Refine your search
7 vulnerabilities found for TelePresence VCS by Cisco
CERTFR-2022-AVI-885
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 14.2 | ||
| Cisco | N/A | Cisco Enterprise NFVIS versions antérieures à 4.9.1 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS versions antérieures à 14.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 14.2",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFVIS versions ant\u00e9rieures \u00e0 4.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS versions ant\u00e9rieures \u00e0 14.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-20853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20853"
},
{
"name": "CVE-2022-20814",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20814"
},
{
"name": "CVE-2022-20929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20929"
}
],
"initial_release_date": "2022-10-06T00:00:00",
"last_revision_date": "2022-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-885",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0\ndistance et une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-expressway-csrf-sqpsSfY6 du 05 octobre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-NFVIS-ISV-BQrvEv2h du 05 octobre 2022",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h"
}
]
}
CERTFR-2019-AVI-248
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | TelePresence VCS | TelePresence VCS configuré pour mobile et accès distant avec le service IM&P versions X8.1 à X12.5.2 | ||
| Cisco | N/A | Expressway configuré pour mobile et accès distant avec le service IM&P versions X8.1 à X12.5.2 | ||
| Cisco | N/A | Cisco Industrial Network Director versions antérieures à 1.6.0 | ||
| Cisco | Unified Communications Manager | Service Unified Communications Manager IM&P |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TelePresence VCS configur\u00e9 pour mobile et acc\u00e8s distant avec le service IM\u0026P versions X8.1 \u00e0 X12.5.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Expressway configur\u00e9 pour mobile et acc\u00e8s distant avec le service IM\u0026P versions X8.1 \u00e0 X12.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Network Director versions ant\u00e9rieures \u00e0 1.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Service Unified Communications Manager IM\u0026P",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1861"
},
{
"name": "CVE-2019-1845",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1845"
}
],
"initial_release_date": "2019-06-06T00:00:00",
"last_revision_date": "2019-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-248",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190605-cucm-imp-dos du 05 juin 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190605-ind-rce du 05 juin 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce"
}
]
}
CERTFR-2016-AVI-177
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco ASA versions 9.3x antérieures à 9.3(3.8) | ||
| Cisco | N/A | Cisco ASA versions antérieures à 9.1(7.6) | ||
| Cisco | N/A | Cisco ASA versions 9.5x antérieures à 9.5(2.6) | ||
| Cisco | IOS | Commutateurs Cisco Industrial Ethernet séries 4000 exécutant Cisco IOS versions antérieures à 15.2(2)EA3 et 15.2(4)EA1 | ||
| Cisco | N/A | Cisco ASA versions 9.2x antérieures à 9.2(4.8) | ||
| Cisco | N/A | Cisco Cloud Network Automation Provisioner versions 1.0 et 1.1 | ||
| Cisco | N/A | Cisco ASA versions 9.4x antérieures à 9.4(2.6) | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) versions antérieures à 1.2.0.899 patch 7 | ||
| Cisco | IOS | Commutateurs Cisco Industrial Ethernet séries 5000 exécutant Cisco IOS versions antérieures à 15.2(2)EB2 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS X8.x versions antérieures à X8.7.2 | ||
| Cisco | N/A | Cisco Unified Computing System (UCS) Central Software version 1.4(1a) | ||
| Cisco | N/A | Cisco AsyncOS versions antérieures à 9.0.1-162 pour Cisco WSA |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco ASA versions 9.3x ant\u00e9rieures \u00e0 9.3(3.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions ant\u00e9rieures \u00e0 9.1(7.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.5x ant\u00e9rieures \u00e0 9.5(2.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Industrial Ethernet s\u00e9ries 4000 ex\u00e9cutant Cisco IOS versions ant\u00e9rieures \u00e0 15.2(2)EA3 et 15.2(4)EA1",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.2x ant\u00e9rieures \u00e0 9.2(4.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Network Automation Provisioner versions 1.0 et 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA versions 9.4x ant\u00e9rieures \u00e0 9.4(2.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE) versions ant\u00e9rieures \u00e0 1.2.0.899 patch 7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Industrial Ethernet s\u00e9ries 5000 ex\u00e9cutant Cisco IOS versions ant\u00e9rieures \u00e0 15.2(2)EB2",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS X8.x versions ant\u00e9rieures \u00e0 X8.7.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Computing System (UCS) Central Software version 1.4(1a)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions ant\u00e9rieures \u00e0 9.0.1-162 pour Cisco WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1402",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1402"
},
{
"name": "CVE-2016-1393",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1393"
},
{
"name": "CVE-2016-1381",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1381"
},
{
"name": "CVE-2016-1400",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1400"
},
{
"name": "CVE-2016-1382",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1382"
},
{
"name": "CVE-2016-1399",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1399"
},
{
"name": "CVE-2016-1383",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1383"
},
{
"name": "CVE-2016-1379",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1379"
},
{
"name": "CVE-2016-1401",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1401"
},
{
"name": "CVE-2016-1385",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1385"
},
{
"name": "CVE-2016-1380",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1380"
}
],
"initial_release_date": "2016-05-19T00:00:00",
"last_revision_date": "2016-05-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-ucs du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160513-ies du 13 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-asa-xml du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa2 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160510-cnap du 10 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa4 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-asa-vpn du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa1 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160518-wsa3 du 18 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160517-ise du 17 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160516-vcs du 16 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs"
}
],
"reference": "CERTFR-2016-AVI-177",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160510-cnap du 10 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa4 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa2 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-asa-vpn du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160513-ies du 13 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-ise du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160516-vcs du 16 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa1 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-asa-xml du 17 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160518-wsa3 du 18 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160517-ucs du 17 mai 2016",
"url": null
}
]
}
CERTFR-2015-AVI-111
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | ASA 5525-X IPS SSP | ||
| Cisco | N/A | ASA 5585-X IPS SSP-10 | ||
| Cisco | N/A | ASA 5515-X IPS SSP | ||
| Cisco | N/A | IPS 4520-XL | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Expressway | ||
| Cisco | N/A | IPS 4510 | ||
| Cisco | N/A | Cisco Expressway Edge | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Starter Pack Expressway | ||
| Cisco | N/A | ASA 5555-X IPS SSP | ||
| Cisco | N/A | ASA 5545-X IPS SSP | ||
| Cisco | N/A | Cisco TelePresence Conductor | ||
| Cisco | N/A | ASA 5512-X IPS SSP | ||
| Cisco | N/A | IPS 4345 | ||
| Cisco | N/A | IPS 4360 | ||
| Cisco | N/A | ASA 5585-X IPS SSP-20 | ||
| Cisco | N/A | IPS 4520 | ||
| Cisco | N/A | IPS 4345-DC | ||
| Cisco | N/A | ASA 5585-X IPS SSP-60 | ||
| Cisco | N/A | Cisco Expressway Core | ||
| Cisco | N/A | ASA 5585-X IPS SSP-40 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Control |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASA 5525-X IPS SSP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5585-X IPS SSP-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5515-X IPS SSP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4520-XL",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Expressway",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4510",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Edge",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Starter Pack Expressway",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5555-X IPS SSP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5545-X IPS SSP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5512-X IPS SSP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4345",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4360",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5585-X IPS SSP-20",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4520",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IPS 4345-DC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5585-X IPS SSP-60",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ASA 5585-X IPS SSP-40",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Control",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-0654",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0654"
},
{
"name": "CVE-2015-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0652"
}
],
"initial_release_date": "2015-03-12T00:00:00",
"last_revision_date": "2015-03-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150311-ips du 11 mars 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-ips"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150311-vcs du 11 mars 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs"
}
],
"reference": "CERTFR-2015-AVI-111",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150311-vcs du 11 mars 2015",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20150311-ips du 11 mars 2015",
"url": null
}
]
}
CERTFR-2014-AVI-433
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco TelePresence MCU 4200 Series avec une version antérieure à 4.3(2.30) | ||
| Cisco | N/A | Cisco TelePresence MCU MSE 8420 avec une version antérieure à 4.3(2.30) | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Control avec une version antérieure à X8.2 | ||
| Cisco | N/A | Cisco Expressway Edge avec une version antérieure à X8.2 | ||
| Cisco | N/A | Cisco TelePresence MCU 4500 Series avec une version antérieure à 4.3(2.30) | ||
| Cisco | N/A | Cisco Expressway Core avec une version antérieure à X8.2 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Starter Pack Expressway avec une version antérieure à X8.2 | ||
| Cisco | TelePresence VCS | Cisco TelePresence VCS Expressway avec une version antérieure à X8.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco TelePresence MCU 4200 Series avec une version ant\u00e9rieure \u00e0 4.3(2.30)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MCU MSE 8420 avec une version ant\u00e9rieure \u00e0 4.3(2.30)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Control avec une version ant\u00e9rieure \u00e0 X8.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Edge avec une version ant\u00e9rieure \u00e0 X8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MCU 4500 Series avec une version ant\u00e9rieure \u00e0 4.3(2.30)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Core avec une version ant\u00e9rieure \u00e0 X8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Starter Pack Expressway avec une version ant\u00e9rieure \u00e0 X8.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence VCS Expressway avec une version ant\u00e9rieure \u00e0 X8.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3368",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3368"
},
{
"name": "CVE-2014-3369",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3369"
},
{
"name": "CVE-2014-3397",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3397"
},
{
"name": "CVE-2014-3370",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3370"
}
],
"initial_release_date": "2014-10-16T00:00:00",
"last_revision_date": "2014-10-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20141015-mcu du 15 octobre 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20141015-vcs du 15 octobre 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs"
}
],
"reference": "CERTFR-2014-AVI-433",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20141015-mcu du 15 octobre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20141015-vcs du 15 octobre 2014",
"url": null
}
]
}
CERTFR-2014-AVI-040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco TelePresence. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | TelePresence VCS | Cisco TelePresence VCS versions antérieures à X8.1 | ||
| Cisco | N/A | Cisco TelePresence ISDN Gateway versions antérieures à 2.2 | ||
| Cisco | N/A | Cisco TelePresence System 500-32 | ||
| Cisco | N/A | Cisco TelePresence System TX9000 | ||
| Cisco | N/A | Cisco TelePresence System 500-37 | ||
| Cisco | N/A | Cisco TelePresence System 1300-65 | ||
| Cisco | N/A | Cisco TelePresence System TX1300 47 | ||
| Cisco | N/A | Cisco TelePresence System 3000 | ||
| Cisco | N/A | Cisco TelePresence System 3010 | ||
| Cisco | N/A | Cisco TelePresence System TX9200 | ||
| Cisco | N/A | Cisco TelePresence System 1100 | ||
| Cisco | N/A | Cisco TelePresence System 3210 | ||
| Cisco | N/A | Cisco TelePresence System 3200 | ||
| Cisco | N/A | Cisco TelePresence System TX1310 65 | ||
| Cisco | N/A | Cisco TelePresence System 1000 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco TelePresence VCS versions ant\u00e9rieures \u00e0 X8.1",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence ISDN Gateway versions ant\u00e9rieures \u00e0 2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 500-32",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System TX9000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 500-37",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 1300-65",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System TX1300 47",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 3000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 3010",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System TX9200",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 1100",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 3210",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 3200",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System TX1310 65",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence System 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0662",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0662"
},
{
"name": "CVE-2014-0660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0660"
},
{
"name": "CVE-2014-0661",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0661"
}
],
"initial_release_date": "2014-01-23T00:00:00",
"last_revision_date": "2014-01-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-vcs du 22 janvier 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-cts du 22 janvier 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-isdngw du 22 janvier 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw"
}
],
"reference": "CERTFR-2014-AVI-040",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco TelePresence\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco TelePresence",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-cts du 22 janvier 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-vcs du 22 janvier 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140122-isdngw du 22 janvier 2014",
"url": null
}
]
}
CERTA-2011-AVI-488
Vulnerability from certfr_avis
Une vulnérabilité dans Cisco NX-OS peut être utilisée pour réaliser un déni de service à distance.
Description
Une vulnérabilitié a été corrigée dans Cisco NX-OS. Cette vulnérabilité affecte le serveur httpd Apache. Elle peut être utilisée à l'aide de requêtes HTTP spécialement conçues (utilisation de l'entête range avec des intervalles se chevauchant) pour provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | TelePresence VCS | Cisco TelePresence Video Communication Server (Cisco TelePresence VCS) ; | ||
| Cisco | N/A | Cisco Quad ; | ||
| Cisco | N/A | CiscoWorks LAN Management Solution. | ||
| Cisco | N/A | Cisco Mobility Services Engine ; | ||
| Cisco | N/A | Cisco Wireless Control System (WCS) ; | ||
| Cisco | N/A | Cisco Wild Area Application Services (WAAS) Software ; | ||
| Cisco | NX-OS | Cisco MDS 9000 NX-OS versions antérieures à la 4.2 ; | ||
| Cisco | N/A | Cisco Video Surveillance Manager (VSM) ; | ||
| Cisco | N/A | Cisco Network Collector ; | ||
| Cisco | N/A | CiscoWorks Common Services ; | ||
| Cisco | N/A | Cisco SAN-OS 3.x ; | ||
| Cisco | NX-OS | Cisco NX-OS Software pour Cisco Nexus 7000 Series Switches versions antérieures à la 5.1 ; | ||
| Cisco | N/A | Cisco Video Surveillance Operations Manager (VSOM) ; | ||
| Cisco | N/A | Tous les systèmes Cisco CTS TelePresence ; | ||
| Cisco | N/A | Management Center for Cisco Security Agent ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco TelePresence Video Communication Server (Cisco TelePresence VCS) ;",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quad ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CiscoWorks LAN Management Solution.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Services Engine ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless Control System (WCS) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wild Area Application Services (WAAS) Software ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MDS 9000 NX-OS versions ant\u00e9rieures \u00e0 la 4.2 ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Manager (VSM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Collector ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "CiscoWorks Common Services ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SAN-OS 3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NX-OS Software pour Cisco Nexus 7000 Series Switches versions ant\u00e9rieures \u00e0 la 5.1 ;",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Operations Manager (VSOM) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Tous les syst\u00e8mes Cisco CTS TelePresence ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Management Center for Cisco Security Agent ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabiliti\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Cisco NX-OS. Cette vuln\u00e9rabilit\u00e9\naffecte le serveur httpd Apache. Elle peut \u00eatre utilis\u00e9e \u00e0 l\u0027aide de\nrequ\u00eates HTTP sp\u00e9cialement con\u00e7ues (utilisation de l\u0027ent\u00eate range avec\ndes intervalles se chevauchant) pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
}
],
"initial_release_date": "2011-09-01T00:00:00",
"last_revision_date": "2011-09-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110830-apache du 30 ao\u00fbt 2011 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml"
}
],
"reference": "CERTA-2011-AVI-488",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-01T00:00:00.000000"
},
{
"description": "modification du titre et ajout de syst\u00e8mes vuln\u00e9rables.",
"revision_date": "2011-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Cisco NX-OS peut \u00eatre utilis\u00e9e pour r\u00e9aliser un\nd\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20110830-apache",
"url": null
}
]
}