.2.1.2",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 190 Analog Telephone Adapter (produit en fin de vie)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 3.x ant\u00e9rieures \u00e0 3.1",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 192 Multiplatform Analog Telephone Adapter versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco WSA versions 14.0.x ant\u00e9rieures \u00e0 14.0.1-014",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Linux et Mac OS versions ant\u00e9rieures \u00e0 4.10.03104",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 191 Multiplatform Analog Telephone Adapter versions ant\u00e9rieures \u00e0 11.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ATA 191 Analog Telephone Adapter versions ant\u00e9rieures \u00e0 12.0(1)SR4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-34788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34788"
},
{
"name": "CVE-2021-34779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34779"
},
{
"name": "CVE-2021-1594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1594"
},
{
"name": "CVE-2021-34775",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34775"
},
{
"name": "CVE-2021-34777",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34777"
},
{
"name": "CVE-2021-34780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34780"
},
{
"name": "CVE-2021-34735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34735"
},
{
"name": "CVE-2021-34698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34698"
},
{
"name": "CVE-2021-34710",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34710"
},
{
"name": "CVE-2021-34748",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34748"
},
{
"name": "CVE-2021-34776",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34776"
},
{
"name": "CVE-2021-34778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34778"
}
],
"initial_release_date": "2021-10-07T00:00:00",
"last_revision_date": "2021-10-07T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-761",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wsa-dos-fmHdKswk du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-priv-esc-UwqPrBM3 du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ata19x-multivuln-A4J57F3 du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucsi2-command-inject-CGyC8y2R du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-lib-hija-cAFB7x4q du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb220-lldp-multivuls-mVRUtQ8T du 06 octobre 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T"
}
]
}
CERTFR-2021-AVI-470
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Web Security Appliance versions antérieures à 12.0.3-005 | ||
| Cisco | N/A | Email Security Appliance versions antérieures à 12.5.3-035 | ||
| Cisco | N/A | Email Security Appliance versions 13.0.x antérieures à 13.0.0-030 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client for Windows versions antérieures à 4.10.01075 (avec le module VPN Posture (HostScan) installé) | ||
| Cisco | N/A | Web Security Appliance versions antérieures à 11.8.3-021 | ||
| Cisco | N/A | Web Security Appliance versions antérieures à 12.5.1-043 | ||
| Cisco | N/A | Email Security Appliance versions 13.5.x antérieures à 13.5.3-010 | ||
| Cisco | N/A | Cisco DNA Center Software versions antérieures à 2.2.2.1 sans le dernier correctif ou 2.2.2.3 | ||
| Cisco | Small Business | Cisco Small Business 220 Series Smart Switches firmware versions antérieures à 1.2.0.6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web Security Appliance versions ant\u00e9rieures \u00e0 12.0.3-005",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Email Security Appliance versions ant\u00e9rieures \u00e0 12.5.3-035",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Email Security Appliance versions 13.0.x ant\u00e9rieures \u00e0 13.0.0-030",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client for Windows versions ant\u00e9rieures \u00e0 4.10.01075 (avec le module VPN Posture (HostScan) install\u00e9)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Web Security Appliance versions ant\u00e9rieures \u00e0 11.8.3-021",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Web Security Appliance versions ant\u00e9rieures \u00e0 12.5.1-043",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Email Security Appliance versions 13.5.x ant\u00e9rieures \u00e0 13.5.3-010",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center Software versions ant\u00e9rieures \u00e0 2.2.2.1 sans le dernier correctif ou 2.2.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 220 Series Smart Switches firmware versions ant\u00e9rieures \u00e0 1.2.0.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1566"
},
{
"name": "CVE-2021-1571",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1571"
},
{
"name": "CVE-2021-1541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1541"
},
{
"name": "CVE-2021-1134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1134"
},
{
"name": "CVE-2021-1542",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1542"
},
{
"name": "CVE-2021-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1543"
}
],
"initial_release_date": "2021-06-17T00:00:00",
"last_revision_date": "2021-06-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-470",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dnac-certvalid-USEj2CZk du 16 juin 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-certvalid-USEj2CZk"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-pos-dll-ff8j6dFv du 16 juin 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ciscosb-multivulns-Wwyb7s5E du 16 juin 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esa-wsa-cert-vali-n8L97RW du 16 juin 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"
}
]
}
CERTFR-2021-AVI-246
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | ClamAV | ClamAV pour Windows versions antérieures à 0.103.2 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie donc aucun correctif ne sera publié pour la vulnérabilité critique CVE-2021-1459) | ||
| Cisco | N/A | Cisco Unified CM IM&P versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV134W versions antérieures à 1.0.1.21 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 19.x et 20.x antérieures à 20.3.3 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 20.4.x antérieures à 20.4.1 | ||
| Cisco | N/A | Immunet versions antérieures à 7.4.0 | ||
| Cisco | N/A | Cisco AMP for Endpoints pour Windows versions antérieures à 7.3.15 | ||
| Cisco | Unity Connection | Cisco Unity Connection versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV132W versions antérieures à 1.0.1.15 | ||
| Cisco | Unity Connection | Cisco Unity Connection versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV160, RV160W, RV260, RV260P et RV260W versions antérieures à 1.0.01.03 | ||
| Cisco | N/A | Cisco Unified CM IM&P versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | N/A | Cisco Unified CM et Unified CM SME versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions antérieures à 19.2.4 | ||
| Cisco | N/A | Cisco Unified CM et Unified CM SME versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV340, RV340W, RV345 et RV345P versions antérieures à 1.0.03.21 | ||
| Cisco | N/A | Cisco Prime License Manager versions antérieures à 11.5(1)SU9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV pour Windows versions ant\u00e9rieures \u00e0 0.103.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie donc aucun correctif ne sera publi\u00e9 pour la vuln\u00e9rabilit\u00e9 critique CVE-2021-1459)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM IM\u0026P versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV134W versions ant\u00e9rieures \u00e0 1.0.1.21",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 19.x et 20.x ant\u00e9rieures \u00e0 20.3.3",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 20.4.x ant\u00e9rieures \u00e0 20.4.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Immunet versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AMP for Endpoints pour Windows versions ant\u00e9rieures \u00e0 7.3.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV132W versions ant\u00e9rieures \u00e0 1.0.1.15",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV160, RV160W, RV260, RV260P et RV260W versions ant\u00e9rieures \u00e0 1.0.01.03",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM IM\u0026P versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions ant\u00e9rieures \u00e0 19.2.4",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV340, RV340W, RV345 et RV345P versions ant\u00e9rieures \u00e0 1.0.03.21",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime License Manager versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1473"
},
{
"name": "CVE-2021-1480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1480"
},
{
"name": "CVE-2021-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1479"
},
{
"name": "CVE-2021-1362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1362"
},
{
"name": "CVE-2021-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1309"
},
{
"name": "CVE-2021-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1386"
},
{
"name": "CVE-2021-1472",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1472"
},
{
"name": "CVE-2021-1251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1251"
},
{
"name": "CVE-2021-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1459"
},
{
"name": "CVE-2021-1137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1137"
},
{
"name": "CVE-2021-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1308"
}
],
"initial_release_date": "2021-04-08T00:00:00",
"last_revision_date": "2021-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-amp-imm-dll-tu79hvkO du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-tu79hvkO"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-rce-pqVYwyb du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb-rv-bypass-inject-Rbhgvfdx du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vmanage-YuTVWqy du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-multi-lldp-u7e4chCe du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-rce-q3rxHnvm du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm"
}
]
}
CERTFR-2021-AVI-030
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco CMX versions 10.6.x antérieures à 10.6.3 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Windows versions antérieures à 4.9.04043 | ||
| Cisco | Small Business | Les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie et ne bénéficieront plus de mises à jour de la part de Cisco) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco CMX versions 10.6.x ant\u00e9rieures \u00e0 10.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Windows versions ant\u00e9rieures \u00e0 4.9.04043",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie et ne b\u00e9n\u00e9ficieront plus de mises \u00e0 jour de la part de Cisco)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1185"
},
{
"name": "CVE-2021-1183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1183"
},
{
"name": "CVE-2021-1208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1208"
},
{
"name": "CVE-2021-1146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1146"
},
{
"name": "CVE-2021-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1206"
},
{
"name": "CVE-2021-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1187"
},
{
"name": "CVE-2021-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1190"
},
{
"name": "CVE-2021-1213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1213"
},
{
"name": "CVE-2021-1178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1178"
},
{
"name": "CVE-2021-1147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1147"
},
{
"name": "CVE-2021-1174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1174"
},
{
"name": "CVE-2021-1204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1204"
},
{
"name": "CVE-2021-1215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1215"
},
{
"name": "CVE-2021-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1205"
},
{
"name": "CVE-2021-1177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1177"
},
{
"name": "CVE-2021-1207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1207"
},
{
"name": "CVE-2021-1210",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1210"
},
{
"name": "CVE-2021-1209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1209"
},
{
"name": "CVE-2021-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1188"
},
{
"name": "CVE-2021-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1189"
},
{
"name": "CVE-2021-1149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1149"
},
{
"name": "CVE-2021-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1194"
},
{
"name": "CVE-2021-1186",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1186"
},
{
"name": "CVE-2021-1172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1172"
},
{
"name": "CVE-2021-1162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1162"
},
{
"name": "CVE-2021-1360",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1360"
},
{
"name": "CVE-2021-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1173"
},
{
"name": "CVE-2021-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1195"
},
{
"name": "CVE-2021-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1192"
},
{
"name": "CVE-2021-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1193"
},
{
"name": "CVE-2021-1166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1166"
},
{
"name": "CVE-2021-1237",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1237"
},
{
"name": "CVE-2021-1211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1211"
},
{
"name": "CVE-2021-1201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1201"
},
{
"name": "CVE-2021-1199",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1199"
},
{
"name": "CVE-2021-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1307"
},
{
"name": "CVE-2021-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1184"
},
{
"name": "CVE-2021-1179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1179"
},
{
"name": "CVE-2021-1164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1164"
},
{
"name": "CVE-2021-1200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1200"
},
{
"name": "CVE-2021-1170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1170"
},
{
"name": "CVE-2021-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1167"
},
{
"name": "CVE-2021-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1159"
},
{
"name": "CVE-2021-1180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1180"
},
{
"name": "CVE-2021-1196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1196"
},
{
"name": "CVE-2021-1150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1150"
},
{
"name": "CVE-2021-1169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1169"
},
{
"name": "CVE-2021-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1165"
},
{
"name": "CVE-2021-1203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1203"
},
{
"name": "CVE-2021-1182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1182"
},
{
"name": "CVE-2021-1176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1176"
},
{
"name": "CVE-2021-1217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1217"
},
{
"name": "CVE-2021-1148",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1148"
},
{
"name": "CVE-2021-1163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1163"
},
{
"name": "CVE-2021-1198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1198"
},
{
"name": "CVE-2021-1171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1171"
},
{
"name": "CVE-2021-1216",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1216"
},
{
"name": "CVE-2021-1161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1161"
},
{
"name": "CVE-2021-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1214"
},
{
"name": "CVE-2021-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1202"
},
{
"name": "CVE-2021-1197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1197"
},
{
"name": "CVE-2021-1175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1175"
},
{
"name": "CVE-2021-1160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1160"
},
{
"name": "CVE-2021-1144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1144"
},
{
"name": "CVE-2021-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1168"
},
{
"name": "CVE-2021-1191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1191"
},
{
"name": "CVE-2021-1181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1181"
},
{
"name": "CVE-2021-1212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1212"
}
],
"initial_release_date": "2021-01-14T00:00:00",
"last_revision_date": "2021-01-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-command-inject-LBdQ2KRN du 13 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-overflow-WUnUgv4U du 13 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cmxpe-75Asy9k du 13 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxpe-75Asy9k"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-dll-injec-pQnryXLf du 13 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-injec-pQnryXLf"
}
]
}
CERTFR-2020-AVI-404
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les commutateurs Cisco. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Commutateurs gérés empilables Cisco série 500 Small Business (produit en fin de vie) | ||
| Cisco | Small Business | Commutateurs intelligents Cisco série 200 Small Business (produit en fin de vie) | ||
| Cisco | N/A | Commutateurs gérés empilables Cisco série 350X versions antérieures à 2.5.5.47 | ||
| Cisco | N/A | Commutateurs intelligents Cisco série 250 versions antérieures à 2.5.5.47 | ||
| Cisco | Small Business | Commutateurs gérés Cisco série 300 Small Business (produit en fin de vie) | ||
| Cisco | N/A | Commutateurs gérés empilables Cisco série 550X versions antérieures à 2.5.5.47 | ||
| Cisco | N/A | Commutateurs gérés Cisco série 350 versions antérieures à 2.5.5.47 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commutateurs g\u00e9r\u00e9s empilables Cisco s\u00e9rie 500 Small Business (produit en fin de vie)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs intelligents Cisco s\u00e9rie 200 Small Business (produit en fin de vie)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs g\u00e9r\u00e9s empilables Cisco s\u00e9rie 350X versions ant\u00e9rieures \u00e0 2.5.5.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs intelligents Cisco s\u00e9rie 250 versions ant\u00e9rieures \u00e0 2.5.5.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs g\u00e9r\u00e9s Cisco s\u00e9rie 300 Small Business (produit en fin de vie)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs g\u00e9r\u00e9s empilables Cisco s\u00e9rie 550X versions ant\u00e9rieures \u00e0 2.5.5.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs g\u00e9r\u00e9s Cisco s\u00e9rie 350 versions ant\u00e9rieures \u00e0 2.5.5.47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3297",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3297"
}
],
"initial_release_date": "2020-07-02T00:00:00",
"last_revision_date": "2020-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-02T00:00:00.000000"
},
{
"description": "Modification du titre car une seule vuln\u00e9rabilit\u00e9 fait l\u0027objet de cet avis.",
"revision_date": "2020-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les commutateurs Cisco. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sbswitch-session-JZAS5jnY du 01 juillet 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY"
}
]
}
CERTFR-2019-AVI-304
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 12.5(x) antérieures à 12.5(1)SU1 | ||
| Cisco | N/A | Cisco AsyncOS versions antérieures à 10.5.5-005 | ||
| Cisco | Jabber | Cisco Jabber pour Windows versions antérieures à 12.6(0) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 12.0(x) antérieures à 12.0(1)SU3 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.7.x antérieures à 11.7.0-407 | ||
| Cisco | N/A | Cisco APIC versions antérieures à 4.1(2g) | ||
| Cisco | Small Business | Cisco Small Business 200, 300 et 500 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switch versions antérieures à 14.1(2g) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions antérieures à 11.5 sans le correctif de sécurité ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions antérieures à 10.5(2) sans le correctif de sécurité ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions antérieures à 3.10.1 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.5.x antérieures à 11.5.2-020 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager versions 12.5(x) ant\u00e9rieures \u00e0 12.5(1)SU1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions ant\u00e9rieures \u00e0 10.5.5-005",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber pour Windows versions ant\u00e9rieures \u00e0 12.6(0)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 12.0(x) ant\u00e9rieures \u00e0 12.0(1)SU3",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.7.x ant\u00e9rieures \u00e0 11.7.0-407",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC versions ant\u00e9rieures \u00e0 4.1(2g)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 200, 300 et 500 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switch versions ant\u00e9rieures \u00e0 14.1(2g)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions ant\u00e9rieures \u00e0 11.5 sans le correctif de s\u00e9curit\u00e9 ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions ant\u00e9rieures \u00e0 10.5(2) sans le correctif de s\u00e9curit\u00e9 ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 3.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.5.x ant\u00e9rieures \u00e0 11.5.2-020",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1884"
},
{
"name": "CVE-2019-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1891"
},
{
"name": "CVE-2019-1893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1893"
},
{
"name": "CVE-2019-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1855"
},
{
"name": "CVE-2019-1892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1892"
},
{
"name": "CVE-2019-1894",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1894"
},
{
"name": "CVE-2019-1889",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1889"
},
{
"name": "CVE-2019-1887",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1887"
},
{
"name": "CVE-2019-1886",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1886"
},
{
"name": "CVE-2019-1890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1890"
}
],
"initial_release_date": "2019-07-04T00:00:00",
"last_revision_date": "2019-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-304",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-wsa-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-cucm-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-jabber-dll du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-jabber-dll"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-nfvis-file-readwrite du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-ccapic-restapi du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-sbss-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-n9kaci-bypass du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-sbss-memcorrupt du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-nfvis-commandinj du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-asyncos-wsa du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-asyncos-wsa"
}
]
}
CERTFR-2019-AVI-228
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.2(10) sur Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 14.1(x) antérieures à 14.1(1i) sur Nexus 9000 Series Fabric Switches Mode ACI | ||
| Cisco | N/A | Webex Network Recording Player versions antérieures à Version 2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2 ou 4.0 sur Cisco Webex Meetings Server | ||
| Cisco | Small Business | Small Business Sx250, Sx350, Sx550 Series Switches versions antérieures à 2.5.0.78 | ||
| Cisco | N/A | Cisco PI Software versions antérieures à 3.4.1, 3.5 et 3.6 | ||
| Cisco | N/A | Cisco FXOS versions 2.4.x antérieures à 2.4.1.222 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | IOS XR | Cisco IOS XR versions antérieures à 5.3.3 Service Pack 11 | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.6.x antérieures à 6.6.12 | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0.x antérieures à 7.0(3)I7(2) sur Nexus 3500 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0(3).x antérieures à 7.0(3)F3(1) sur Nexus 9500 R-Series Switching Platform | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.4.x antérieures à 6.4.2 | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 14.0(2c) sur Nexus 9000 Series Fabric Switches Mode ACI | ||
| Cisco | Small Business | Small Business Sx200, Sx300, Sx500 et ESW2 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco FXOS versions antérieures à 2.2.2.91 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.2(11) sur MDS 9000 Series Multilayer Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.1(5)N1(1b) sur Nexus 5500, 5600 et 6000 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.0(3)I7(x) antérieures à 7.0(3)I7(2) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode | ||
| Cisco | N/A | Cisco FXOS versions 2.6.x antérieures à 2.6.1.131 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.3.x antérieures à 6.3.3 | ||
| Cisco | N/A | EPN Manager versions antérieures à 3.0.1 | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SM3(2.1) sur Nexus 1000V Switch for Microsoft Hyper-V | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.3.x antérieures à 7.3(4)N1(1a) sur Nexus 5500, 5600 et 6000 Series Switches | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à Version 1.3.42 sur Cisco Webex Meetings Online | ||
| Cisco | IOS XR | Cisco IOS XR versions 6.1.x, 6.2.x et 6.5.x antérieures à 6.5.3 | ||
| Cisco | N/A | Cisco Video Surveillance Manager versions antérieures à 7.12.1 | ||
| Cisco | NX-OS | Cisco NX-OS versions 8.0.x antérieures à 8.1(1) sur Nexus 7000 et 7700 Series Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 6.0(2)A8(4) sur Nexus 3500 Platform Switches | ||
| Cisco | NX-OS | Cisco NX-OS versions 8.1(x) antérieures à 8.1(1) sur MDS 9000 Series Multilayer Switches | ||
| Cisco | N/A | Cisco FXOS versions 2.3.x antérieures à 2.3.1.130 sur Firepower 4100 Series et Firepower 9300 Security Appliances | ||
| Cisco | N/A | Webex Network Recording Player et Webex Player versions antérieures à WBS39.2.205 sur Cisco Webex Business Suite sites | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 7.0(3)I4(8) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode | ||
| Cisco | NX-OS | Cisco NX-OS versions antérieures à 5.2(1)SV3(4.1a) sur Nexus 1000V Switch for VMware vSphere | ||
| Cisco | NX-OS | Cisco NX-OS versions 7.2.x antérieures à 7.2(0)D1(1) sur Nexus 7000 et 7700 Series Switches |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(10) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 14.1(x) ant\u00e9rieures \u00e0 14.1(1i) sur Nexus 9000 Series Fabric Switches Mode ACI",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player versions ant\u00e9rieures \u00e0 Version 2.8MR3 SecurityPatch2, 3.0MR2 SecurityPatch2 ou 4.0 sur Cisco Webex Meetings Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business Sx250, Sx350, Sx550 Series Switches versions ant\u00e9rieures \u00e0 2.5.0.78",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco PI Software versions ant\u00e9rieures \u00e0 3.4.1, 3.5 et 3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.4.x ant\u00e9rieures \u00e0 2.4.1.222 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions ant\u00e9rieures \u00e0 5.3.3 Service Pack 11",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.6.x ant\u00e9rieures \u00e0 6.6.12",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0.x ant\u00e9rieures \u00e0 7.0(3)I7(2) sur Nexus 3500 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0(3).x ant\u00e9rieures \u00e0 7.0(3)F3(1) sur Nexus 9500 R-Series Switching Platform",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 14.0(2c) sur Nexus 9000 Series Fabric Switches Mode ACI",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business Sx200, Sx300, Sx500 et ESW2 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions ant\u00e9rieures \u00e0 2.2.2.91 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.2(11) sur MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.1(5)N1(1b) sur Nexus 5500, 5600 et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.0(3)I7(x) ant\u00e9rieures \u00e0 7.0(3)I7(2) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.6.x ant\u00e9rieures \u00e0 2.6.1.131 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.3.x ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "EPN Manager versions ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SM3(2.1) sur Nexus 1000V Switch for Microsoft Hyper-V",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.3.x ant\u00e9rieures \u00e0 7.3(4)N1(1a) sur Nexus 5500, 5600 et 6000 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 Version 1.3.42 sur Cisco Webex Meetings Online",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 6.1.x, 6.2.x et 6.5.x ant\u00e9rieures \u00e0 6.5.3",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Manager versions ant\u00e9rieures \u00e0 7.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 8.0.x ant\u00e9rieures \u00e0 8.1(1) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 6.0(2)A8(4) sur Nexus 3500 Platform Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 8.1(x) ant\u00e9rieures \u00e0 8.1(1) sur MDS 9000 Series Multilayer Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS versions 2.3.x ant\u00e9rieures \u00e0 2.3.1.130 sur Firepower 4100 Series et Firepower 9300 Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Network Recording Player et Webex Player versions ant\u00e9rieures \u00e0 WBS39.2.205 sur Cisco Webex Business Suite sites",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 7.0(3)I4(8) sur Nexus 3000 Series Switches et Nexus 9000 Series Switches en Standalone NX-OS Mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions ant\u00e9rieures \u00e0 5.2(1)SV3(4.1a) sur Nexus 1000V Switch for VMware vSphere",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS versions 7.2.x ant\u00e9rieures \u00e0 7.2(0)D1(1) sur Nexus 7000 et 7700 Series Switches",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1823"
},
{
"name": "CVE-2019-1717",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1717"
},
{
"name": "CVE-2019-1771",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1771"
},
{
"name": "CVE-2019-1821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1821"
},
{
"name": "CVE-2019-1849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1849"
},
{
"name": "CVE-2019-1806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1806"
},
{
"name": "CVE-2019-1772",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1772"
},
{
"name": "CVE-2019-1846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1846"
},
{
"name": "CVE-2019-1824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1824"
},
{
"name": "CVE-2019-1825",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1825"
},
{
"name": "CVE-2019-1773",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1773"
},
{
"name": "CVE-2019-1822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1822"
},
{
"name": "CVE-2019-1858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1858"
}
],
"initial_release_date": "2019-05-16T00:00:00",
"last_revision_date": "2019-05-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-228",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-nxos-snmp-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-iosxr-evpn-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-sb-snmpdos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-webex-player",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-pi-rce",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-iosxr-mpls-dos",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-mpls-dos"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-cvsm",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm"
},
{
"published_at": "2019-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190515-pi-sqlinject",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject"
}
]
}
CERTFR-2019-AVI-193
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5) | ||
| Cisco | N/A | Cisco 250 Series Smart Switches, 350 Series et 350x Series Managed Switches et 550X Series Stackable Managed Switches versions antérieures à 2.5.0.78 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.7.x antérieures à 11.7.0-406 | ||
| Cisco | N/A | Cisco ASA versions antérieures à 9.4.4.34 | ||
| Cisco | N/A | Cisco AsyncOS versions 10.1.x antérieures à 10.1.4-017 | ||
| Cisco | N/A | Cisco Firepower et FMC versions 6.3.x antérieures à 6.3.0.3 (sortie prévue pour la semaine du 6 mai 2019) | ||
| Cisco | Small Business | Cisco Small Business 200 Series Smart Switches et Small Business 300 Series et 500 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco ASA versions 9.10.x antérieures à 9.10.1.17 | ||
| Cisco | N/A | Cisco ASA versions 9.5.x et 9.6.x antérieures à 9.6.4.25 | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switch versions antérieures à 14.1(1i) | ||
| Cisco | N/A | Cisco ASA versions 9.7.x et 9.8.x antérieures à 9.8.4 | ||
| Cisco | N/A | Cisco Firepower et FMC versions antérieures à 6.2.3.12 | ||
| Cisco | N/A | Cisco RV320 et RV325 Dual Gigabit WAN VPN Routers Firmware versions antérieures à 1.4.2.20 | ||
| Cisco | N/A | Cisco ASA versions 9.9.x antérieures à 9.9.2.50 | ||
| Cisco | IP Phone | Cisco IP Phone 7800 Series et 8800 Series versions antérieures à 12.5(1) | ||
| Cisco | N/A | Cisco Nexus 9000 Series Application Policy Infrastructure Controller (APIC) versions antérieures à 4.1(1i) | ||
| Cisco | N/A | Cisco AsyncOS versions 10.5.x antérieures à 10.5.4-018 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.5.x antérieures à 11.5.2-020 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 250 Series Smart Switches, 350 Series et 350x Series Managed Switches et 550X Series Stackable Managed Switches versions ant\u00e9rieures \u00e0 2.5.0.78",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.7.x ant\u00e9rieures \u00e0 11.7.0-406",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions ant\u00e9rieures \u00e0 9.4.4.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 10.1.x ant\u00e9rieures \u00e0 10.1.4-017",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower et FMC versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.3 (sortie pr\u00e9vue pour la semaine du 6 mai 2019)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 200 Series Smart Switches et Small Business 300 Series et 500 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.10.x ant\u00e9rieures \u00e0 9.10.1.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.5.x et 9.6.x ant\u00e9rieures \u00e0 9.6.4.25",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switch versions ant\u00e9rieures \u00e0 14.1(1i)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.7.x et 9.8.x ant\u00e9rieures \u00e0 9.8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower et FMC versions ant\u00e9rieures \u00e0 6.2.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV320 et RV325 Dual Gigabit WAN VPN Routers Firmware versions ant\u00e9rieures \u00e0 1.4.2.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.9.x ant\u00e9rieures \u00e0 9.9.2.50",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7800 Series et 8800 Series versions ant\u00e9rieures \u00e0 12.5(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series Application Policy Infrastructure Controller (APIC) versions ant\u00e9rieures \u00e0 4.1(1i)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 10.5.x ant\u00e9rieures \u00e0 10.5.4-018",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.5.x ant\u00e9rieures \u00e0 11.5.2-020",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1807"
},
{
"name": "CVE-2019-1635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1635"
},
{
"name": "CVE-2019-1817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1817"
},
{
"name": "CVE-2018-15462",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15462"
},
{
"name": "CVE-2019-1859",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1859"
},
{
"name": "CVE-2019-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1803"
},
{
"name": "CVE-2019-1816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1816"
},
{
"name": "CVE-2019-1704",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1704"
},
{
"name": "CVE-2019-1708",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1708"
},
{
"name": "CVE-2019-1724",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1724"
},
{
"name": "CVE-2018-15388",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15388"
},
{
"name": "CVE-2019-1714",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1714"
},
{
"name": "CVE-2019-1694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1694"
},
{
"name": "CVE-2019-1693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1693"
},
{
"name": "CVE-2019-1703",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1703"
},
{
"name": "CVE-2019-1713",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1713"
},
{
"name": "CVE-2019-1715",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1715"
},
{
"name": "CVE-2019-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1804"
},
{
"name": "CVE-2019-1696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1696"
},
{
"name": "CVE-2019-1706",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1706"
}
],
"initial_release_date": "2019-05-02T00:00:00",
"last_revision_date": "2019-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-193",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-ike-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ipsec-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-wsa-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-frpwr-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-wsa-privesc du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-wsa-privesc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-sd-cpu-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-frpwr-smb-snort du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-firepower-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-firepower-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-udb-sm du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-sbr-hijack du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sbr-hijack"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-phone-sip-xml-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-phone-sip-xml-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-entropy du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-entropy"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-csrf du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-frpwrtd-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-nexus9k-rpe du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-rpe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asa-ftd-dos du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-scbv du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-aci-insecure-fabric du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-insecure-fabric"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-apic-priv-escalation du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-apic-priv-escalation"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-asaftd-saml-vpn du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-nexus9k-sshkey du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190501-aci-hw-clock-util du 01 mai 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-hw-clock-util"
}
]
}
CERTFR-2018-AVI-536
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco Small Business 500 Series Stackable Managed Switches | ||
| Cisco | N/A | Appareils Cisco Meraki MR | ||
| Cisco | N/A | Appareils Cisco Meraki Z1 et Z3 | ||
| Cisco | Meraki MX | Appareils Cisco Meraki MX (incluant les équipements physiques et l'équipement virtuel vMX100) | ||
| Cisco | N/A | Cisco Stealthwatch Enterprise versions 6.10.2 et antérieures | ||
| Cisco | N/A | Appareils Cisco Meraki MS | ||
| Cisco | N/A | Cisco 350 Series Managed Switches | ||
| Cisco | Small Business | Cisco Small Business 300 Series Managed Switches | ||
| Cisco | Small Business | Cisco Small Business 200 Series Smart Switches | ||
| Cisco | N/A | Cisco 550X Series Stackable Managed Switches | ||
| Cisco | N/A | Cisco 250 Series Smart Switches | ||
| Cisco | N/A | Cisco Unity Express toutes versions antérieures à 9.0.6 | ||
| Cisco | N/A | Cisco 350X Series Stackable Managed Switches |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Small Business 500 Series Stackable Managed Switches",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Appareils Cisco Meraki MR",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Appareils Cisco Meraki Z1 et Z3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Appareils Cisco Meraki MX (incluant les \u00e9quipements physiques et l\u0027\u00e9quipement virtuel vMX100)",
"product": {
"name": "Meraki MX",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Stealthwatch Enterprise versions 6.10.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Appareils Cisco Meraki MS",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 350 Series Managed Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 300 Series Managed Switches",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 200 Series Smart Switches",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 550X Series Stackable Managed Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 250 Series Smart Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Express toutes versions ant\u00e9rieures \u00e0 9.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 350X Series Stackable Managed Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-15381",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15381"
},
{
"name": "CVE-2018-15394",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15394"
},
{
"name": "CVE-2018-15439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15439"
},
{
"name": "CVE-2018-0284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0284"
}
],
"initial_release_date": "2018-11-08T00:00:00",
"last_revision_date": "2018-11-08T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-536",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-smc-auth-bypass du 7 novembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-sbsw-privacc du 7 novembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-meraki du 7 novembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-cue du 7 novembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue"
}
]
}
CERTFR-2017-AVI-372
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Nexus 9500 R-Series Line Cards et Fabric Modules | ||
| Cisco | N/A | Nexus 5500 Platform Switches | ||
| Cisco | N/A | Firepower 9300 Security Appliance | ||
| Cisco | N/A | UCS 6200 Series Fabric Interconnects | ||
| Cisco | N/A | Nexus 6000 Series Switches | ||
| Cisco | N/A | Nexus 7000 Series Switches | ||
| Cisco | N/A | Nexus 1100 Series Cloud Services Platforms | ||
| Cisco | Small Business | Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou antérieure | ||
| Cisco | N/A | Nexus 7700 Series Switches | ||
| Cisco | N/A | UCS 6300 Series Fabric Interconnects | ||
| Cisco | N/A | Nexus 3500 Platform Switches | ||
| Cisco | N/A | Nexus 5600 Platform Switches | ||
| Cisco | N/A | Nexus 1000V Series Switches | ||
| Cisco | N/A | Multilayer Director Switches | ||
| Cisco | N/A | Unified Computing System (UCS) 6100 Series Fabric Interconnects | ||
| Cisco | NX-OS | Nexus 9000 Series Switches en mode NX-OS | ||
| Cisco | N/A | Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2 | ||
| Cisco | N/A | Nexus 5000 Series Switches | ||
| Cisco | N/A | Nexus 3000 Series Switches | ||
| Cisco | N/A | Firepower 4100 Series Next-Generation Firewall | ||
| Cisco | N/A | Nexus 2000 Series Switches |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nexus 9500 R-Series Line Cards et Fabric Modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 9300 Security Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6200 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 6000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1100 Series Cloud Services Platforms",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SPA50x, SPA51x, et SPA52x Series IP Phones avec une version du micrologiciel 7.6.2SR1 ou ant\u00e9rieure",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 7700 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "UCS 6300 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3500 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5600 Platform Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 1000V Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Multilayer Director Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Computing System (UCS) 6100 Series Fabric Interconnects",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 9000 Series Switches en mode NX-OS",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Platform (CSP) 2100 avec une version logicielle 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1 ou 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 5000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 3000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series Next-Generation Firewall",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus 2000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12259",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12259"
},
{
"name": "CVE-2017-12260",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12260"
},
{
"name": "CVE-2017-12251",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12251"
},
{
"name": "CVE-2017-3883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3883"
}
],
"initial_release_date": "2017-10-19T00:00:00",
"last_revision_date": "2017-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-372",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-ccs du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip1 du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-sip du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171018-aaavty du 18 octobre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
}
]
}
CERTFR-2017-AVI-317
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | 350X Series Stackable Managed Switches versions antérieures à 2.3.0.130 | ||
| Cisco | N/A | 350 Series Managed Switches versions antérieures à 2.3.0.130 | ||
| Cisco | N/A | 550X Series Stackable Managed Switches versions antérieures à 2.3.0.130 | ||
| Cisco | Small Business | Small Business 300 Series Managed Switches versions antérieures à 1.4.8.06 | ||
| Cisco | N/A | Cisco AsyncOS pour Cisco Email Security Appliances sans le dernier correctif de sécurité | ||
| Cisco | N/A | ESW2 Series Advanced Switches versions antérieures à 1.4.8.06 | ||
| Cisco | Small Business | Small Business 500 Series Stackable Managed Switches versions antérieures à 1.4.8.06 | ||
| Cisco | N/A | Cisco Unified Customer Voice Portal (CVP) versions 10.5, 11.0 et 11.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "350X Series Stackable Managed Switches versions ant\u00e9rieures \u00e0 2.3.0.130",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "350 Series Managed Switches versions ant\u00e9rieures \u00e0 2.3.0.130",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "550X Series Stackable Managed Switches versions ant\u00e9rieures \u00e0 2.3.0.130",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business 300 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.8.06",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS pour Cisco Email Security Appliances sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ESW2 Series Advanced Switches versions ant\u00e9rieures \u00e0 1.4.8.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Small Business 500 Series Stackable Managed Switches versions ant\u00e9rieures \u00e0 1.4.8.06",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Customer Voice Portal (CVP) versions 10.5, 11.0 et 11.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6720"
},
{
"name": "CVE-2017-12215",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12215"
},
{
"name": "CVE-2017-12214",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12214"
}
],
"initial_release_date": "2017-09-21T00:00:00",
"last_revision_date": "2017-09-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-cvp du 20 septembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-esa du 20 septembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-sbms du 20 septembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms"
}
],
"reference": "CERTFR-2017-AVI-317",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-esa du 20 septembre 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-sbms du 20 septembre 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170920-cvp du 20 septembre 2017",
"url": null
}
]
}
CERTFR-2016-AVI-291
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Wireless LAN Controller versions antérieures à 8.0.140.0 | ||
| Cisco | N/A | Cisco WebEx Meetings Player versions antérieures à T29.10 | ||
| Cisco | Small Business | SPA500 Series IP Phones utilisant une version de Cisco Small Business IP Phones inférieure à 7.5.7(6) | ||
| Cisco | N/A | Cisco Virtual Media Packager (VMP) utilisant Media Origination System versions antérieures à 2.6 | ||
| Cisco | Small Business | SPA51x IP Phones utilisant une version de Cisco Small Business IP Phones inférieure à 7.5.7(6) | ||
| Cisco | Small Business | SPA300 Series IP Phones utilisant une version de Cisco Small Business IP Phones inférieure à 7.5.7(6) | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) versions antérieures à 10.6(3) | ||
| Cisco | Small Business | Cisco Small Business 220 Series Smart Plus (Sx220) Switches versions 1.0.0.17, 1.0.0.18, ou 1.0.0.19 et qui ont la fonctionnalité SNMP activée |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Wireless LAN Controller versions ant\u00e9rieures \u00e0 8.0.140.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Player versions ant\u00e9rieures \u00e0 T29.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SPA500 Series IP Phones utilisant une version de Cisco Small Business IP Phones inf\u00e9rieure \u00e0 7.5.7(6)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Media Packager (VMP) utilisant Media Origination System versions ant\u00e9rieures \u00e0 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SPA51x IP Phones utilisant une version de Cisco Small Business IP Phones inf\u00e9rieure \u00e0 7.5.7(6)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SPA300 Series IP Phones utilisant une version de Cisco Small Business IP Phones inf\u00e9rieure \u00e0 7.5.7(6)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) versions ant\u00e9rieures \u00e0 10.6(3)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 220 Series Smart Plus (Sx220) Switches versions 1.0.0.17, 1.0.0.18, ou 1.0.0.19 et qui ont la fonctionnalit\u00e9 SNMP activ\u00e9e",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2016-09-02T00:00:00",
"last_revision_date": "2016-09-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-wlc-2 du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-meetings-player du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-hcmf du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps2 du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps1 du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-webex du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webex"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-vmp du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-wlc-1 du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-spa du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-hcm du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps3 du 31 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3"
}
],
"reference": "CERTFR-2016-AVI-291",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-spa du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-meetings-player du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-hcmf du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-hcm du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-webex du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-wlc-2 du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps2 du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps1 du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps3 du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-sps du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-wlc-1 du 31 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160831-vmp du 31 ao\u00fbt 2016",
"url": null
}
]
}
CERTFR-2016-AVI-065
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Universal Small Cell devices | ||
| Cisco | N/A | Cisco Emergency Responder version 11.5(0.99833.5) | ||
| Cisco | IOS | Cisco Industrial Ethernet 2000 Series Switches exécutant Cisco IOS version 15.2(4)E | ||
| Cisco | Small Business | Cisco Small Business 500 Series Wireless Access Point version 1.0.4.4 | ||
| Cisco | N/A | Cisco AMP exécutant Cisco ESA versions 9.5.0-201, 9.6.0-051, et 9.7.0-125 | ||
| Cisco | N/A | Cisco 1000 Series Connected Grid Router si la fonctionnalité SNMP est configurée |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Universal Small Cell devices",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Emergency Responder version 11.5(0.99833.5)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Ethernet 2000 Series Switches ex\u00e9cutant Cisco IOS version 15.2(4)E",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 500 Series Wireless Access Point version 1.0.4.4",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AMP ex\u00e9cutant Cisco ESA versions 9.5.0-201, 9.6.0-051, et 9.7.0-125",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1000 Series Connected Grid Router si la fonctionnalit\u00e9 SNMP est configur\u00e9e",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1331",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1331"
},
{
"name": "CVE-2016-1321",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1321"
},
{
"name": "CVE-2016-1315",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1315"
},
{
"name": "CVE-2016-1330",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1330"
},
{
"name": "CVE-2016-1334",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1334"
},
{
"name": "CVE-2016-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1333"
}
],
"initial_release_date": "2016-02-17T00:00:00",
"last_revision_date": "2016-02-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160215-er du 15 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160215-er"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160216-grid du 16 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160216-grid"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160215-ie2000 du 15 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160215-ie2000"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160216-wap du 16 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160216-wap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160212-usc du 12 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160211-esaamp du 11 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160211-esaamp"
}
],
"reference": "CERTFR-2016-AVI-065",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160216-wap du 16 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160211-esaamp du 11 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160216-grid du 16 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160212-usc du 12 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160215-ie2000 du 15 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160215-er du 15 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-042
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco Small Business 500 Series Switches version 1.2.0.92 | ||
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2.3009) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Small Business 500 Series Switches version 1.2.0.92",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 10.5(2.3009)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1303"
},
{
"name": "CVE-2016-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1304"
}
],
"initial_release_date": "2016-01-29T00:00:00",
"last_revision_date": "2016-01-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-uc du 28 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-sbs du 28 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
}
],
"reference": "CERTFR-2016-AVI-042",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de\ncode indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-uc du 28 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-sbs du 28 janvier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2.3009) | ||
| Cisco | Small Business | Cisco Small Business SG300 Managed Switch version 1.4.1.x | ||
| Cisco | N/A | Cisco Wide Area Application Services Software (WAAS) versions 5.4.x et 5.5.X antérieures à 5.5.3 | ||
| Cisco | N/A | Cisco RV220W Wireless Network Security Firewall versions antérieures à 1.0.7.2 | ||
| Cisco | N/A | Cisco Wide Area Application Services Software (WAAS) versions ultérieures à 5.1.1d et antérieures à 5.3.5d |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection version 10.5(2.3009)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SG300 Managed Switch version 1.4.1.x",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services Software (WAAS) versions 5.4.x et 5.5.X ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV220W Wireless Network Security Firewall versions ant\u00e9rieures \u00e0 1.0.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services Software (WAAS) versions ult\u00e9rieures \u00e0 5.1.1d et ant\u00e9rieures \u00e0 5.3.5d",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1299"
},
{
"name": "CVE-2015-6319",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6319"
},
{
"name": "CVE-2016-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1300"
},
{
"name": "CVE-2015-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6421"
}
],
"initial_release_date": "2016-01-28T00:00:00",
"last_revision_date": "2016-01-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-waascifs du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-sbms du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-rv220 du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-uc du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc"
}
],
"reference": "CERTFR-2016-AVI-040",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-sbms du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-waascifs du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-rv220 du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-uc du 27 janvier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-505
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco SPA400 Internet Telephony Gateway with 4 FXO Ports | ||
| Cisco | N/A | Cisco RV325 Dual WAN Gigabit VPN Router | ||
| Cisco | N/A | Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio | ||
| Cisco | N/A | Cisco WAP4410N Wireless-N Access Point - PoE/Advanced Security | ||
| Cisco | N/A | Cisco SRW224P 24-port 10/100 + 2-port Gigabit Switch - WebView/PoE | ||
| Cisco | N/A | Cisco RTP300 Broadband Router | ||
| Cisco | N/A | Cisco WRVS4400N Wireless-N Gigabit Security Router - VPN V2.0 | ||
| Cisco | N/A | Cisco RV120W Wireless-N VPN Firewall | ||
| Cisco | N/A | Cisco WRP500 Wireless-AC Broadband Router with 2 Phone Ports | ||
| Cisco | N/A | Cisco WRV210 Wireless-G VPN Router - RangeBooster | ||
| Cisco | N/A | Cisco WAP4400N Wireless-N Access Point - PoE | ||
| Cisco | N/A | Cisco RV220W Wireless Network Security Firewall | ||
| Cisco | N/A | Cisco WRV200 Wireless-G VPN Router - RangeBooster | ||
| Cisco | N/A | Cisco RV320 Dual Gigabit WAN VPN Router | ||
| Cisco | N/A | Cisco WAP200 Wireless-G Access Point - PoE/Rangebooster | ||
| Cisco | Small Business | Cisco Small Business SRP520-U Models | ||
| Cisco | N/A | Cisco RV325 Dual Gigabit WAN VPN Router | ||
| Cisco | N/A | Cisco RVS4000 4-port Gigabit Security Router - VPN | ||
| Cisco | N/A | Cisco PVC2300 Business Internet Video Camera - Audio/PoE | ||
| Cisco | N/A | Cisco WET200 Wireless-G Business Ethernet Bridge | ||
| Cisco | N/A | Cisco RV180W Wireless-N Multifunction VPN Router | ||
| Cisco | N/A | Cisco WAP2000 Wireless-G Access Point - PoE | ||
| Cisco | N/A | Cisco RV180 VPN Router | ||
| Cisco | Small Business | Cisco Small Business SRP520 Models | ||
| Cisco | N/A | Cisco RV315W Wireless-N VPN Router |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco SPA400 Internet Telephony Gateway with 4 FXO Ports",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV325 Dual WAN Gigabit VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP4410N Wireless-N Access Point - PoE/Advanced Security",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SRW224P 24-port 10/100 + 2-port Gigabit Switch - WebView/PoE",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RTP300 Broadband Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRVS4400N Wireless-N Gigabit Security Router - VPN V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV120W Wireless-N VPN Firewall",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRP500 Wireless-AC Broadband Router with 2 Phone Ports",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRV210 Wireless-G VPN Router - RangeBooster",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP4400N Wireless-N Access Point - PoE",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV220W Wireless Network Security Firewall",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRV200 Wireless-G VPN Router - RangeBooster",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV320 Dual Gigabit WAN VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP200 Wireless-G Access Point - PoE/Rangebooster",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SRP520-U Models",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV325 Dual Gigabit WAN VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RVS4000 4-port Gigabit Security Router - VPN",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco PVC2300 Business Internet Video Camera - Audio/PoE",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WET200 Wireless-G Business Ethernet Bridge",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV180W Wireless-N Multifunction VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP2000 Wireless-G Access Point - PoE",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV180 VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SRP520 Models",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV315W Wireless-N VPN Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6358",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6358"
}
],
"initial_release_date": "2015-11-26T00:00:00",
"last_revision_date": "2015-11-26T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151125-ci du 25 novembre 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
}
],
"reference": "CERTFR-2015-AVI-505",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-11-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151125-ci du 25 novembre 2015",
"url": null
}
]
}
CERTFR-2014-AVI-461
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco Small Business RV Series Routers. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une élévation de privilèges.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco RV180 VPN Router avec un firmware antérieur au 1.0.4.14 | ||
| Cisco | Small Business | Cisco RV120W Wireless-N VPN Firewall avec un firmware antérieur au 1.0.5.9 | ||
| Cisco | Small Business | Cisco RV220W Wireless Network Security Firewall | ||
| Cisco | Small Business | Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware antérieur au 1.0.4.14 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco RV180 VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV120W Wireless-N VPN Firewall avec un firmware ant\u00e9rieur au 1.0.5.9",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV220W Wireless Network Security Firewall",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2178"
},
{
"name": "CVE-2014-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2177"
},
{
"name": "CVE-2014-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2179"
}
],
"initial_release_date": "2014-11-06T00:00:00",
"last_revision_date": "2014-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-461",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco Small Business RV Series\nRouters\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Small Business RV Series Routers",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco du 05 novembre 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
}
]
}
CERTA-2014-AVI-011
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Cisco Small Business Devices. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco WAP4410N Wireless-N Access Point avec une version de firmware inférieure à 2.0.3.2 | ||
| Cisco | Small Business | Cisco WRVS4400N Wireless-N Gigabit Security Router version 1.0 et 1.1 avec une version de firmware inférieure à 1.1.13 | ||
| Cisco | Small Business | Cisco RVS4000 4-port Gigabit Security Router avec une version de firmware inférieure à 2.0.3.2 | ||
| Cisco | Small Business | Cisco WRVS4400N Wireless-N Gigabit Security Router version 2.0 avec une version de firmware inférieure à 2.0.2.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco WAP4410N Wireless-N Access Point avec une version de firmware inf\u00e9rieure \u00e0 2.0.3.2",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRVS4400N Wireless-N Gigabit Security Router version 1.0 et 1.1 avec une version de firmware inf\u00e9rieure \u00e0 1.1.13",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RVS4000 4-port Gigabit Security Router avec une version de firmware inf\u00e9rieure \u00e0 2.0.3.2",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WRVS4400N Wireless-N Gigabit Security Router version 2.0 avec une version de firmware inf\u00e9rieure \u00e0 2.0.2.1",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0659",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0659"
}
],
"initial_release_date": "2014-01-13T00:00:00",
"last_revision_date": "2014-01-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140110-sbd du 10 janvier 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
}
],
"reference": "CERTA-2014-AVI-011",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco Small\nBusiness Devices\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Small Business Devices",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140110-sbd du 10 janvier 2014",
"url": null
}
]
}
CERTA-2013-AVI-358
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Parallels Plesk Panel. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Parallels Small Business Panel 10.x",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Parallels Plesk Panel 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Parallels Plesk Panel 9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
}
],
"initial_release_date": "2013-06-17T00:00:00",
"last_revision_date": "2013-06-17T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-358",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-06-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eParallels\nPlesk Panel\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Parallels Plesk Panel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Parallels 116241 du 14 juin 2013",
"url": "http://kb.parallels.com/en/116241"
}
]
}
CERTA-2011-AVI-613
Vulnerability from certfr_avis
Une vulnérabilité dans les produits Cisco Small Business SRP500 Series permet à une personne distante malintentionnée d'exécuter du code arbitraire.
Description
Une vulnérabilité dans les produits Cisco Small Business SRP500 Series permet à une pesonne distante malintentionnée d'injecter des commandes du système d'exploitation. L'exploitation de cette vulnérabilité consiste à forcer un administrateur à cliquer sur un lien ou à intercepter une session authentifiée et à effectuer une attaque du type man-in-the-middle.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco SRP541W, SRP546W et SRP547W versions antérieures à la 1.2.1. | ||
| Cisco | Small Business | Cisco SRP521W, SRP526W et SRP527W versions antérieures à la 1.1.24 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco SRP541W, SRP546W et SRP547W versions ant\u00e9rieures \u00e0 la 1.2.1.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SRP521W, SRP526W et SRP527W versions ant\u00e9rieures \u00e0 la 1.1.24 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans les produits Cisco Small Business SRP500 Series\npermet \u00e0 une pesonne distante malintentionn\u00e9e d\u0027injecter des commandes\ndu syst\u00e8me d\u0027exploitation. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\nconsiste \u00e0 forcer un administrateur \u00e0 cliquer sur un lien ou \u00e0\nintercepter une session authentifi\u00e9e et \u00e0 effectuer une attaque du type\nman-in-the-middle.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4005",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4005"
}
],
"initial_release_date": "2011-11-03T00:00:00",
"last_revision_date": "2011-11-03T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-613",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits Cisco Small Business SRP500 Series\npermet \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code\narbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco Small Business SRP500 Series",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20111102-srp du 02 novembre 2011",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp"
}
]
}
CERTA-2008-AVI-598
Vulnerability from certfr_avis
Une vulnérabilité dans CA ARCserve Backup permet d'exécuter du code arbitraire à distance.
Description
Une vulnérabilité a été découverte dans le service LDBserver de CA ARCserve Backup. L'exploitation de cette vulnérabilité permet d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | CA ARCserve Backup r11.1 Windows ; | ||
| Cisco | N/A | CA Server Protection Suite r2 ; | ||
| Microsoft | Windows | CA ARCserve Backup r11.5 Windows ; | ||
| Microsoft | Windows | CA ARCserve Backup r12.0 Windows ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA ARCserve Backup r11.1 Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.5 Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r12.0 Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le service LDBserver de CA\nARCserve Backup. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet d\u0027ex\u00e9cuter\ndu code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-5415",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5415"
}
],
"initial_release_date": "2008-12-11T00:00:00",
"last_revision_date": "2008-12-11T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-598",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eCA ARCserve Backup\u003c/span\u003e\npermet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CA du 10 d\u00e9cembre 2008",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=194293"
}
]
}
CERTA-2008-AVI-491
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans CA ARCserve Backup permettent à distance d'exécuter du code arbitraire ou de provoquer des dénis de service.
Description
Quatre vulnérabilités ont été découvertes dans CA ARCserve Backup :
- une validation insuffisante des paramètres passés à certains appels RPC permet d'exécuter du code arbitraire à distance (CVE-2008-4397) ;
- une faille dans le service tape engine permet de réaliser un déni de service à distance (CVE-2008-4398) ;
- une vulnérabilité dans le service database engine permet de réaliser un déni de service à distance (CVE-2008-4399) ;
- une vérification incorrecte des identifiants de connexion permet de réaliser plusieurs dénis de service (CVE-2008-4400).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | CA Business Protection Suite r2 ; | ||
| Microsoft | Windows | CA ARCserve Backup Windows r12.0 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| Microsoft | Windows | CA ARCserve Backup Windows r11.5 ; | ||
| Microsoft | Windows | CA ARCserve Backup Windows r11.1 ; | ||
| N/A | N/A | CA Server Protection Suite r2 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup Windows r12.0 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup Windows r11.5 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup Windows r11.1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans CA ARCserve Backup :\n\n- une validation insuffisante des param\u00e8tres pass\u00e9s \u00e0 certains appels\n RPC permet d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2008-4397)\n ;\n- une faille dans le service tape engine permet de r\u00e9aliser un d\u00e9ni de\n service \u00e0 distance (CVE-2008-4398) ;\n- une vuln\u00e9rabilit\u00e9 dans le service database engine permet de r\u00e9aliser\n un d\u00e9ni de service \u00e0 distance (CVE-2008-4399) ;\n- une v\u00e9rification incorrecte des identifiants de connexion permet de\n r\u00e9aliser plusieurs d\u00e9nis de service (CVE-2008-4400).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-4397",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4397"
},
{
"name": "CVE-2008-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4399"
},
{
"name": "CVE-2008-4400",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4400"
},
{
"name": "CVE-2008-4398",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4398"
}
],
"initial_release_date": "2008-10-13T00:00:00",
"last_revision_date": "2008-10-13T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-491",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCA ARCserve\nBackup\u003c/span\u003e permettent \u00e0 distance d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer des d\u00e9nis de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans CA ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CA du 09 octobre 2008",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143"
}
]
}
CERTA-2008-AVI-325
Vulnerability from certfr_avis
Une vulnérabilité dans CA ARCserve Backup permet de réaliser un déni de service à distance.
Description
Une vulnérabilité a été découverte dans CA ARCserve Backup. Elle affecte le service CA ARCserve Discovery Service (casdscsvc) et est due à une mauvaise vérification des données envoyées par le client. L'exploitation de cette vulnérabilité permet de réaliser un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | CA ARCserve Backup r11.1 Windows ; | ||
| Cisco | N/A | CA Server Protection Suite r2 ; | ||
| Microsoft | Windows | CA ARCserve Backup r12.0 Windows ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| Microsoft | Windows | CA ARCserve Backup r11.5 Windows SP3 et versions antérieures ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. | ||
| N/A | N/A | CA ARCserve Backup r11.1 Netware ; | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA ARCserve Backup r11.1 Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r12.0 Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.5 Windows SP3 et versions ant\u00e9rieures ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.1 Netware ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans CA ARCserve Backup. Elle affecte\nle service CA ARCserve Discovery Service (casdscsvc) et est due \u00e0 une\nmauvaise v\u00e9rification des donn\u00e9es envoy\u00e9es par le client. L\u0027exploitation\nde cette vuln\u00e9rabilit\u00e9 permet de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1979"
}
],
"initial_release_date": "2008-06-19T00:00:00",
"last_revision_date": "2008-06-19T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-325",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eCA ARCserve Backup\u003c/span\u003e\npermet de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans CA ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 17 juin 2008",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=178937"
}
]
}
CERTA-2008-AVI-258
Vulnerability from certfr_avis
Deux vulnérabilités dans CA ARCserve Backup permettent à une personne malintentionnée distante de réaliser un déni de service ou d'exécuter du code arbitraire.
Description
Deux vulnérabilités ont été identifiées dans CA ARCserve Backup. La première est due à une mauvaise vérification de chemin par le service de journalisation caloggerd, ce qui permet à une personne malintentionnée d'ajouter des données à des fichiers arbitraires. La deuxième vulnérabilité est due à un débordement de mémoire ce qui permet à une personne malintentionnée d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | CA Server Protection Suite r2 ; | ||
| N/A | N/A | CA ARCserve Backup r11.1 ; | ||
| Cisco | N/A | CA ARCserve Backup r11.5 ; | ||
| Cisco | N/A | CA ARCserve Backup r11.0 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA ARCserve Backup r11.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans CA ARCserve Backup. La\npremi\u00e8re est due \u00e0 une mauvaise v\u00e9rification de chemin par le service de\njournalisation caloggerd, ce qui permet \u00e0 une personne malintentionn\u00e9e\nd\u0027ajouter des donn\u00e9es \u00e0 des fichiers arbitraires. La deuxi\u00e8me\nvuln\u00e9rabilit\u00e9 est due \u00e0 un d\u00e9bordement de m\u00e9moire ce qui permet \u00e0 une\npersonne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2241",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2241"
},
{
"name": "CVE-2008-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2242"
}
],
"initial_release_date": "2008-05-21T00:00:00",
"last_revision_date": "2008-05-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 CA #176798 du 19 mai 2008 :",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798"
}
],
"reference": "CERTA-2008-AVI-258",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCA ARCserve Backup\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e distante de r\u00e9aliser un d\u00e9ni\nde service ou d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans CA ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CA #17698 du 19 mai 2008",
"url": null
}
]
}
CERTA-2007-AVI-437
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans BrightStor ARCserve Backup permettent, à distance, d'exécuter du code arbitraire, de réaliser un déni de service ou de contourner la politique de sécurité.
Description
Plusieurs failles ont été découvertes dans BrightStor ARCserve Backup :
- des vulnérabilités, de type débordement de mémoire, permettent d'exécuter du code arbitraire à distance (CVE-2007-5325, CVE-2007-5326 et CVE-2007-5327) ;
- un utilisateur peut accéder à des fonctionnalités nécessitant théoriquement des privilèges élevés (CVE-2007-5328) ;
- plusieurs problèmes dans la gestion des procédures RPC par différents services permettent de réaliser un déni de service. La possibilité d'exécuter du code arbitraire n'est pas exclue (CVE-2007-5329, CVE-2007-5330, CVE-2007-5331 et CVE-2007-5332).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | BrightStor ARCserve Backup v9.01 ; | ||
| N/A | N/A | CA Business Protection Suite r2 ; | ||
| N/A | N/A | BrightStor Enterprise Backup r10.5 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup r11 pour Windows ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.5 ; | ||
| N/A | N/A | CA Server Protection Suite r2 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.1 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrightStor ARCserve Backup v9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup r10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11 pour Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs failles ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup :\n\n- des vuln\u00e9rabilit\u00e9s, de type d\u00e9bordement de m\u00e9moire, permettent\n d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance (CVE-2007-5325,\n CVE-2007-5326 et CVE-2007-5327) ;\n- un utilisateur peut acc\u00e9der \u00e0 des fonctionnalit\u00e9s n\u00e9cessitant\n th\u00e9oriquement des privil\u00e8ges \u00e9lev\u00e9s (CVE-2007-5328) ;\n- plusieurs probl\u00e8mes dans la gestion des proc\u00e9dures RPC par\n diff\u00e9rents services permettent de r\u00e9aliser un d\u00e9ni de service. La\n possibilit\u00e9 d\u0027ex\u00e9cuter du code arbitraire n\u0027est pas exclue\n (CVE-2007-5329, CVE-2007-5330, CVE-2007-5331 et CVE-2007-5332).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-5326",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5326"
},
{
"name": "CVE-2007-5330",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5330"
},
{
"name": "CVE-2007-5329",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5329"
},
{
"name": "CVE-2007-5325",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5325"
},
{
"name": "CVE-2007-5327",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5327"
},
{
"name": "CVE-2007-5331",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5331"
},
{
"name": "CVE-2007-5328",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5328"
},
{
"name": "CVE-2007-5332",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5332"
}
],
"initial_release_date": "2007-10-12T00:00:00",
"last_revision_date": "2007-10-12T00:00:00",
"links": [],
"reference": "CERTA-2007-AVI-437",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent, \u00e0 distance, d\u0027ex\u00e9cuter du code arbitraire, de\nr\u00e9aliser un d\u00e9ni de service ou de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 11 octobre 2007",
"url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"
}
]
}
CERTA-2007-AVI-212
Vulnerability from certfr_avis
Une vulnérabilité dans la gestion des archives au format zoo permet à un utilisateur malveillant de réaliser un déni de service à distance.
Description
Une vulnérabilité dans la gestion des archives au format zoo peut conduire à une boucle infinie et la consommation de toute la ressource processeur. Elle permet à un utilisateur malveillant de réaliser un déni de service à distance.
Solution
Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
Pour Avast!, migrer en version 4.7.981 ou ultérieure.
Pour Avira, migrer la bibliothèque avpack32.dll en version 7.3.0.6. La société annonce avoir corrigé la vulnérabilité de 22 mars 2007.
Pour Barracuda, migrer en firmware 3.4 ou ultérieur et en version de définition de virus 2.0.6399 ou ultérieure.
Pour Panda, la société annonce que la mise à jour corrigeant la vulnérabilité est automatique. Le correctif date du 02 avril 2007.
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avira Antivir ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Panda Antivirus Platinum 6.x et 7.x, Titanium, Entreprise Suite et Small Business Edition.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Avast! home/professionnal 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Barracuda Spam Firewall ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la gestion des archives au format zoo peut\nconduire \u00e0 une boucle infinie et la consommation de toute la ressource\nprocesseur. Elle permet \u00e0 un utilisateur malveillant de r\u00e9aliser un d\u00e9ni\nde service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nPour Avast!, migrer en version 4.7.981 ou ult\u00e9rieure.\n\nPour Avira, migrer la biblioth\u00e8que avpack32.dll en version 7.3.0.6. La\nsoci\u00e9t\u00e9 annonce avoir corrig\u00e9 la vuln\u00e9rabilit\u00e9 de 22 mars 2007.\n\nPour Barracuda, migrer en firmware 3.4 ou ult\u00e9rieur et en version de\nd\u00e9finition de virus 2.0.6399 ou ult\u00e9rieure.\n\nPour Panda, la soci\u00e9t\u00e9 annonce que la mise \u00e0 jour corrigeant la\nvuln\u00e9rabilit\u00e9 est automatique. Le correctif date du 02 avril 2007.\n",
"cves": [
{
"name": "CVE-2007-1671",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1671"
},
{
"name": "CVE-2007-1672",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1672"
},
{
"name": "CVE-2007-1669",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1669"
},
{
"name": "CVE-2007-1670",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1670"
}
],
"initial_release_date": "2007-05-09T00:00:00",
"last_revision_date": "2007-05-09T00:00:00",
"links": [
{
"title": "Bulletin de version Avast du 30 avril 2007 :",
"url": "http://www.avast.com/eng/avast-4-home_pro-revision-history.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Barracuda du 04 mai 2007 :",
"url": "http://www.barracudanetworks.com/ns/resources/tech_alert.php"
}
],
"reference": "CERTA-2007-AVI-212",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la gestion des archives au format zoo permet \u00e0 un\nutilisateur malveillant de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 de plusieurs produits de s\u00e9curit\u00e9",
"vendor_advisories": []
}
CERTA-2007-AVI-188
Vulnerability from certfr_avis
Deux vulnérabilités dans BrightStor ARCserve Backup permettent l'exécution de code arbitraire à distance.
Description
Deux vulnérabilités ont été découvertes dans BrightStor ARCserve Backup. Elles affectent le service RPC du fichier mediasvr.exe. Un utilisateur malintentionné peut, par le biais de paquets RPC spécifiquement conçus, exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | BrightStor ARCserve Backup v9.01 ; | ||
| Cisco | N/A | CA Server Protection Suite r2 ; | ||
| Cisco | N/A | BrightStor Enterprise Backup r10.5 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.5 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup r11 for Windows ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. | ||
| N/A | N/A | BrightStor ARCserve Backup r11.1 ; | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrightStor ARCserve Backup v9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup r10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11 for Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BrightStor ARCserve Backup.\nElles affectent le service RPC du fichier mediasvr.exe. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de paquets RPC sp\u00e9cifiquement con\u00e7us,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2139",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2139"
},
{
"name": "CVE-2007-1785",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1785"
}
],
"initial_release_date": "2007-04-25T00:00:00",
"last_revision_date": "2007-04-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 ZDI-07-022 du 24 avril 2007 :",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"
}
],
"reference": "CERTA-2007-AVI-188",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eBrightStor ARCserve\nBackup\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve Backup Media Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007",
"url": "http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"
}
]
}
CERTA-2007-AVI-133
Vulnerability from certfr_avis
Quatre vulnérabilités dans BrightStor ARCserve peuvent être exploitées par une personne malintentionnée distante afin d'effectuer un déni de service ou une exécution de code arbitraire.
Description
Quatre vulnérabilités ont été identifiées dans BrightStor ARCserve :
- un débordement de tampon possible dans le service Tape Engine qui permet l'exécution de code arbitraire ;
- une corruption de mémoire dans le traitement de procédures RPC par le service Tape Engine qui cause un déni de service et potentiellement l'exécution de code arbitraire ;
- un mauvais traitement de paramètres par le service catirpc.dll qui permet à un attaquant d'envoyer des requêtes malformées pour causer un déni de service ;
- une fonction RPC, pouvant être appelée par une personne malintentionnée distante, qui éteint le service Tape Engine.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | CA Server Protection Suite r2 ; | ||
| Cisco | N/A | BrightStor Enterprise Backup r10.5 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.5 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup r11 for Windows ; | ||
| N/A | N/A | BrightStor ARCserve Backup r9.01 ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2. | ||
| N/A | N/A | BrightStor ARCserve Backup r11.1 ; | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA Server Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup r10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11 for Windows ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2.",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nQuatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans BrightStor ARCserve :\n\n- un d\u00e9bordement de tampon possible dans le service Tape Engine qui\n permet l\u0027ex\u00e9cution de code arbitraire ;\n- une corruption de m\u00e9moire dans le traitement de proc\u00e9dures RPC par\n le service Tape Engine qui cause un d\u00e9ni de service et\n potentiellement l\u0027ex\u00e9cution de code arbitraire ;\n- un mauvais traitement de param\u00e8tres par le service catirpc.dll qui\n permet \u00e0 un attaquant d\u0027envoyer des requ\u00eates malform\u00e9es pour causer\n un d\u00e9ni de service ;\n- une fonction RPC, pouvant \u00eatre appel\u00e9e par une personne\n malintentionn\u00e9e distante, qui \u00e9teint le service Tape Engine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-6076",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-6076"
},
{
"name": "CVE-2007-0816",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0816"
},
{
"name": "CVE-2007-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1447"
},
{
"name": "CVE-2007-1448",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1448"
}
],
"initial_release_date": "2007-03-16T00:00:00",
"last_revision_date": "2007-03-16T00:00:00",
"links": [],
"reference": "CERTA-2007-AVI-133",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-03-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Quatre vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve peuvent \u00eatre exploit\u00e9es\npar une personne malintentionn\u00e9e distante afin d\u0027effectuer un d\u00e9ni de\nservice ou une ex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans BrightStor ARCserve",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de CA du 15 mars 2007",
"url": "http://supportconnecttw.ca.com/public/storage/infodocs/babtapeng-securitynotice.asp"
}
]
}
CERTA-2007-AVI-047
Vulnerability from certfr_avis
De multiples vulnérabilités dans les produits CA BrighStor ARCserve Backup for Laptops ans Desktops permettent d'exécuter du code arbitraire à distance ou de réaliser des dénis de service.
Description
Plusieurs vulnérabilités, non documentées, présentes dans les produits CA BrighStor ARCserve Backup for Laptops ans Desktops pour Microsoft Windows permettent à une personne distante malintentionnée d'exécuter du code arbitraire avec le niveau de privilège d'administration SYSTEM ou de réaliser des dénis de service par le biais de débordements de mémoire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | BrighStor Mobile Backup r4.0 ; | ||
| Cisco | N/A | CA Desktop Management Suite r11.0. | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ; | ||
| N/A | N/A | BrighStor ARCserve Backup for Laptops ans Desktops versions r11.1 et antérieures ; | ||
| Cisco | Small Business | CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ; | ||
| Cisco | N/A | CA Desktop Management Suite r11.1 ; | ||
| N/A | N/A | CA Desktop Protection Suite r2 ; | ||
| Cisco | N/A | CA Business Protection Suite r2 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrighStor Mobile Backup r4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "BrighStor ARCserve Backup for Laptops ans Desktops versions r11.1 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 ;",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Desktop Management Suite r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CA Desktop Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CA Business Protection Suite r2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s, non document\u00e9es, pr\u00e9sentes dans les produits\nCA BrighStor ARCserve Backup for Laptops ans Desktops pour Microsoft\nWindows permettent \u00e0 une personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du\ncode arbitraire avec le niveau de privil\u00e8ge d\u0027administration SYSTEM ou\nde r\u00e9aliser des d\u00e9nis de service par le biais de d\u00e9bordements de\nm\u00e9moire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2007-01-24T00:00:00",
"last_revision_date": "2007-01-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates du mardi 23 janvier 2007 :",
"url": "http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/babldimpsec-notice.asp"
}
],
"reference": "CERTA-2007-AVI-047",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans les produits CA BrighStor ARCserve\nBackup for Laptops ans Desktops permettent d\u0027ex\u00e9cuter du code arbitraire\n\u00e0 distance ou de r\u00e9aliser des d\u00e9nis de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits BrightStor ARCserve Backup",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 de Computer Associates du mardi 23 janvier 2007",
"url": null
}
]
}