Refine your search
7 vulnerabilities found for Unified Communications by Cisco
CERTFR-2024-AVI-0068
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Unified Communications. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications | Virtualized Voice Browser (VVB) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
| Cisco | Unified Communications | Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
| Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
| Cisco | Unified Communications | Unified Contact Center Express (UCCX) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
| Cisco | Unified Communications | Unity Connection versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 | ||
| Cisco | Unified Communications | Unity Connection versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Virtualized Voice Browser (VVB) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCX) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20253"
}
],
"initial_release_date": "2024-01-25T00:00:00",
"last_revision_date": "2024-01-25T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0068",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Unified Communications.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-rce-bWNzQcUm du 24 janvier 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
]
}
CERTFR-2018-AVI-393
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco AsyncOS versions 9.1, 10.1, 10.5 et 11.0 pour Cisco Web Security Appliances | ||
| Cisco | Unified Communications | Cisco TelePresence Video Communication Server (VCS) et Expressway avec le mode Unified Communications défini à Mobile and Remote Access | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco AsyncOS versions 9.1, 10.1, 10.5 et 11.0 pour Cisco Web Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) et Expressway avec le mode Unified Communications d\u00e9fini \u00e0 Mobile and Remote Access",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0410"
},
{
"name": "CVE-2018-0409",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0409"
}
],
"initial_release_date": "2018-08-16T00:00:00",
"last_revision_date": "2018-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-393",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180815-wsa-dos du 15 ao\u00fbt 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180815-ucmimps-dos du 15 ao\u00fbt 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos"
}
]
}
CERTFR-2018-AVI-098
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Elastic Services Controller versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Customer Voice Portal versions ant\u00e9rieures \u00e0 11.6(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Domain Manager versions ant\u00e9rieures \u00e0 11.5(2)",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0139"
},
{
"name": "CVE-2018-0121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0121"
},
{
"name": "CVE-2018-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0130"
},
{
"name": "CVE-2018-0124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0124"
}
],
"initial_release_date": "2018-02-22T00:00:00",
"last_revision_date": "2018-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-098",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco\n. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180221-esc1 du 21 f\u00e9vrier 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180221-ucdm du 21 f\u00e9vrier 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180221-esc du 21 f\u00e9vrier 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180221-cvp du 21 f\u00e9vrier 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cvp"
}
]
}
CERTFR-2016-AVI-111
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Appliances Sourcefire 3D System | ||
| Cisco | N/A | Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware | ||
| Cisco | N/A | Cisco Appliances FirePOWER séries 8000 | ||
| Cisco | N/A | Snort versions antérieures à 2.9.8.2 | ||
| Cisco | Firepower Threat Defense | Cisco FirePOWER Threat Defense pour routeurs supportant le modèle IntServ (ISRs) | ||
| Cisco | N/A | Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series | ||
| Cisco | N/A | Dans les produits sus-cités, sont vulnérables ceux qui exécutent Cisco Firepower System Software, versions antérieures à 5.4.0.7, 5.4.1.6, ou 6.0.1 | ||
| Cisco | N/A | Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 8000 | ||
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) séries 5500-X avec les services FirePOWER | ||
| Cisco | Unified Communications | Cisco Unified Communications Domain Manager version 8.1(1) | ||
| Cisco | N/A | Cisco Appliances FirePOWER séries 7000 | ||
| Cisco | N/A | Cisco Advanced Malware Protection (AMP) pour réseaux, Appliances séries 7000 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Appliances Sourcefire 3D System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Next-Generation Intrusion Prevention System (NGIPSv) pour VMware",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Appliances FirePOWER s\u00e9ries 8000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Snort versions ant\u00e9rieures \u00e0 2.9.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER Threat Defense pour routeurs supportant le mod\u00e8le IntServ (ISRs)",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Next Generation Intrusion Prevention System (NGIPS) pour Blue Coat X-Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Dans les produits sus-cit\u00e9s, sont vuln\u00e9rables ceux qui ex\u00e9cutent Cisco Firepower System Software, versions ant\u00e9rieures \u00e0 5.4.0.7, 5.4.1.6, ou 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 8000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Appliance (ASA) s\u00e9ries 5500-X avec les services FirePOWER",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Domain Manager version 8.1(1)",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Appliances FirePOWER s\u00e9ries 7000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Advanced Malware Protection (AMP) pour r\u00e9seaux, Appliances s\u00e9ries 7000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1314"
},
{
"name": "CVE-2016-1345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1345"
}
],
"initial_release_date": "2016-03-31T00:00:00",
"last_revision_date": "2016-03-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160330-fp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160328-ucdm"
}
],
"reference": "CERTFR-2016-AVI-111",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160328-ucdm du 28 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160330-fp du 30 mars 2016",
"url": null
}
]
}
CERTFR-2016-AVI-080
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | NX-OS | Commutateurs Cisco Nexus séries 5500, 5600 et 6000 exécutant les versions de Cisco NX-OS 7.1 antérieures à 7.1(2)N1(1) | ||
| Cisco | N/A | Cisco Prime Infrastructure version 3.0 | ||
| Cisco | N/A | Cisco FireSIGHT System Software version 6.1.0 | ||
| Cisco | N/A | Commutateurs Cisco Nexus séries 1000V, 3000, 4000, 5000, 6000 et 7000 | ||
| Cisco | N/A | Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0 | ||
| Cisco | Unified Communications | Cisco Unified Communications Domain Manager versions 8.x antérieures à 8.1.1 | ||
| Cisco | N/A | Voir le site du constructeur pour la liste des systèmes potentiellement affectés par les vulnérabilités concernant OpenSSL (lien fourni dans la section Documentation) | ||
| Cisco | N/A | Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0) | ||
| Cisco | N/A | Cisco Web Security Appliance (WSA) exécutant les versions d'AsyncOS antérieures à 8.5.3-051 et 9.0.0-485. |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 5500, 5600 et 6000 ex\u00e9cutant les versions de Cisco NX-OS 7.1 ant\u00e9rieures \u00e0 7.1(2)N1(1)",
"product": {
"name": "NX-OS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Infrastructure version 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software version 6.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 1000V, 3000, 4000, 5000, 6000 et 7000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, et 7.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Domain Manager versions 8.x ant\u00e9rieures \u00e0 8.1.1",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Voir le site du constructeur pour la liste des syst\u00e8mes potentiellement affect\u00e9s par les vuln\u00e9rabilit\u00e9s concernant OpenSSL (lien fourni dans la section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco VDS-IS versions 3.3(0), 3.3(1), 4.0(0), et 4.1(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Web Security Appliance (WSA) ex\u00e9cutant les versions d\u0027AsyncOS ant\u00e9rieures \u00e0 8.5.3-051 et 9.0.0-485.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2016-1356",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1356"
},
{
"name": "CVE-2016-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1354"
},
{
"name": "CVE-2016-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
},
{
"name": "CVE-2015-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0718"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2016-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
},
{
"name": "CVE-2016-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1353"
},
{
"name": "CVE-2015-6260",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6260"
},
{
"name": "CVE-2016-1355",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1355"
},
{
"name": "CVE-2016-1288",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1288"
},
{
"name": "CVE-2016-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
},
{
"name": "CVE-2016-1359",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1359"
},
{
"name": "CVE-2016-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2016-1357",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1357"
}
],
"initial_release_date": "2016-03-03T00:00:00",
"last_revision_date": "2016-03-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-wsa"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cucdm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-psc du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-psc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-FireSIGHT"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160226-vds-is"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi1"
}
],
"reference": "CERTFR-2016-AVI-080",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-n5ksnmp du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-openssl du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cucdm du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160226-vds-is du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-wsa du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-netstack du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-psc du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-FireSIGHT1 du 02 mars 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160302-cpi1 du 02 mars 2016",
"url": null
}
]
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"initial_release_date": "2016-02-02T00:00:00",
"last_revision_date": "2016-02-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2014-AVI-295
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Domain Manager. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications | Cisco Unified CDM Application Software versions antérieures à 10 | ||
| Cisco | Unified Communications | Cisco Unified CDM Platform Software versions antérieures à 4.4.2 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified CDM Application Software versions ant\u00e9rieures \u00e0 10",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CDM Platform Software versions ant\u00e9rieures \u00e0 4.4.2",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3300",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3300"
},
{
"name": "CVE-2014-2198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2198"
},
{
"name": "CVE-2014-2197",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2197"
}
],
"initial_release_date": "2014-07-03T00:00:00",
"last_revision_date": "2014-07-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02 juillet 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm"
}
],
"reference": "CERTFR-2014-AVI-295",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Domain Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Domain Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20140702-cucdm du 02 juillet 2014",
"url": null
}
]
}