Refine your search
5 vulnerabilities found for Smart Software Manager by Cisco
CERTFR-2024-AVI-0602
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les correctifs de sécurité pour la vulnérabilité CVE-2024-20435 affectant Secure Web Appliance seront publiés en juillet (14.5.3 MR) et août (15.0 MR) 2024. Les correctifs pour la vulnérabilité CVE-2024-20296 affectant ISE seront publiés en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est déjà disponible.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.0.x antérieures à 15.0 MR | ||
| Cisco | Secure Email Gateway | Secure Email Gateway avec une version de paquet de Content Scanner Tools antérieure à 23.3.0.4823 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions antérieures à 3.1P10 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions 15.1.x | ||
| Cisco | Intelligent Node Software | iNode Software versions antérieures à 4.0.0 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P7 | ||
| Cisco | Identity Services Engine | Identity Services Engine (ISE) versions 3.3.x antérieures à 3.3P3 | ||
| Cisco | Intelligent Node Software | iNode Manager Software versions antérieures à 24.1 | ||
| Cisco | Smart Software Manager | Smart Software Manager (SSM) On-Prem verions 8.x antérieures à 8-202212 | ||
| Cisco | Secure Web Appliance | Secure Web Appliance avec AsyncOS versions antérieures à 14.5.3 MR |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Secure Web Appliance avec AsyncOS versions 15.0.x ant\u00e9rieures \u00e0 15.0 MR ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Email Gateway avec une version de paquet de Content Scanner Tools ant\u00e9rieure \u00e0 23.3.0.4823",
"product": {
"name": "Secure Email Gateway",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 3.1P10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions 15.1.x ",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Software versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.2.x ant\u00e9rieures \u00e0 3.2P7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Identity Services Engine (ISE) versions 3.3.x ant\u00e9rieures \u00e0 3.3P3",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "iNode Manager Software versions ant\u00e9rieures \u00e0 24.1",
"product": {
"name": "Intelligent Node Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Smart Software Manager (SSM) On-Prem verions 8.x ant\u00e9rieures \u00e0 8-202212",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Secure Web Appliance avec AsyncOS versions ant\u00e9rieures \u00e0 14.5.3 MR",
"product": {
"name": "Secure Web Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-20435 affectant Secure Web Appliance seront publi\u00e9s en juillet (14.5.3 MR) et ao\u00fbt (15.0 MR) 2024. Les correctifs pour la vuln\u00e9rabilit\u00e9 CVE-2024-20296 affectant ISE seront publi\u00e9s en septembre 2024 (3.2P7) et janvier 2025 (3.1P10), la version 3.3P3 est d\u00e9j\u00e0 disponible.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20435",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20435"
},
{
"name": "CVE-2024-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20401"
},
{
"name": "CVE-2024-20419",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20419"
},
{
"name": "CVE-2024-20323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20323"
},
{
"name": "CVE-2024-20296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20296"
}
],
"initial_release_date": "2024-07-18T00:00:00",
"last_revision_date": "2024-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0602",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-esa-afw-bGG2UsjH",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-inode-static-key-VUVCeynn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-inode-static-key-VUVCeynn"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-swa-priv-esc-7uHpZsCC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ise-file-upload-krW2TxA9",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-krW2TxA9"
},
{
"published_at": "2024-07-17",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-auth-sLw3uhUy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy"
}
]
}
CERTFR-2021-AVI-108
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
L'éditeur indique les dates de mises à disposition des versions corrigeant cette vulnérabilité dans son bulletin de sécurité, il est donc nécessaire de surveiller leurs publications pour chaque produit affecté (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Cisco Nexus 9000 Series Switches in standalone NX-OS mode | ||
| Cisco | N/A | Cisco Ultra Cloud | ||
| Cisco | N/A | Cisco Nexus 3000 Series Switches | ||
| Cisco | N/A | Cisco Prime Service Catalog Virtual Appliance | ||
| Cisco | N/A | Cisco Smart Net Total Care - On-Premises | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager On-Prem | ||
| Cisco | N/A | Cisco Elastic Services Controller (ESC) | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning | ||
| Cisco | N/A | Cisco Common Services Platform Collector | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Paging Server (InformaCast) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Nexus 9000 Series Switches in standalone NX-OS mode",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Ultra Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 3000 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Service Catalog Virtual Appliance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Net Total Care - On-Premises",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager On-Prem",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Elastic Services Controller (ESC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Common Services Platform Collector",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Paging Server (InformaCast)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nL\u0027\u00e9diteur indique les dates de mises \u00e0 disposition des versions\ncorrigeant cette vuln\u00e9rabilit\u00e9 dans son bulletin de s\u00e9curit\u00e9, il est\ndonc n\u00e9cessaire de surveiller leurs publications pour chaque produit\naffect\u00e9 (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
}
],
"initial_release_date": "2021-02-11T00:00:00",
"last_revision_date": "2021-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-108",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet\n\u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sudo-privesc-jan2021-qnYQfcM du 29 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
}
]
}
CERTFR-2021-AVI-052
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS XE | IOS XE SD-WAN Software versions antérieures à 16.12.4 | ||
| Cisco | N/A | Cisco DNA Center Software versions antérieures à 2.1.2.0 | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager Satellite versions 5.1.0 et antérieures | ||
| Cisco | IOS XE | IOS XE Software versions 17.4.x antérieures à 17.3.1 | ||
| Cisco | N/A | SD-WAN Software versions antérieures à 20.3.2 | ||
| Cisco | N/A | Cisco AMP for Endpoints pour Windows versions antérieures à 7.3.3 | ||
| Cisco | IOS XE | IOS XE Software versions 17.2.x antérieures à 17.2.2 | ||
| Cisco | N/A | Immunet pour Windows versions antérieures à 7.3.12 | ||
| Cisco | N/A | SD-WAN Software versions 20.4.x antérieures à 20.4.1 | ||
| Cisco | IOS XE | IOS XE Software versions 17.4.x antérieures à 17.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IOS XE SD-WAN Software versions ant\u00e9rieures \u00e0 16.12.4",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DNA Center Software versions ant\u00e9rieures \u00e0 2.1.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager Satellite versions 5.1.0 et ant\u00e9rieures",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.4.x ant\u00e9rieures \u00e0 17.3.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SD-WAN Software versions ant\u00e9rieures \u00e0 20.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AMP for Endpoints pour Windows versions ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.2.x ant\u00e9rieures \u00e0 17.2.2",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Immunet pour Windows versions ant\u00e9rieures \u00e0 7.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SD-WAN Software versions 20.4.x ant\u00e9rieures \u00e0 20.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE Software versions 17.4.x ant\u00e9rieures \u00e0 17.4.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1305"
},
{
"name": "CVE-2021-1241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1241"
},
{
"name": "CVE-2021-1260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1260"
},
{
"name": "CVE-2021-1277",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1277"
},
{
"name": "CVE-2021-1274",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1274"
},
{
"name": "CVE-2021-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1247"
},
{
"name": "CVE-2021-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1302"
},
{
"name": "CVE-2021-1262",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1262"
},
{
"name": "CVE-2021-1139",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1139"
},
{
"name": "CVE-2021-1219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1219"
},
{
"name": "CVE-2021-1142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1142"
},
{
"name": "CVE-2021-1248",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1248"
},
{
"name": "CVE-2021-1276",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1276"
},
{
"name": "CVE-2021-1140",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1140"
},
{
"name": "CVE-2021-1280",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1280"
},
{
"name": "CVE-2021-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1299"
},
{
"name": "CVE-2021-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1300"
},
{
"name": "CVE-2021-1138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1138"
},
{
"name": "CVE-2021-1278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1278"
},
{
"name": "CVE-2021-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1304"
},
{
"name": "CVE-2021-1141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1141"
},
{
"name": "CVE-2021-1263",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1263"
},
{
"name": "CVE-2021-1261",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1261"
},
{
"name": "CVE-2021-1279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1279"
},
{
"name": "CVE-2021-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1301"
},
{
"name": "CVE-2021-1273",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1273"
},
{
"name": "CVE-2021-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1298"
}
],
"initial_release_date": "2021-01-21T00:00:00",
"last_revision_date": "2021-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-sql-inj-OAQOObP du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-abyp-TnGFHrS du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-dcnm-cert-check-BdZZV9T3 du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-sc-Jd42D4Tq du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-bufovulns-B5NrSHbj du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-dosmulti-48jJuEUP du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-amp-imm-dll-5PAZ3hRV du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cssm-multici-pgG5WM5A du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-cmdinjm-9QMSmgcn du 20 janvier 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn"
}
]
}
CERTFR-2020-AVI-104
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Smart Software Manager On-Prem. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Smart Software Manager | Versions de Cisco Smart Software Manager On-Prem antérieures à 7-202001 si la fonctionnalité High Availability (HA) est activée (désactivée par défaut) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions de Cisco Smart Software Manager On-Prem ant\u00e9rieures \u00e0 7-202001 si la fonctionnalit\u00e9 High Availability (HA) est activ\u00e9e (d\u00e9sactiv\u00e9e par d\u00e9faut)",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3158",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3158"
}
],
"initial_release_date": "2020-02-20T00:00:00",
"last_revision_date": "2020-02-20T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-104",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Smart Software Manager\nOn-Prem. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Smart Software Manager On-Prem",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco du 20 f\u00e9vrier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8"
}
]
}
CERTFR-2020-AVI-055
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.4.x antérieures à 6.4.0.7 | ||
| Cisco | N/A | Cisco TC versions 7.x (CSCvs67675) antérieures à 7.3.20 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.3.x antérieures à 6.3.0.6 (correctif disponible en mai 2020) | ||
| Cisco | IOS XE | Cisco IOS XE SD-WAN versions antérieures à 16.12.1 | ||
| Cisco | N/A | Cisco CE versions 9.x (CSCvs45241, CSCvs67680) antérieures à 9.8.3 | ||
| Cisco | Smart Software Manager | Cisco Smart Software Manager On-Prem versions antérieures à 7-201910 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions antérieures à 6.2.3.16 (correctif disponible en février 2020) | ||
| Cisco | IOS XR | Cisco IOS XR (se référer au bulletin de l'éditeur pour la liste des correctifs disponibles, cf. section Documentation) | ||
| Cisco | N/A | Cisco CE versions 9.10.x (CSCvs45241, CSCvs67680) antérieures à 9.10.0 | ||
| Cisco | N/A | Cisco CE versions 9.9.x (CSCvs45241, CSCvs67680) antérieures à 9.9.2 | ||
| Cisco | N/A | Cisco CE versions 8.x (CSCvs45241, CSCvs67680) antérieures à 8.3.8 | ||
| Cisco | N/A | Cisco SD-WAN Solution vManage versions antérieures à 18.4.302 | ||
| Cisco | N/A | Cisco Firepower Management Center (FMC) versions 6.5.x antérieures à 6.5.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Management Center (FMC) versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TC versions 7.x (CSCvs67675) ant\u00e9rieures \u00e0 7.3.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6 (correctif disponible en mai 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE SD-WAN versions ant\u00e9rieures \u00e0 16.12.1",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Smart Software Manager On-Prem versions ant\u00e9rieures \u00e0 7-201910",
"product": {
"name": "Smart Software Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions ant\u00e9rieures \u00e0 6.2.3.16 (correctif disponible en f\u00e9vrier 2020)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR (se r\u00e9f\u00e9rer au bulletin de l\u0027\u00e9diteur pour la liste des correctifs disponibles, cf. section Documentation)",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.10.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 9.9.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 9.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CE versions 8.x (CSCvs45241, CSCvs67680) ant\u00e9rieures \u00e0 8.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN Solution vManage versions ant\u00e9rieures \u00e0 18.4.302",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center (FMC) versions 6.5.x ant\u00e9rieures \u00e0 6.5.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-16027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16027"
},
{
"name": "CVE-2019-16028",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16028"
},
{
"name": "CVE-2019-16019",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16019"
},
{
"name": "CVE-2019-16029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16029"
},
{
"name": "CVE-2019-1950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1950"
},
{
"name": "CVE-2020-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3115"
},
{
"name": "CVE-2019-16022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16022"
},
{
"name": "CVE-2019-16018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16018"
},
{
"name": "CVE-2019-16020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16020"
},
{
"name": "CVE-2019-16021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16021"
},
{
"name": "CVE-2020-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3143"
},
{
"name": "CVE-2019-16023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16023"
}
],
"initial_release_date": "2020-01-23T00:00:00",
"last_revision_date": "2020-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-telepresence-path-tr-wdrnYEZZ du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-fmc-auth du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-evpn du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-cred-EVGSF259 du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-routes du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-sdwan-priv-esc du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-on-prem-dos du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20200122-ios-xr-dos du 22 janvier 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos"
}
]
}