Refine your search
44 vulnerabilities found for Unified Communications Manager by Cisco
CERTFR-2025-AVI-0553
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur précise que les produits affectés sont des versions limitées, nommées Engineering Special (ES), qui ont été distribuées uniquement par le centre d'assistance technique de Cisco.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager Session Management Edition | Unified Communications Manager Session Management Edition versions 15.0.1.x antérieures à 15SU3 ou sans le correctif de sécurité ciscocm.CSCwp27755_D0247-1.cop.sha512 | ||
| Cisco | Unified Communications Manager | Unified Communications Manager versions 15.0.1.x antérieures à 15SU3 ou sans le correctif de sécurité ciscocm.CSCwp27755_D0247-1.cop.sha512 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Unified Communications Manager Session Management Edition versions 15.0.1.x ant\u00e9rieures \u00e0 15SU3 ou sans le correctif de s\u00e9curit\u00e9 ciscocm.CSCwp27755_D0247-1.cop.sha512",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager versions 15.0.1.x ant\u00e9rieures \u00e0 15SU3 ou sans le correctif de s\u00e9curit\u00e9 ciscocm.CSCwp27755_D0247-1.cop.sha512",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que les produits affect\u00e9s sont des versions limit\u00e9es, nomm\u00e9es Engineering Special (ES), qui ont \u00e9t\u00e9 distribu\u00e9es uniquement par le centre d\u0027assistance technique de Cisco.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20309"
}
],
"initial_release_date": "2025-07-03T00:00:00",
"last_revision_date": "2025-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-ssh-m4UBdpE7",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7"
}
]
}
CERTFR-2024-AVI-0708
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified CM et Unified CM SME versions 15x antérieures à 15SU1 | ||
| Cisco | Unified Communications Manager | Cisco Unified CM et Unified CM SME versions 14x antérieures à 14SU4 | ||
| Cisco | Unified Communications Manager | Cisco Unified CM et Unified CM SME versions 12.5(1)x antérieures à 12.5(1)SU9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified CM et Unified CM SME versions 15x ant\u00e9rieures \u00e0 15SU1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions 14x ant\u00e9rieures \u00e0 14SU4",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions 12.5(1)x ant\u00e9rieures \u00e0 12.5(1)SU9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20375",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20375"
}
],
"initial_release_date": "2024-08-22T00:00:00",
"last_revision_date": "2024-08-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0708",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-dos-kkHq43We",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We"
}
]
}
CERTFR-2023-AVI-0443
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.3 sans le dernier correctif de sécurité | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.2 sans le dernier correctif de sécurité | ||
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.18.2.5 sans le dernier correctif de sécurité | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service version 12.5(1) sans le correctif de sécurité SU7 | ||
| Cisco | Firepower Threat Defense | Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.1 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Secure Client pour Windows versions 5.x antérieures à 5.0MR2 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service version 14SU sans le correctif de sécurité SU3 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Windows versions 4.x antérieures à 4.10MR7 | ||
| Cisco | N/A | Cisco Expressway Series and TelePresence VCS versions antérieures à 14.3.0 | ||
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.16.4 sans le dernier correctif de sécurité | ||
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.18.2 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.18.2.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 12.5(1) sans le correctif de s\u00e9curit\u00e9 SU7",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Threat Defense (FTD) pour Firepower 2100 Series version 7.2.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Secure Client pour Windows versions 5.x ant\u00e9rieures \u00e0 5.0MR2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 14SU sans le correctif de s\u00e9curit\u00e9 SU3",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Windows versions 4.x ant\u00e9rieures \u00e0 4.10MR7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series and TelePresence VCS versions ant\u00e9rieures \u00e0 14.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.16.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Appliance (ASA) pour Firepower 2100 Series version 9.18.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20108"
},
{
"name": "CVE-2023-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20006"
},
{
"name": "CVE-2023-20105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20105"
},
{
"name": "CVE-2023-20192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20192"
},
{
"name": "CVE-2023-20178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20178"
}
],
"initial_release_date": "2023-06-08T00:00:00",
"last_revision_date": "2023-06-08T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ac-csc-privesc-wx4U4Kw du 07 juin 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-asaftd-ssl-dos-uu7mV5p6 du 07 juin 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssl-dos-uu7mV5p6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-expressway-priv-esc-Ls2B9t7b du 07 juin 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-imp-dos-49GL7rzT du 07 juin 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
]
}
CERTFR-2023-AVI-0041
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Unified Communications Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 11.5.x et 12.5.x antérieures à 12.5(1)SU7 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 14.x antérieures à 14SU3 (correctif prévu pour mars 2023) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager versions 11.5.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU7",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 14.x ant\u00e9rieures \u00e0 14SU3 (correctif pr\u00e9vu pour mars 2023)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20010"
}
],
"initial_release_date": "2023-01-19T00:00:00",
"last_revision_date": "2023-01-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-sql-rpPczR8n du 18 janvier 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2023-20010",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20010"
}
],
"reference": "CERTFR-2023-AVI-0041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Unified Communications\nManager. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications Manager",
"vendor_advisories": []
}
CERTFR-2021-AVI-350
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco SD-WAN vEdge Cloud Routers versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE versions antérieures à 1.0.4.3 | ||
| Cisco | N/A | Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE versions antérieures à 1.1.3.2 | ||
| Cisco | N/A | Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 toutes versions (produit en fin de vie, ne recevra pas de correctif) | ||
| Cisco | N/A | Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 1 toutes versions (produit en fin de vie, ne recevra pas de correctif) | ||
| Cisco | N/A | Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN versions antérieures à 1.0.4.4 | ||
| Cisco | N/A | Cisco AnyConnect Secure Mobility Client pour Windows versions antérieures à 4.10.00093 | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions antérieures à 4.5.1 | ||
| Cisco | N/A | Cisco HyperFlex HX Software versions antérieures à 4.0(2e) ou 4.5(1b) 4.5(2a) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service versions antérieures à 11.5(1)SU9 | ||
| Cisco | N/A | Cisco SD-WAN vSmart Controller Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco SD-WAN vEdge Routers versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | IOS XE | IOS XE SD-WAN Software toutes versions | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service versions 12.x antérieures à 12.5(1)SU4 | ||
| Cisco | N/A | Cisco SD-WAN vBond Orchestrator Software versions antérieures à 20.4.1 ou 20.5.1 | ||
| Cisco | N/A | Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE versions antérieures à 1.1.3.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco SD-WAN vEdge Cloud Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE versions ant\u00e9rieures \u00e0 1.0.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN versions ant\u00e9rieures \u00e0 1.0.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect Secure Mobility Client pour Windows versions ant\u00e9rieures \u00e0 4.10.00093",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco HyperFlex HX Software versions ant\u00e9rieures \u00e0 4.0(2e) ou 4.5(1b) 4.5(2a)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vSmart Controller Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vEdge Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XE SD-WAN Software toutes versions",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vBond Orchestrator Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1430"
},
{
"name": "CVE-2021-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1428"
},
{
"name": "CVE-2021-1275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1275"
},
{
"name": "CVE-2021-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1468"
},
{
"name": "CVE-2021-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1365"
},
{
"name": "CVE-2021-1497",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1497"
},
{
"name": "CVE-2021-1426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1426"
},
{
"name": "CVE-2021-1510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1510"
},
{
"name": "CVE-2021-1508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1508"
},
{
"name": "CVE-2021-1513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1513"
},
{
"name": "CVE-2021-1401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1401"
},
{
"name": "CVE-2021-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1429"
},
{
"name": "CVE-2021-1505",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1505"
},
{
"name": "CVE-2021-1363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1363"
},
{
"name": "CVE-2021-1509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1509"
},
{
"name": "CVE-2021-1498",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1498"
},
{
"name": "CVE-2021-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1427"
},
{
"name": "CVE-2021-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1421"
},
{
"name": "CVE-2021-1284",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1284"
},
{
"name": "CVE-2021-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1511"
},
{
"name": "CVE-2021-1506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1506"
},
{
"name": "CVE-2021-1400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1400"
},
{
"name": "CVE-2021-1496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1496"
}
],
"initial_release_date": "2021-05-06T00:00:00",
"last_revision_date": "2021-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-06T00:00:00.000000"
},
{
"description": "Correction de la version 4.5 non vuln\u00e9rable d\u0027HyperFlex HX.",
"revision_date": "2021-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-code-exec-jR3tWTA6 du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdw-auth-bypass-65aYqcS2 du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb-wap-multi-ZAfKGXhF du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-vmanage-4TbynnhZ du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-dos-Ckn5cVqW du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-imp-inj-ereCOKjR du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-buffover-MWGucjtO du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-hyperflex-rce-TjjNrkpR du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nfvis-cmdinj-DkFjqg2j du 05 mai 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j"
}
]
}
CERTFR-2019-AVI-481
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Unity Connection, Unified Communications Manager versions 10.x versions antérieures à 10.5(2)SU9 | ||
| Cisco | N/A | Cisco ASA Software versions 9.7.x et 9.8.x versions antérieures à 9.8.4.10 | ||
| Cisco | N/A | Cisco Unity Connection, Unified Communications Manager, IM&P Service et SME versions 11.x versions antérieures à 11.5(1)SU6 | ||
| Cisco | N/A | Cisco FXOS Software versions antérieures a 2.3.1.155 | ||
| Cisco | N/A | Cisco ASA Software versions 9.9.x et 9.10.x versions antérieures à 9.10.1.30 | ||
| Cisco | N/A | Cisco Unity Connection, Unified Communications Manager et SME versions 12.0 versions antérieures à 12.0(1)SU3 | ||
| Cisco | N/A | Cisco ASA Software versions 9.6.x versions antérieures à 9.6.4.34 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM&P Service et SME et versions 10.x versions antérieures à 10.5(2)ES | ||
| Cisco | N/A | Cisco FTD et FMC Software versions antérieures à 6.4.0.4 | ||
| Cisco | N/A | Cisco ASA Software versions 9.12.x versions antérieures à 9.12.2.5 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM&P Service versions 12.0 versions antérieures à 12.5(1)SU1 | ||
| Cisco | N/A | Cisco FXOS Software versions 2.4.x et 2.6.x versions antérieures a 2.6.1.131 | ||
| Cisco | N/A | Cisco Unity Connection, Unified Communications Manager, IM&P Service et SME versions 12.5 versions antérieures à 12.5(1)SU1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection, Unified Communications Manager versions 10.x versions ant\u00e9rieures \u00e0 10.5(2)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Software versions 9.7.x et 9.8.x versions ant\u00e9rieures \u00e0 9.8.4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection, Unified Communications Manager, IM\u0026P Service et SME versions 11.x versions ant\u00e9rieures \u00e0 11.5(1)SU6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS Software versions ant\u00e9rieures a 2.3.1.155",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Software versions 9.9.x et 9.10.x versions ant\u00e9rieures \u00e0 9.10.1.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection, Unified Communications Manager et SME versions 12.0 versions ant\u00e9rieures \u00e0 12.0(1)SU3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Software versions 9.6.x versions ant\u00e9rieures \u00e0 9.6.4.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM\u0026P Service et SME et versions 10.x versions ant\u00e9rieures \u00e0 10.5(2)ES",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FTD et FMC Software versions ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Software versions 9.12.x versions ant\u00e9rieures \u00e0 9.12.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM\u0026P Service versions 12.0 versions ant\u00e9rieures \u00e0 12.5(1)SU1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FXOS Software versions 2.4.x et 2.6.x versions ant\u00e9rieures a 2.6.1.131",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection, Unified Communications Manager, IM\u0026P Service et SME versions 12.5 versions ant\u00e9rieures \u00e0 12.5(1)SU1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12679"
},
{
"name": "CVE-2019-12690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12690"
},
{
"name": "CVE-2019-12678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12678"
},
{
"name": "CVE-2019-12684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12684"
},
{
"name": "CVE-2019-12677",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12677"
},
{
"name": "CVE-2019-12674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12674"
},
{
"name": "CVE-2019-12687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12687"
},
{
"name": "CVE-2019-12689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12689"
},
{
"name": "CVE-2019-12680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12680"
},
{
"name": "CVE-2019-12700",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12700"
},
{
"name": "CVE-2019-12686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12686"
},
{
"name": "CVE-2019-12682",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12682"
},
{
"name": "CVE-2019-12673",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12673"
},
{
"name": "CVE-2019-1915",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1915"
},
{
"name": "CVE-2019-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12699"
},
{
"name": "CVE-2019-12685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12685"
},
{
"name": "CVE-2019-12675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12675"
},
{
"name": "CVE-2019-12676",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12676"
},
{
"name": "CVE-2019-15256",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15256"
},
{
"name": "CVE-2019-12683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12683"
},
{
"name": "CVE-2019-12688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12688"
},
{
"name": "CVE-2019-12681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12681"
}
],
"initial_release_date": "2019-10-03T00:00:00",
"last_revision_date": "2019-10-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-481",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-ftd-container-esc du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-asa-ssl-vpn-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-asa-ftd-ikev1-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-cucm-csrf du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-ftd-fpmc-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-fmc-rce du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-fmc-sql-inj du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-fxos-cmd-inject du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-asa-ftd-sip-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-fmc-rce-12689 du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-asa-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-asa-ospf-lsa-dos du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20191002-fmc-com-inj du 02 octobre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj"
}
]
}
CERTFR-2019-AVI-468
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IOS | Cisco IOS Gateways with Session Initiation Protocol (SIP) | ||
| Cisco | N/A | Cisco Business Edition 4000 (BE4K) | ||
| Cisco | N/A | Cisco Catalyst 4500 Supervisor Engine 6L-E | ||
| Cisco | N/A | Cisco Cloud Services Router (CSR) 1000V Series | ||
| Cisco | N/A | Cisco Enterprise Network Compute System (ENCS) | ||
| Cisco | N/A | Cisco TDM Gateways | ||
| Cisco | N/A | Cisco Catalyst 4948E-F Ethernet Switch | ||
| Cisco | N/A | Cisco Catalyst 4500 Supervisor Engine 6-E | ||
| Cisco | N/A | Cisco Unified Survivable Remote Site Telephony (SRST) | ||
| Cisco | N/A | Cisco Catalyst 4948E Ethernet Switch | ||
| Cisco | IOS XE | Cisco ASR 900 Series routers avec Cisco IOS XE version 16.9 configuré en tant que serveur Raw Socket TCP | ||
| Cisco | IOS | Cisco Industrial Ethernet 4000 Series Switches: Cisco IOS Software versions antérieures à 15.2(7)E | ||
| Cisco | N/A | Cisco 800 Series Industrial Integrated Services Routers et Cisco 1000 Series Connected Grid Routers (CGR 1000) | ||
| Cisco | N/A | Cisco Unified Border Element (CUBE) | ||
| Cisco | IOS XE | Cisco IOS et IOS XE (voir sur le site du constructeur pour les versions vulnérables) | ||
| Cisco | N/A | Cisco Catalyst 4900M Switch | ||
| Cisco | N/A | Cisco IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software versions antérieures à 1.1.1 | ||
| Cisco | N/A | Cisco CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware | ||
| Cisco | N/A | Cisco Integrated Services Virtual Router (ISRv) | ||
| Cisco | N/A | Cisco Catalyst 3850 et 9300 Series Switches | ||
| Cisco | N/A | Cisco 1100, 4200 et 4300 Integrated Services Routers (ISRs) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager Express (CME) | ||
| Cisco | N/A | Cisco 510 WPAN Industrial Router: Industrial Routers Operating System Software versions antérieures à 6.1.27 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS Gateways with Session Initiation Protocol (SIP)",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 4000 (BE4K)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4500 Supervisor Engine 6L-E",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Cloud Services Router (CSR) 1000V Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Network Compute System (ENCS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TDM Gateways",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4948E-F Ethernet Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4500 Supervisor Engine 6-E",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Survivable Remote Site Telephony (SRST)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4948E Ethernet Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASR 900 Series routers avec Cisco IOS XE version 16.9 configur\u00e9 en tant que serveur Raw Socket TCP",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Ethernet 4000 Series Switches: Cisco IOS Software versions ant\u00e9rieures \u00e0 15.2(7)E",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 800 Series Industrial Integrated Services Routers et Cisco 1000 Series Connected Grid Routers (CGR 1000)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Border Element (CUBE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et IOS XE (voir sur le site du constructeur pour les versions vuln\u00e9rables)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 4900M Switch",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IC3000 Industrial Compute Gateway: Industrial Compute Gateway Software versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CGR 1000 Compute Module: CGR 1000 IOx Compute Platform Firmware",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Integrated Services Virtual Router (ISRv)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Catalyst 3850 et 9300 Series Switches",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 1100, 4200 et 4300 Integrated Services Routers (ISRs)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Express (CME)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 510 WPAN Industrial Router: Industrial Routers Operating System Software versions ant\u00e9rieures \u00e0 6.1.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12656"
},
{
"name": "CVE-2019-12650",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12650"
},
{
"name": "CVE-2019-12648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12648"
},
{
"name": "CVE-2019-12657",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12657"
},
{
"name": "CVE-2019-12649",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12649"
},
{
"name": "CVE-2019-12651",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12651"
},
{
"name": "CVE-2019-12655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12655"
},
{
"name": "CVE-2019-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12653"
},
{
"name": "CVE-2019-12646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12646"
},
{
"name": "CVE-2019-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12652"
},
{
"name": "CVE-2019-12647",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12647"
},
{
"name": "CVE-2019-12658",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12658"
},
{
"name": "CVE-2019-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12654"
}
],
"initial_release_date": "2019-09-26T00:00:00",
"last_revision_date": "2019-09-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-468",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-identd-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-webui-cmd-injection du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iox du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-rawtcp-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-ios-gos-auth du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-cat4000-tcp-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iosxe-fsdos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-ftp du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-utd du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-iosxe-digsig-bypass du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-sip-dos du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190925-sip-alg du 25 septembre 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg"
}
]
}
CERTFR-2019-AVI-304
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 12.5(x) antérieures à 12.5(1)SU1 | ||
| Cisco | N/A | Cisco AsyncOS versions antérieures à 10.5.5-005 | ||
| Cisco | Jabber | Cisco Jabber pour Windows versions antérieures à 12.6(0) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions 12.0(x) antérieures à 12.0(1)SU3 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.7.x antérieures à 11.7.0-407 | ||
| Cisco | N/A | Cisco APIC versions antérieures à 4.1(2g) | ||
| Cisco | Small Business | Cisco Small Business 200, 300 et 500 Series Managed Switches versions antérieures à 1.4.10.6 | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switch versions antérieures à 14.1(2g) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions antérieures à 11.5 sans le correctif de sécurité ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager versions antérieures à 10.5(2) sans le correctif de sécurité ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn | ||
| Cisco | N/A | Cisco Enterprise NFV Infrastructure Software (NFVIS) versions antérieures à 3.10.1 | ||
| Cisco | N/A | Cisco AsyncOS versions 11.5.x antérieures à 11.5.2-020 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager versions 12.5(x) ant\u00e9rieures \u00e0 12.5(1)SU1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions ant\u00e9rieures \u00e0 10.5.5-005",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber pour Windows versions ant\u00e9rieures \u00e0 12.6(0)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 12.0(x) ant\u00e9rieures \u00e0 12.0(1)SU3",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.7.x ant\u00e9rieures \u00e0 11.7.0-407",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC versions ant\u00e9rieures \u00e0 4.1(2g)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business 200, 300 et 500 Series Managed Switches versions ant\u00e9rieures \u00e0 1.4.10.6",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switch versions ant\u00e9rieures \u00e0 14.1(2g)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions ant\u00e9rieures \u00e0 11.5 sans le correctif de s\u00e9curit\u00e9 ciscocm.V11-5-1-SU5-SU6_CSCvo70834_C0003-1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions ant\u00e9rieures \u00e0 10.5(2) sans le correctif de s\u00e9curit\u00e9 ciscocm.V10-5-2-SU7-SU8_CSCvo70834_C0003-1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 3.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS versions 11.5.x ant\u00e9rieures \u00e0 11.5.2-020",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1884"
},
{
"name": "CVE-2019-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1891"
},
{
"name": "CVE-2019-1893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1893"
},
{
"name": "CVE-2019-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1855"
},
{
"name": "CVE-2019-1892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1892"
},
{
"name": "CVE-2019-1894",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1894"
},
{
"name": "CVE-2019-1889",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1889"
},
{
"name": "CVE-2019-1887",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1887"
},
{
"name": "CVE-2019-1886",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1886"
},
{
"name": "CVE-2019-1890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1890"
}
],
"initial_release_date": "2019-07-04T00:00:00",
"last_revision_date": "2019-07-04T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-304",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-wsa-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-cucm-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-jabber-dll du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-jabber-dll"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-nfvis-file-readwrite du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-file-readwrite"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-ccapic-restapi du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-sbss-dos du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-n9kaci-bypass du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-sbss-memcorrupt du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-sbss-memcorrupt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-nfvis-commandinj du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-nfvis-commandinj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190703-asyncos-wsa du 03 juillet 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-asyncos-wsa"
}
]
}
CERTFR-2019-AVI-248
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | TelePresence VCS | TelePresence VCS configuré pour mobile et accès distant avec le service IM&P versions X8.1 à X12.5.2 | ||
| Cisco | N/A | Expressway configuré pour mobile et accès distant avec le service IM&P versions X8.1 à X12.5.2 | ||
| Cisco | N/A | Cisco Industrial Network Director versions antérieures à 1.6.0 | ||
| Cisco | Unified Communications Manager | Service Unified Communications Manager IM&P |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TelePresence VCS configur\u00e9 pour mobile et acc\u00e8s distant avec le service IM\u0026P versions X8.1 \u00e0 X12.5.2",
"product": {
"name": "TelePresence VCS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Expressway configur\u00e9 pour mobile et acc\u00e8s distant avec le service IM\u0026P versions X8.1 \u00e0 X12.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Industrial Network Director versions ant\u00e9rieures \u00e0 1.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Service Unified Communications Manager IM\u0026P",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1861"
},
{
"name": "CVE-2019-1845",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1845"
}
],
"initial_release_date": "2019-06-06T00:00:00",
"last_revision_date": "2019-06-06T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-248",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190605-cucm-imp-dos du 05 juin 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190605-ind-rce du 05 juin 2019",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce"
}
]
}
CERTFR-2018-AVI-393
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco AsyncOS versions 9.1, 10.1, 10.5 et 11.0 pour Cisco Web Security Appliances | ||
| Cisco | Unified Communications | Cisco TelePresence Video Communication Server (VCS) et Expressway avec le mode Unified Communications défini à Mobile and Remote Access | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco AsyncOS versions 9.1, 10.1, 10.5 et 11.0 pour Cisco Web Security Appliances",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) et Expressway avec le mode Unified Communications d\u00e9fini \u00e0 Mobile and Remote Access",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0410"
},
{
"name": "CVE-2018-0409",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0409"
}
],
"initial_release_date": "2018-08-16T00:00:00",
"last_revision_date": "2018-08-16T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-393",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-08-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180815-wsa-dos du 15 ao\u00fbt 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-wsa-dos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180815-ucmimps-dos du 15 ao\u00fbt 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-ucmimps-dos"
}
]
}
CERTFR-2018-AVI-270
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Prime Collaboration Assurance | ||
| Cisco | N/A | MediaSense | ||
| Cisco | N/A | Prime Collaboration Provisioning | ||
| Cisco | IOS XE | Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configurées pour utiliser l'authentification AAA | ||
| Cisco | N/A | Cisco Meeting Server (CMS) 2000 exécutant une version logicielle CMS antérieures à 2.2.13 ou 2.3.4. | ||
| Cisco | N/A | Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Emergency Responder | ||
| Cisco | N/A | Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Prime License Manager | ||
| Cisco | Unified Communications Manager | Unified Communications Manager (UCM) | ||
| Cisco | N/A | Virtualized Voice Browser | ||
| Cisco | Unified Communications Manager | Unified Communications Manager IM and Presence Service (IM&P) | ||
| Cisco | N/A | Cisco Network Services Orchestrator (NSO) versions 4.1 à 4.1.6.0, 4.2 à 4.2.4.0, 4.3 à 4.3.3.0 et 4.4 à 4.4.2.0 | ||
| Cisco | N/A | SocialMiner | ||
| Cisco | N/A | Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et antérieures | ||
| Cisco | IP Phone | Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version antérieure à 11.1(2) | ||
| Cisco | N/A | Unified Contact Center Express (UCCx) | ||
| Cisco | N/A | Finesse | ||
| Cisco | Unity Connection | Unity Connection | ||
| Cisco | N/A | Unified Communication Manager Session Management Edition (SME) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prime Collaboration Assurance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configur\u00e9es pour utiliser l\u0027authentification AAA",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server (CMS) 2000 ex\u00e9cutant une version logicielle CMS ant\u00e9rieures \u00e0 2.2.13 ou 2.3.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Virtualized Voice Browser",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM and Presence Service (IM\u0026P)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Services Orchestrator (NSO) versions 4.1 \u00e0 4.1.6.0, 4.2 \u00e0 4.2.4.0, 4.3 \u00e0 4.3.3.0 et 4.4 \u00e0 4.4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version ant\u00e9rieure \u00e0 11.1(2)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0320"
},
{
"name": "CVE-2018-0317",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0317"
},
{
"name": "CVE-2018-0274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0274"
},
{
"name": "CVE-2018-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0321"
},
{
"name": "CVE-2018-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0319"
},
{
"name": "CVE-2017-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6779"
},
{
"name": "CVE-2018-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"
},
{
"name": "CVE-2018-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0318"
},
{
"name": "CVE-2018-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0263"
},
{
"name": "CVE-2018-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0316"
},
{
"name": "CVE-2018-0315",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0315"
},
{
"name": "CVE-2018-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0322"
},
{
"name": "CVE-2018-0353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0353"
}
],
"initial_release_date": "2018-06-07T00:00:00",
"last_revision_date": "2018-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-270",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-cms-id du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-diskdos du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-asaftd du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-sql du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-access du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-aaa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-wsa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-nso du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi"
}
]
}
CERTFR-2017-AVI-416
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Voice Operating System. Elle permet à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco MediaSense | ||
| Cisco | N/A | Cisco Prime License Manager | ||
| Cisco | N/A | Cisco Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Cisco Unified Communication Manager Session Management Edition (SME) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service (IM&P; anciennement Cisco Unified Presence) | ||
| Cisco | N/A | Cisco SocialMiner | ||
| Cisco | N/A | Cisco Emergency Responder | ||
| Cisco | Unity Connection | Cisco Unity Connection | ||
| Cisco | N/A | Cisco Unified Contact Center Express (UCCx) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service (IM\u0026P; anciennement Cisco Unified Presence)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12337",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12337"
}
],
"initial_release_date": "2017-11-15T00:00:00",
"last_revision_date": "2017-11-15T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-416",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Voice Operating System.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Voice Operating System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171115-vos du 15 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
}
]
}
CERTFR-2017-AVI-160
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco UCS C-Series Rack Servers | ||
| Cisco | N/A | Cisco Remote Expert Manager | ||
| Cisco | N/A | Commutateurs Ethernet Cisco Industrial séries 1000 | ||
| Cisco | N/A | Cisco Policy Suite versions antérieures à 11.1.0, 12.0.0 et 12.1.0 | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning versions antérieures à 12.1 | ||
| Cisco | N/A | Cisco TelePresence IX5000 Series versions antérieures à 8.2.1 | ||
| Cisco | N/A | Cisco FirePOWER System | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine (ISE) | ||
| Cisco | N/A | Commutateurs Cisco Nexus séries 5000 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager | ||
| Cisco | IP Phone | Cisco IP Phone 8851 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco UCS C-Series Rack Servers",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Remote Expert Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Ethernet Cisco Industrial s\u00e9ries 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Policy Suite versions ant\u00e9rieures \u00e0 11.1.0, 12.0.0 et 12.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning versions ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence IX5000 Series versions ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine (ISE)",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Commutateurs Cisco Nexus s\u00e9ries 5000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8851",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-6632",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6632"
},
{
"name": "CVE-2017-6650",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6650"
},
{
"name": "CVE-2017-6645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6645"
},
{
"name": "CVE-2017-6623",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6623"
},
{
"name": "CVE-2017-6642",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6642"
},
{
"name": "CVE-2017-6652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6652"
},
{
"name": "CVE-2017-6647",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6647"
},
{
"name": "CVE-2017-6621",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6621"
},
{
"name": "CVE-2017-6636",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6636"
},
{
"name": "CVE-2017-6637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6637"
},
{
"name": "CVE-2017-6622",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6622"
},
{
"name": "CVE-2017-6635",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6635"
},
{
"name": "CVE-2017-6630",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6630"
},
{
"name": "CVE-2017-6654",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6654"
},
{
"name": "CVE-2017-6646",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6646"
},
{
"name": "CVE-2017-6649",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6649"
},
{
"name": "CVE-2017-6653",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6653"
},
{
"name": "CVE-2017-6641",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6641"
},
{
"name": "CVE-2017-6644",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6644"
},
{
"name": "CVE-2017-6633",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6633"
},
{
"name": "CVE-2017-6634",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6634"
},
{
"name": "CVE-2017-6643",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6643"
}
],
"initial_release_date": "2017-05-18T00:00:00",
"last_revision_date": "2017-05-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ie1000csrf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem5"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem7"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6"
}
],
"reference": "CERTFR-2017-AVI-160",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ie1000csrf du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem3 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-telepresence-ix5000 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem7 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-sip du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem6 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp5 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp2 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ise du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-cps du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucm du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-ucsc du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-nss1 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-rem4 du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-fpwr du 17 mai 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170517-pcp3 du 17 mai 2017",
"url": null
}
]
}
CERTFR-2017-AVI-127
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (CallManager) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | Adaptive Security Appliance | Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | N/A | Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | N/A | Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | N/A | Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Cisco ASA Services Module pour les commutateurs Cisco Catalyst séries 6500 et les routeurs Cisco séries 7600 (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | Firepower Threat Defense | FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | IOS XE | Cisco IOS et Cisco IOS XE avec le module EnergyWise activé, sans le dernier correctif de sécurité | ||
| Cisco | N/A | FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vulnérables de Cisco Firepower System) | ||
| Cisco | N/A | Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) | ||
| Cisco | N/A | Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vulnérables de Cisco ASA) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5500 Series Adaptive Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CallManager) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 9300 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISA 3000 Industrial Security Appliance (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Sourcefire 3D System Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Virtual Appliance (ASAv, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 1000V Cloud Firewall (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Firepower 4100 Series Security Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Services Module pour les commutateurs Cisco Catalyst s\u00e9ries 6500 et les routeurs Cisco s\u00e9ries 7600 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "FirePOWER Threat Defense for Integrated Services Routers (ISRs, voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "Firepower Threat Defense",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Industrial Security Appliance 3000 (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "FirePOWER 7000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS et Cisco IOS XE avec le module EnergyWise activ\u00e9, sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "FirePOWER 8000 Series Appliances (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco Firepower System)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower 9300 ASA Security Module (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5500-X Series Next-Generation Firewalls (voir sur le site du constructeur pour les versions vuln\u00e9rables de Cisco ASA)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3862"
},
{
"name": "CVE-2017-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3863"
},
{
"name": "CVE-2017-3861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3861"
},
{
"name": "CVE-2017-6609",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6609"
},
{
"name": "CVE-2017-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3808"
},
{
"name": "CVE-2016-6368",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6368"
},
{
"name": "CVE-2017-6608",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6608"
},
{
"name": "CVE-2017-6607",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6607"
},
{
"name": "CVE-2017-3860",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3860"
},
{
"name": "CVE-2017-6610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6610"
}
],
"initial_release_date": "2017-04-20T00:00:00",
"last_revision_date": "2017-04-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19 avril 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm"
}
],
"reference": "CERTFR-2017-AVI-127",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-xauth du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-ipsec du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-dns du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-energywise du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-fpsnort du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-ucm du 19 avril 2017",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170419-asa-tls du 19 avril 2017",
"url": null
}
]
}
CERTFR-2016-AVI-343
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Prime Infrastructure | ||
| Cisco | N/A | Cisco Evolved Programmable Network Manager | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Acano Server versions antérieures à 1.8.18 et 1.9.6 avec XMPP activé | ||
| Cisco | N/A | Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (CUCM) | ||
| Cisco | N/A | Cisco Wide Area Application Services (WAAS) | ||
| Cisco | N/A | Cisco Meeting Server versions antérieures à 2.0.6 avec XMPP activé |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Prime Infrastructure",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Evolved Programmable Network Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Acano Server versions ant\u00e9rieures \u00e0 1.8.18 et 1.9.6 avec XMPP activ\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CUCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services (WAAS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server versions ant\u00e9rieures \u00e0 2.0.6 avec XMPP activ\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6442"
},
{
"name": "CVE-2016-6443",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6443"
},
{
"name": "CVE-2016-6445",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6445"
},
{
"name": "CVE-2016-6437",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6437"
},
{
"name": "CVE-2016-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6438"
},
{
"name": "CVE-2016-6440",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6440"
}
],
"initial_release_date": "2016-10-12T00:00:00",
"last_revision_date": "2016-10-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12 octobre 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas"
}
],
"reference": "CERTFR-2016-AVI-343",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-ucm du 12 octobre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-waas du 12 octobre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-cbr-8 du 12 octobre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-msc du 12 octobre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-fin du 12 octobre 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161012-prime du 12 octobre 2016",
"url": null
}
]
}
CERTFR-2016-AVI-284
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de sécurité | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.0.3 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 6.0.0 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco APIC-EM versions antérieures à 1.2 | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x antérieures à 5.4.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Aironet 1800, 2800, et 3800 AP platforms versions antérieures à 8.2.110.0, 8.2.121.0 ou 8.3.102.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 11.5 sans le dernier correctif de sécurité | ||
| Cisco | IP Phone | Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x antérieures à 5.4.0.1 | ||
| Cisco | N/A | Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de sécurité | ||
| Cisco | N/A | Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions antérieures à 5.3.1.2 | ||
| Cisco | N/A | Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Firepower Management Center version 5.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine version 1.3(0.876) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.0.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.3.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.2.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 5.4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1800, 2800, et 3800 AP platforms versions ant\u00e9rieures \u00e0 8.2.110.0, 8.2.121.0 ou 8.3.102.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 11.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 8800 Series version 11.0(1) sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center version 4.10.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Firepower Management Center et Cisco ASA 5500-X Series avec les services FirePOWER versions ant\u00e9rieures \u00e0 5.3.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server version 2.6 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1458",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1458"
},
{
"name": "CVE-2016-6361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6361"
},
{
"name": "CVE-2016-1457",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1457"
},
{
"name": "CVE-2016-6363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6363"
},
{
"name": "CVE-2016-6362",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6362"
},
{
"name": "CVE-2016-1485",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1485"
},
{
"name": "CVE-2016-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1479"
},
{
"name": "CVE-2016-6365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6365"
},
{
"name": "CVE-2016-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1365"
},
{
"name": "CVE-2016-6364",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6364"
},
{
"name": "CVE-2016-1484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1484"
}
],
"initial_release_date": "2016-08-18T00:00:00",
"last_revision_date": "2016-08-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1"
}
],
"reference": "CERTFR-2016-AVI-284",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-08-18T00:00:00.000000"
},
{
"description": "changement \u0027Cisco APIC-EM version 1.0 sans le dernier correctif de s\u00e9curit\u00e9\u0027 \u00e0 \u0027Cisco APIC-EM versions ant\u00e9rieures \u00e0 1.2\u0027 dans syst\u00e8mes affect\u00e9s",
"revision_date": "2016-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ise du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap2 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepowermc du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-firepower du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-apic du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ucm du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-ippdu 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-aap du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-wms1 du 17 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160817-fmc du 17 ao\u00fbt 2016",
"url": null
}
]
}
CERTFR-2016-AVI-260
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service version 11.0(1) sans le correctif de sécurité ciscocm.cup-psirt-sipd-1101-v1.1.cop.sgn | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server Expressway version X8.5.2 | ||
| Cisco | N/A | Cisco Prime Infrastructure Release 2.2(2) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service version 10.5(2) sans le correctif de sécurité ciscocm.cup-psirt-sipd-1052-v1.1.cop.sgn | ||
| Cisco | IOS | Cisco IOS versions antérieures à 15.6(2)SP | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service versions antérieures à 11.5(1) SU1 | ||
| Cisco | IOS | Cisco IOS versions antérieures à 15.6(3)M | ||
| Cisco | N/A | Cisco RV110W Wireless-N VPN Firewall versions antérieures à 1.2.1.7 | ||
| Cisco | N/A | Cisco RV215W Wireless-N VPN Router versions antérieures à 1.0.3.8 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service version 9.1(1) sans le correctif de sécurité ciscocm.cup-psirt-sipd-911SU-v1.1.cop.sgn | ||
| Cisco | N/A | Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.16 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager IM and Presence Service version 11.0(1) sans le correctif de s\u00e9curit\u00e9 ciscocm.cup-psirt-sipd-1101-v1.1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server Expressway version X8.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Infrastructure Release 2.2(2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service version 10.5(2) sans le correctif de s\u00e9curit\u00e9 ciscocm.cup-psirt-sipd-1052-v1.1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions ant\u00e9rieures \u00e0 15.6(2)SP",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service versions ant\u00e9rieures \u00e0 11.5(1) SU1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions ant\u00e9rieures \u00e0 15.6(3)M",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV110W Wireless-N VPN Firewall versions ant\u00e9rieures \u00e0 1.2.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV215W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.0.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service version 9.1(1) sans le correctif de s\u00e9curit\u00e9 ciscocm.cup-psirt-sipd-911SU-v1.1.cop.sgn",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1478",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1478"
},
{
"name": "CVE-2016-1474",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1474"
},
{
"name": "CVE-2015-6396",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6396"
},
{
"name": "CVE-2016-1466",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1466"
},
{
"name": "CVE-2016-1468",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1468"
},
{
"name": "CVE-2015-6397",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6397"
}
],
"initial_release_date": "2016-08-04T00:00:00",
"last_revision_date": "2016-08-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-rv110_130w2 du 03 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160804-wedge du 04 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-ucm du 03 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm"
},
{
"title": "Annonce d\u0027arr\u00eat de commercialisation et de fin de vie des routeurs VPN multifonction pour r\u00e9seaux sans fil Cisco RV180W",
"url": "http://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-733326-fr.html"
},
{
"title": "Annonce d\u0027arr\u00eat de commercialisation et de fin de vie des routeurs VPN Cisco RV180",
"url": "http://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/eos-eol-notice-c51-733327-fr.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-cpi du 03 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-cpi"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-rv110_130w1 du 03 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-vcse du 03 ao\u00fbt 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse"
}
],
"reference": "CERTFR-2016-AVI-260",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-08-04T00:00:00.000000"
},
{
"description": "ajout du bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160804-wedge",
"revision_date": "2016-08-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-vcse du 03 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-ucm du 03 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160804-wedge du 04 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-rv110 130w1 du 03 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-cpi du 03 ao\u00fbt 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160803-rv110 130w2 du 03 ao\u00fbt 2016",
"url": null
}
]
}
CERTFR-2016-AVI-051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 11.5(0.98000.480) | ||
| Cisco | Jabber | Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu'utilisé dans le cadre d'un déploiement Jabber Guest | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28) | ||
| Cisco | N/A | Cisco APIC-EM version 1.1 | ||
| Cisco | N/A | Cisco Unified Contact Center Express version 11.0(1) | ||
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service version 10.5(2) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager version 11.5(0.98000.480)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu\u0027utilis\u00e9 dans le cadre d\u0027un d\u00e9ploiement Jabber Guest",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express version 11.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 10.5(2)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 10.5(2)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1316",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1316"
},
{
"name": "CVE-2016-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1319"
},
{
"name": "CVE-2016-1318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1318"
},
{
"name": "CVE-2016-1317",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1317"
}
],
"initial_release_date": "2016-02-09T00:00:00",
"last_revision_date": "2016-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
}
],
"reference": "CERTFR-2016-AVI-051",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-047
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Application Policy Infrastructure Controllers versions antérieures à 1.0(3h) et 1.1(1j) | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 1.0(3h) et 1.1(1j) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 10.5(2.13900.9) | ||
| Cisco | Unity Connection | Cisco Unity Connection version 11.5(0.199) | ||
| Cisco | N/A | Cisco Unified Contact Center Express version 10.6(1) | ||
| Cisco | N/A | Cisco Finesse Desktop versions 10.5(1) et 11.0(1) | ||
| Cisco | Jabber | Cisco Jabber Guest Server version 10.6(8) | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 11.0(1c) | ||
| Cisco | N/A | Cisco ASA-CX Content-Aware Security et Cisco PRSM versions antérieures à 9.3.1.1(112) | ||
| Cisco | N/A | Cisco WebEx Meetings Server version 2.5.1.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Application Policy Infrastructure Controllers versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 10.5(2.13900.9)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 11.5(0.199)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express version 10.6(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse Desktop versions 10.5(1) et 11.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest Server version 10.6(8)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 11.0(1c)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA-CX Content-Aware Security et Cisco PRSM versions ant\u00e9rieures \u00e0 9.3.1.1(112)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server version 2.5.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1302"
},
{
"name": "CVE-2016-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1308"
},
{
"name": "CVE-2016-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1307"
},
{
"name": "CVE-2016-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1301"
},
{
"name": "CVE-2016-1311",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1311"
},
{
"name": "CVE-2016-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1309"
},
{
"name": "CVE-2015-6398",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6398"
},
{
"name": "CVE-2016-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1310"
}
],
"initial_release_date": "2016-02-04T00:00:00",
"last_revision_date": "2016-02-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc"
}
],
"reference": "CERTFR-2016-AVI-047",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"initial_release_date": "2016-02-02T00:00:00",
"last_revision_date": "2016-02-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-542
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IOS XE Software versions ant\u00e9rieures \u00e0 15.5(2)S2 (3.15.2S)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager versions 8.6 et ant\u00e9rieures",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE Software versions ant\u00e9rieures \u00e0 15.5(3)S1 (3.16.1S)",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6359",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6359"
}
],
"initial_release_date": "2015-12-15T00:00:00",
"last_revision_date": "2015-12-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151214-ios du 14 d\u00e9cembre 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ios"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151214-ucm du 14 d\u00e9cembre 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm"
}
],
"reference": "CERTFR-2015-AVI-542",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151214-ios du 14 d\u00e9cembre 2015",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151214-ucm du 14 d\u00e9cembre 2015",
"url": null
}
]
}
CERTFR-2014-AVI-454
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Cisco. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) 8.x | ||
| Cisco | N/A | Cisco Web Security Appliance 8.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.x | ||
| Cisco | N/A | Cisco AnyConnect for Android 3.x | ||
| Cisco | N/A | Cisco ASA Next-Generation Firewall 9.x (formerly Cisco ASA-CX Context-Aware Security) | ||
| Cisco | N/A | Cisco TelePresence IP VCR Series | ||
| Cisco | N/A | Cisco IPS 4200 Series Sensor | ||
| Cisco | IOS | Cisco AnyConnect for iOS 3.x | ||
| Cisco | N/A | Cisco Email Encryption 6.x | ||
| Cisco | Adaptive Security Appliance | Cisco Adaptive Security Appliance (ASA) 9.x | ||
| Cisco | N/A | Cisco TelePresence Server 2.x | ||
| Cisco | N/A | Cisco TelePresence MSE 8000 | ||
| Cisco | N/A | Cisco TelePresence MCU 4500 Series 4.x | ||
| Cisco | N/A | Cisco TelePresence Serial Gateway Series | ||
| Cisco | N/A | Cisco Email Security Appliance 8.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 7.x | ||
| Cisco | N/A | Cisco Email Security Appliance 7.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service 9.x | ||
| Cisco | N/A | Cisco TelePresence ISDN Gateway | ||
| Cisco | N/A | Cisco TelePresence IP Gateway Series | ||
| Cisco | N/A | Cisco CSS 11500 Series Content Services Switches 8.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (CM) 7.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service 10.x | ||
| Cisco | N/A | Cisco TelePresence Advanced Media Gateway Series 1.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.x | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 10.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Adaptive Security Appliance (ASA) 8.x",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Web Security Appliance 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect for Android 3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA Next-Generation Firewall 9.x (formerly Cisco ASA-CX Context-Aware Security)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence IP VCR Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IPS 4200 Series Sensor",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AnyConnect for iOS 3.x",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Email Encryption 6.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Appliance (ASA) 9.x",
"product": {
"name": "Adaptive Security Appliance",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Server 2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MSE 8000",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MCU 4500 Series 4.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Serial Gateway Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Email Security Appliance 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 7.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Email Security Appliance 7.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service 9.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence ISDN Gateway",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence IP Gateway Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco CSS 11500 Series Content Services Switches 8.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CM) 7.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service 10.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Advanced Media Gateway Series 1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 9.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 10.x",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3566"
}
],
"initial_release_date": "2014-10-29T00:00:00",
"last_revision_date": "2014-10-29T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-454",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles produits\nCisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco du 29 octobre 2014",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"
}
]
}
CERTA-2013-AVI-489
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 8.5 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 9.1 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 9.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 8.6 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 7.1 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager version 8.5",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 9.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 9.0",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 8.6",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 7.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-3462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3462"
},
{
"name": "CVE-2013-3459",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3459"
},
{
"name": "CVE-2013-3461",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3461"
},
{
"name": "CVE-2013-3460",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3460"
}
],
"initial_release_date": "2013-08-22T00:00:00",
"last_revision_date": "2013-08-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130821-cucm du 21 ao\u00fbt 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm"
}
],
"reference": "CERTA-2013-AVI-489",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130821-cucm du 21 ao\u00fbt 2013",
"url": null
}
]
}
CERTA-2013-AVI-490
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Cisco Unified Communications Manager IM et Presence Service. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Presence Service versions antérieures à 9.1(2) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM versions antérieures à 9.1(2) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Presence Service versions ant\u00e9rieures \u00e0 9.1(2)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM versions ant\u00e9rieures \u00e0 9.1(2)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-3453",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3453"
}
],
"initial_release_date": "2013-08-22T00:00:00",
"last_revision_date": "2013-08-22T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130821-cup du 21 ao\u00fbt 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup"
}
],
"reference": "CERTA-2013-AVI-490",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eCisco Unified\nCommunications Manager IM et Presence Service\u003c/span\u003e. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications Manager IM et Presence Service",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130821-cup du 21 ao\u00fbt 2013",
"url": null
}
]
}
CERTA-2013-AVI-432
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 7.1 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.5 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.1 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.6 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager 7.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.5",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 9.0",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 9.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.6",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-3412",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3412"
},
{
"name": "CVE-2013-3434",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3434"
},
{
"name": "CVE-2013-3403",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3403"
},
{
"name": "CVE-2013-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3433"
},
{
"name": "CVE-2013-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3404"
},
{
"name": "CVE-2013-3402",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3402"
}
],
"initial_release_date": "2013-07-18T00:00:00",
"last_revision_date": "2013-07-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130717-cucm du 17 juillet 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"reference": "CERTA-2013-AVI-432",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130717-cucm du 17 juillet 2013",
"url": null
}
]
}
CERTA-2013-AVI-157
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.0(x) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.6(x) | ||
| Cisco | N/A | Cisco Unified Presence Server 9.1 | ||
| Cisco | N/A | Cisco Unified Presence Server 8.6 | ||
| Cisco | N/A | Cisco Prime Central for HCS Assurance 8.6 | ||
| Cisco | N/A | Cisco Prime Central for HCS Assurance 9.0 | ||
| Cisco | N/A | Cisco Unified Presence Server 9.0 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager 9.0(x)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.6(x)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Presence Server 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Presence Server 8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Central for HCS Assurance 8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Central for HCS Assurance 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Presence Server 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1137",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1137"
},
{
"name": "CVE-2013-1133",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1133"
},
{
"name": "CVE-2013-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1135"
},
{
"name": "CVE-2013-1134",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1134"
}
],
"initial_release_date": "2013-02-28T00:00:00",
"last_revision_date": "2013-02-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130227-cucm du 27 f\u00e9vrier 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130227-cups du 27 f\u00e9vrier 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130227-hcs du 27 f\u00e9vrier 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs"
}
],
"reference": "CERTA-2013-AVI-157",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco du 27 f\u00e9vrier 2013",
"url": null
}
]
}
CERTA-2012-AVI-106
Vulnerability from certfr_avis
Des vulnérabilités dans Cisco Unified Communications Manager permettent de réaliser un déni de service et d'exécuter des commandes SQL à distance.
Description
Des vulnérabilités ont été découvertes dans Cisco Unified Communications Manager :
- des messages SCCP (Skinny Client Control Protocol) spécifiques peuvent provoquer le redémarrage de Cisco Unified Communications Manager (CVE-2011-4486) ;
- des messages SCCP spécifiques permettent l'exécution de commandes SQL (CVE-2011-4487).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager Software versions 8.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager Software versions 7.x ; | ||
| Cisco | Unified Communications Manager | Cisco Business Edition 3000 ; | ||
| Cisco | Unified Communications Manager | Cisco Business Edition 5000 ; | ||
| Cisco | Unified Communications Manager | Cisco Business Edition 6000. | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager Software versions 6.x ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager Software versions 8.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Software versions 7.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 3000 ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 5000 ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Business Edition 6000.",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Software versions 6.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Unified Communications\nManager :\n\n- des messages SCCP (Skinny Client Control Protocol) sp\u00e9cifiques\n peuvent provoquer le red\u00e9marrage de Cisco Unified Communications\n Manager (CVE-2011-4486) ;\n- des messages SCCP sp\u00e9cifiques permettent l\u0027ex\u00e9cution de commandes\n SQL (CVE-2011-4487).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4487",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4487"
},
{
"name": "CVE-2011-4486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4486"
}
],
"initial_release_date": "2012-03-01T00:00:00",
"last_revision_date": "2012-03-01T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de commandes SQL \u00e0 distance"
}
],
"summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCisco Unified\nCommunications Manager\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service\net d\u0027ex\u00e9cuter des commandes SQL \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20120229-cucm du 29 f\u00e9vrier 2012",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm"
}
]
}
CERTA-2011-AVI-601
Vulnerability from certfr_avis
Une vulnérabilité dans plusieurs produits Cisco permet à un utilisateur malintentionné de porter atteinte à la confidentialité des données.
Description
Les produits Cisco affectés présentent une vulnérabilité de type directory traversal. Un utilisateur malintentionné peut, à l'aide d'une adresse réticulaire (URL) conçue à cet effet, lire tous les fichiers présents sur le système.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified IP Interactive Voice Response (IP-IVR), 6.x, 7.x et 8.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CUCM), 5.x, 6.x, 7.x et 8.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express (UCCX), 6.x, 7.x et 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes produits Cisco affect\u00e9s pr\u00e9sentent une vuln\u00e9rabilit\u00e9 de type\ndirectory traversal. Un utilisateur malintentionn\u00e9 peut, \u00e0 l\u0027aide d\u0027une\nadresse r\u00e9ticulaire (URL) con\u00e7ue \u00e0 cet effet, lire tous les fichiers\npr\u00e9sents sur le syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3315",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3315"
}
],
"initial_release_date": "2011-10-28T00:00:00",
"last_revision_date": "2011-10-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20111026-uccx du 26 octobre 2011 :",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20111026-cucm du 26 octobre 2011 :",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm"
}
],
"reference": "CERTA-2011-AVI-601",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans plusieurs produits Cisco permet \u00e0 un utilisateur\nmalintentionn\u00e9 de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco CUCM, UCCX et Unified IP-IVR",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Cisco 20111026-cucm et 20111026-uccx du 26 octobre 2011",
"url": null
}
]
}
CERTA-2011-AVI-545
Vulnerability from certfr_avis
Une vulnérabilité dans Cisco Unified Communications Manager permet à un utilisateur d'effectuer un déni de service à distance.
Description
Une vulnérabilité dans le traitement de messages SIP malformés provoque une fuite mémoire pouvant conduire à un arrêt des services voix.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 7.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 6.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.x. |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager 7.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 6.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.x.",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement de messages SIP malform\u00e9s provoque\nune fuite m\u00e9moire pouvant conduire \u00e0 un arr\u00eat des services voix.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2072",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2072"
}
],
"initial_release_date": "2011-09-30T00:00:00",
"last_revision_date": "2011-09-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110928-cucm du 28 septembre 2011 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml"
}
],
"reference": "CERTA-2011-AVI-545",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications Manager permet \u00e0 un\nutilisateur d\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20110928-cucm du 28 Septembre 2011",
"url": null
}
]
}
CERTA-2011-AVI-478
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Cisco Unified Communications Manager. Ces vulnérabilités permettent un déni de service à distance.
Description
Cisco Unified Communications Manager est affecté par de multiples vulnérabilités permettant à un attaquant non authentifié d'envoyer des paquets spécialement conçus provoquant l'arrêt du service vulnérable. Les services et composants suivants sont affectés:
- Packet Capture Service ;
- Media Termination Points (MTP) ;
- SIP INVITE messages processing.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 7.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 4.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 6.x ; | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.x. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager 7.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 4.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 6.x ;",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.x.",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nCisco Unified Communications Manager est affect\u00e9 par de multiples\nvuln\u00e9rabilit\u00e9s permettant \u00e0 un attaquant non authentifi\u00e9 d\u0027envoyer des\npaquets sp\u00e9cialement con\u00e7us provoquant l\u0027arr\u00eat du service vuln\u00e9rable.\nLes services et composants suivants sont affect\u00e9s:\n\n- Packet Capture Service ;\n- Media Termination Points (MTP) ;\n- SIP INVITE messages processing.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2562",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2562"
},
{
"name": "CVE-2011-2560",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2560"
},
{
"name": "CVE-2011-2561",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2561"
}
],
"initial_release_date": "2011-08-29T00:00:00",
"last_revision_date": "2011-08-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110824-cucm du 29 ao\u00fbt 2011 :",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20110824-cucm.shtml"
}
],
"reference": "CERTA-2011-AVI-478",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-08-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Manager\u003c/span\u003e. Ces\nvuln\u00e9rabilit\u00e9s permettent un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Cisco cisco-sa-20110824-cucm",
"url": null
}
]
}