Refine your search
12 vulnerabilities found for Unity Connection by Cisco
CERTFR-2024-AVI-0026
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Unity Connection. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unity Connection | Cisco Unity Connection versions 14.x antérieures à 14.0.1.14006-5 | ||
| Cisco | Unity Connection | Cisco Unity Connection versions antérieures à 12.5.1.19017-4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection versions 14.x ant\u00e9rieures \u00e0 14.0.1.14006-5",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions ant\u00e9rieures \u00e0 12.5.1.19017-4",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20272"
}
],
"initial_release_date": "2024-01-11T00:00:00",
"last_revision_date": "2024-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Unity Connection. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unity Connection",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cuc-unauth-afu-FROYsCsD du 10 janvier 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD"
}
]
}
CERTFR-2023-AVI-0805
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Unified CM IM&P version 12.5(1)SU7 antérieure à 12.5(1)SU8 | ||
| Cisco | N/A | Emergency Responder version 12.5(1)SU4 antérieure à 12.5(1)SU5 sans le correctif de sécurité ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512 | ||
| Cisco | ConfD | ConfD versions 7.6.x antérieures à 7.6.14.1 | ||
| Cisco | N/A | Network Services Orchestrator versions 5.4.x antérieures à 5.4.3.2 | ||
| Cisco | ConfD | ConfD versions 7.4.x antérieures à 7.4.3.1 | ||
| Cisco | ConfD | ConfD versions 7.5.x antérieures à 7.5.2.1 | ||
| Cisco | N/A | Network Services Orchestrator versions 6.0.x antérieures à 6.0.8 | ||
| Cisco | N/A | Network Services Orchestrator versions 6.1.x antérieures à 6.1.3.1 | ||
| Cisco | ConfD | ConfD versions 7.8.x antérieures à 7.8.11 | ||
| Cisco | N/A | Network Services Orchestrator versions 5.5.x antérieures à 5.5.2.3 | ||
| Cisco | N/A | Network Services Orchestrator versions 5.6.x antérieures à 5.6.14.1 | ||
| Cisco | N/A | Network Services Orchestrator versions 5.8.x antérieures à 5.8.11 | ||
| Cisco | N/A | Network Services Orchestrator versions 5.7.x antérieures à 5.7.13 | ||
| Cisco | N/A | Unified CM and Unified CM SME version 12.5(1)SU7 antérieure à 12.5(1)SU8 | ||
| Cisco | ConfD | ConfD versions 8.0.x antérieures à 8.0.8 | ||
| Cisco | N/A | Unified CM and Unified CM SME version 14SU3 sans le correctif de sécurité ciscocm.V14SU3_CSCwf44755.cop.sha512 | ||
| Cisco | Unity Connection | Unity Connection version 14SU3 sans le correcif de sécurité ciscocm.cuc.V14SU3_CSCwf62081.k4.cop.sha512 | ||
| Cisco | ConfD | ConfD versions 8.1.x antérieures à 8.1.4 | ||
| Cisco | N/A | Unified CM IM&P version 14SU3 sans le correcif de sécurité ciscocm.cup_CSCwf62094_14SU3.cop.sha512 | ||
| Cisco | ConfD | ConfD versions 7.7.x antérieures à 7.7.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Unified CM IM\u0026P version 12.5(1)SU7 ant\u00e9rieure \u00e0 12.5(1)SU8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Emergency Responder version 12.5(1)SU4 ant\u00e9rieure \u00e0 12.5(1)SU5 sans le correctif de s\u00e9curit\u00e9 ciscocm.CSCwh34565_PRIVILEGED_ACCESS_DISABLE.k4.cop.sha512",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.6.x ant\u00e9rieures \u00e0 7.6.14.1",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 5.4.x ant\u00e9rieures \u00e0 5.4.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.4.x ant\u00e9rieures \u00e0 7.4.3.1",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.5.x ant\u00e9rieures \u00e0 7.5.2.1",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.8.x ant\u00e9rieures \u00e0 7.8.11",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 5.5.x ant\u00e9rieures \u00e0 5.5.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 5.6.x ant\u00e9rieures \u00e0 5.6.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 5.8.x ant\u00e9rieures \u00e0 5.8.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Network Services Orchestrator versions 5.7.x ant\u00e9rieures \u00e0 5.7.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified CM and Unified CM SME version 12.5(1)SU7 ant\u00e9rieure \u00e0 12.5(1)SU8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 8.0.x ant\u00e9rieures \u00e0 8.0.8",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified CM and Unified CM SME version 14SU3 sans le correctif de s\u00e9curit\u00e9 ciscocm.V14SU3_CSCwf44755.cop.sha512",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection version 14SU3 sans le correcif de s\u00e9curit\u00e9 ciscocm.cuc.V14SU3_CSCwf62081.k4.cop.sha512",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 8.1.x ant\u00e9rieures \u00e0 8.1.4",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified CM IM\u0026P version 14SU3 sans le correcif de s\u00e9curit\u00e9 ciscocm.cup_CSCwf62094_14SU3.cop.sha512",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.7.x ant\u00e9rieures \u00e0 7.7.13",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20259",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20259"
},
{
"name": "CVE-2021-1572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1572"
},
{
"name": "CVE-2023-20101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20101"
}
],
"initial_release_date": "2023-10-05T00:00:00",
"last_revision_date": "2023-10-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0PGsDcdNF du 04 octobre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0B9t3hqk9 du 04 octobre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9"
}
],
"reference": "CERTFR-2023-AVI-0805",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco B9t3hqk9 du 04 octobre 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco LsGtCRx4 du 04 octobre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco XXqRtTfT du 04 octobre 2023",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco PGsDcdNF du 04 octobre 2023",
"url": null
}
]
}
CERTFR-2021-AVI-246
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | ClamAV | ClamAV pour Windows versions antérieures à 0.103.2 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie donc aucun correctif ne sera publié pour la vulnérabilité critique CVE-2021-1459) | ||
| Cisco | N/A | Cisco Unified CM IM&P versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV134W versions antérieures à 1.0.1.21 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 19.x et 20.x antérieures à 20.3.3 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions 20.4.x antérieures à 20.4.1 | ||
| Cisco | N/A | Immunet versions antérieures à 7.4.0 | ||
| Cisco | N/A | Cisco AMP for Endpoints pour Windows versions antérieures à 7.3.15 | ||
| Cisco | Unity Connection | Cisco Unity Connection versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV132W versions antérieures à 1.0.1.15 | ||
| Cisco | Unity Connection | Cisco Unity Connection versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV160, RV160W, RV260, RV260P et RV260W versions antérieures à 1.0.01.03 | ||
| Cisco | N/A | Cisco Unified CM IM&P versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | N/A | Cisco Unified CM et Unified CM SME versions 12.0.x et 12.5.x antérieures à 12.5(1)SU4 | ||
| Cisco | SD-WAN vManage | Cisco SD-WAN vManage versions antérieures à 19.2.4 | ||
| Cisco | N/A | Cisco Unified CM et Unified CM SME versions antérieures à 11.5(1)SU9 | ||
| Cisco | Small Business | les routeurs Cisco Small Business RV340, RV340W, RV345 et RV345P versions antérieures à 1.0.03.21 | ||
| Cisco | N/A | Cisco Prime License Manager versions antérieures à 11.5(1)SU9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV pour Windows versions ant\u00e9rieures \u00e0 0.103.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV110W, RV130, RV130W et RV215W (ces produits sont en fin de vie donc aucun correctif ne sera publi\u00e9 pour la vuln\u00e9rabilit\u00e9 critique CVE-2021-1459)",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM IM\u0026P versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV134W versions ant\u00e9rieures \u00e0 1.0.1.21",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 19.x et 20.x ant\u00e9rieures \u00e0 20.3.3",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions 20.4.x ant\u00e9rieures \u00e0 20.4.1",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Immunet versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AMP for Endpoints pour Windows versions ant\u00e9rieures \u00e0 7.3.15",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV132W versions ant\u00e9rieures \u00e0 1.0.1.15",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV160, RV160W, RV260, RV260P et RV260W versions ant\u00e9rieures \u00e0 1.0.01.03",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM IM\u0026P versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions 12.0.x et 12.5.x ant\u00e9rieures \u00e0 12.5(1)SU4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SD-WAN vManage versions ant\u00e9rieures \u00e0 19.2.4",
"product": {
"name": "SD-WAN vManage",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified CM et Unified CM SME versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "les routeurs Cisco Small Business RV340, RV340W, RV345 et RV345P versions ant\u00e9rieures \u00e0 1.0.03.21",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime License Manager versions ant\u00e9rieures \u00e0 11.5(1)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1473"
},
{
"name": "CVE-2021-1480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1480"
},
{
"name": "CVE-2021-1479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1479"
},
{
"name": "CVE-2021-1362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1362"
},
{
"name": "CVE-2021-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1309"
},
{
"name": "CVE-2021-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1386"
},
{
"name": "CVE-2021-1472",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1472"
},
{
"name": "CVE-2021-1251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1251"
},
{
"name": "CVE-2021-1459",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1459"
},
{
"name": "CVE-2021-1137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1137"
},
{
"name": "CVE-2021-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1308"
}
],
"initial_release_date": "2021-04-08T00:00:00",
"last_revision_date": "2021-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-amp-imm-dll-tu79hvkO du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-tu79hvkO"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-rce-pqVYwyb du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb-rv-bypass-inject-Rbhgvfdx du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vmanage-YuTVWqy du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-multi-lldp-u7e4chCe du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-rv-rce-q3rxHnvm du 07 avril 2021",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm"
}
]
}
CERTFR-2018-AVI-270
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Prime Collaboration Assurance | ||
| Cisco | N/A | MediaSense | ||
| Cisco | N/A | Prime Collaboration Provisioning | ||
| Cisco | IOS XE | Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configurées pour utiliser l'authentification AAA | ||
| Cisco | N/A | Cisco Meeting Server (CMS) 2000 exécutant une version logicielle CMS antérieures à 2.2.13 ou 2.3.4. | ||
| Cisco | N/A | Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Emergency Responder | ||
| Cisco | N/A | Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Prime License Manager | ||
| Cisco | Unified Communications Manager | Unified Communications Manager (UCM) | ||
| Cisco | N/A | Virtualized Voice Browser | ||
| Cisco | Unified Communications Manager | Unified Communications Manager IM and Presence Service (IM&P) | ||
| Cisco | N/A | Cisco Network Services Orchestrator (NSO) versions 4.1 à 4.1.6.0, 4.2 à 4.2.4.0, 4.3 à 4.3.3.0 et 4.4 à 4.4.2.0 | ||
| Cisco | N/A | SocialMiner | ||
| Cisco | N/A | Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA | ||
| Cisco | N/A | Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et antérieures | ||
| Cisco | IP Phone | Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version antérieure à 11.1(2) | ||
| Cisco | N/A | Unified Contact Center Express (UCCx) | ||
| Cisco | N/A | Finesse | ||
| Cisco | Unity Connection | Unity Connection | ||
| Cisco | N/A | Unified Communication Manager Session Management Edition (SME) |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Prime Collaboration Assurance",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime Collaboration Provisioning",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configur\u00e9es pour utiliser l\u0027authentification AAA",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Meeting Server (CMS) 2000 ex\u00e9cutant une version logicielle CMS ant\u00e9rieures \u00e0 2.2.13 ou 2.3.4.",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Virtualized Voice Browser",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM and Presence Service (IM\u0026P)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Network Services Orchestrator (NSO) versions 4.1 \u00e0 4.1.6.0, 4.2 \u00e0 4.2.4.0, 4.3 \u00e0 4.3.3.0 et 4.4 \u00e0 4.4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version ant\u00e9rieure \u00e0 11.1(2)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0320"
},
{
"name": "CVE-2018-0317",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0317"
},
{
"name": "CVE-2018-0274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0274"
},
{
"name": "CVE-2018-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0321"
},
{
"name": "CVE-2018-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0319"
},
{
"name": "CVE-2017-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6779"
},
{
"name": "CVE-2018-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"
},
{
"name": "CVE-2018-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0318"
},
{
"name": "CVE-2018-0263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0263"
},
{
"name": "CVE-2018-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0316"
},
{
"name": "CVE-2018-0315",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0315"
},
{
"name": "CVE-2018-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0322"
},
{
"name": "CVE-2018-0353",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0353"
}
],
"initial_release_date": "2018-06-07T00:00:00",
"last_revision_date": "2018-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-270",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2018-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-cms-id du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-diskdos du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-asaftd du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-sql du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-access du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-aaa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-wsa du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-nso du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi"
}
]
}
CERTFR-2017-AVI-416
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Voice Operating System. Elle permet à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco MediaSense | ||
| Cisco | N/A | Cisco Prime License Manager | ||
| Cisco | N/A | Cisco Unified Intelligence Center (UIC) | ||
| Cisco | N/A | Cisco Unified Communication Manager Session Management Edition (SME) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM and Presence Service (IM&P; anciennement Cisco Unified Presence) | ||
| Cisco | N/A | Cisco SocialMiner | ||
| Cisco | N/A | Cisco Emergency Responder | ||
| Cisco | Unity Connection | Cisco Unity Connection | ||
| Cisco | N/A | Cisco Unified Contact Center Express (UCCx) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco MediaSense",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime License Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Intelligence Center (UIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communication Manager Session Management Edition (SME)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM and Presence Service (IM\u0026P; anciennement Cisco Unified Presence)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco SocialMiner",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Emergency Responder",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express (UCCx)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-12337",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12337"
}
],
"initial_release_date": "2017-11-15T00:00:00",
"last_revision_date": "2017-11-15T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-416",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Voice Operating System.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Voice Operating System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20171115-vos du 15 novembre 2017",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
}
]
}
CERTFR-2016-AVI-129
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unity Connection | Cisco Unity Connection versions 11.0 et antérieures | ||
| Cisco | IOS XR | Cisco IOS XR versions 4.2.3, 4.3.0, 4.3.4, et 5.3.1 s'exécutant sur les routeurs à services d'agrégation Cisco séries ASR 9000 | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System version 4.10(1) | ||
| Cisco | IOS | Cisco IOS versions antérieures à 15.2(2)E1 | ||
| Cisco | N/A | Cisco UCS Central Software versions antérieures à 1.3(1c) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection versions 11.0 et ant\u00e9rieures",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XR versions 4.2.3, 4.3.0, 4.3.4, et 5.3.1 s\u0027ex\u00e9cutant sur les routeurs \u00e0 services d\u0027agr\u00e9gation Cisco s\u00e9ries ASR 9000",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System version 4.10(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions ant\u00e9rieures \u00e0 15.2(2)E1",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central Software versions ant\u00e9rieures \u00e0 1.3(1c)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1377"
},
{
"name": "CVE-2016-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1352"
},
{
"name": "CVE-2016-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1376"
},
{
"name": "CVE-2016-1378",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1378"
},
{
"name": "CVE-2016-1375",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1375"
}
],
"initial_release_date": "2016-04-14T00:00:00",
"last_revision_date": "2016-04-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160407-cic du 7 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160407-cic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160412-asr du 12 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-asr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160412-unity du 12 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160412-unity"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160413-ucs du 13 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-ucs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160413-nms du 13 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms"
}
],
"reference": "CERTFR-2016-AVI-129",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160413-ucs du 13 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160412-unity du 12 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160407-cic du 7 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160412-asr du 12 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160413-nms du 13 avril 2016",
"url": null
}
]
}
CERTFR-2016-AVI-051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 11.5(0.98000.480) | ||
| Cisco | Jabber | Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu'utilisé dans le cadre d'un déploiement Jabber Guest | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28) | ||
| Cisco | N/A | Cisco APIC-EM version 1.1 | ||
| Cisco | N/A | Cisco Unified Contact Center Express version 11.0(1) | ||
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager IM & Presence Service version 10.5(2) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager version 11.5(0.98000.480)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu\u0027utilis\u00e9 dans le cadre d\u0027un d\u00e9ploiement Jabber Guest",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express version 11.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 10.5(2)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 10.5(2)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1316",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1316"
},
{
"name": "CVE-2016-1319",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1319"
},
{
"name": "CVE-2016-1318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1318"
},
{
"name": "CVE-2016-1317",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1317"
}
],
"initial_release_date": "2016-02-09T00:00:00",
"last_revision_date": "2016-02-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
}
],
"reference": "CERTFR-2016-AVI-051",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-047
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Application Policy Infrastructure Controllers versions antérieures à 1.0(3h) et 1.1(1j) | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 1.0(3h) et 1.1(1j) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager version 10.5(2.13900.9) | ||
| Cisco | Unity Connection | Cisco Unity Connection version 11.5(0.199) | ||
| Cisco | N/A | Cisco Unified Contact Center Express version 10.6(1) | ||
| Cisco | N/A | Cisco Finesse Desktop versions 10.5(1) et 11.0(1) | ||
| Cisco | Jabber | Cisco Jabber Guest Server version 10.6(8) | ||
| Cisco | N/A | Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 11.0(1c) | ||
| Cisco | N/A | Cisco ASA-CX Content-Aware Security et Cisco PRSM versions antérieures à 9.3.1.1(112) | ||
| Cisco | N/A | Cisco WebEx Meetings Server version 2.5.1.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Application Policy Infrastructure Controllers versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager version 10.5(2.13900.9)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 11.5(0.199)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Contact Center Express version 10.6(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse Desktop versions 10.5(1) et 11.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest Server version 10.6(8)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 11.0(1c)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA-CX Content-Aware Security et Cisco PRSM versions ant\u00e9rieures \u00e0 9.3.1.1(112)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WebEx Meetings Server version 2.5.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1302"
},
{
"name": "CVE-2016-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1308"
},
{
"name": "CVE-2016-1307",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1307"
},
{
"name": "CVE-2016-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1301"
},
{
"name": "CVE-2016-1311",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1311"
},
{
"name": "CVE-2016-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1309"
},
{
"name": "CVE-2015-6398",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6398"
},
{
"name": "CVE-2016-1310",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1310"
}
],
"initial_release_date": "2016-02-04T00:00:00",
"last_revision_date": "2016-02-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc"
}
],
"reference": "CERTFR-2016-AVI-047",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-042
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Small Business | Cisco Small Business 500 Series Switches version 1.2.0.92 | ||
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2.3009) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Small Business 500 Series Switches version 1.2.0.92",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 10.5(2.3009)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1303"
},
{
"name": "CVE-2016-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1304"
}
],
"initial_release_date": "2016-01-29T00:00:00",
"last_revision_date": "2016-01-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-uc du 28 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-sbs du 28 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs"
}
],
"reference": "CERTFR-2016-AVI-042",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une injection de\ncode indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-uc du 28 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160128-sbs du 28 janvier 2016",
"url": null
}
]
}
CERTFR-2016-AVI-040
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unity Connection | Cisco Unity Connection version 10.5(2.3009) | ||
| Cisco | Small Business | Cisco Small Business SG300 Managed Switch version 1.4.1.x | ||
| Cisco | N/A | Cisco Wide Area Application Services Software (WAAS) versions 5.4.x et 5.5.X antérieures à 5.5.3 | ||
| Cisco | N/A | Cisco RV220W Wireless Network Security Firewall versions antérieures à 1.0.7.2 | ||
| Cisco | N/A | Cisco Wide Area Application Services Software (WAAS) versions ultérieures à 5.1.1d et antérieures à 5.3.5d |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection version 10.5(2.3009)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Small Business SG300 Managed Switch version 1.4.1.x",
"product": {
"name": "Small Business",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services Software (WAAS) versions 5.4.x et 5.5.X ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV220W Wireless Network Security Firewall versions ant\u00e9rieures \u00e0 1.0.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wide Area Application Services Software (WAAS) versions ult\u00e9rieures \u00e0 5.1.1d et ant\u00e9rieures \u00e0 5.3.5d",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1299",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1299"
},
{
"name": "CVE-2015-6319",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6319"
},
{
"name": "CVE-2016-1300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1300"
},
{
"name": "CVE-2015-6421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6421"
}
],
"initial_release_date": "2016-01-28T00:00:00",
"last_revision_date": "2016-01-28T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-waascifs du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-waascifs"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-sbms du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-rv220 du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-uc du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-uc"
}
],
"reference": "CERTFR-2016-AVI-040",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-sbms du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-waascifs du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-rv220 du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-uc du 27 janvier 2016",
"url": null
}
]
}
CERTFR-2015-AVI-515
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Unified SIP Phone 3905 Series | ||
| Cisco | Unity Connection | Cisco Unity Connection version 9.1(1.10) |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified SIP Phone 3905 Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection version 9.1(1.10)",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6391"
},
{
"name": "CVE-2015-6390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6390"
}
],
"initial_release_date": "2015-12-03T00:00:00",
"last_revision_date": "2015-12-03T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151202-sip du 02 d\u00e9cembre 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-sip"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151202-pca du 02 d\u00e9cembre 2015",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca"
}
],
"reference": "CERTFR-2015-AVI-515",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eCisco\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151202-pca du 02 d\u00e9cembre 2015",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20151202-sip du 02 d\u00e9cembre 2015",
"url": null
}
]
}
CERTA-2012-AVI-108
Vulnerability from certfr_avis
De multiples vulnérabilités dans Cisco Unity Connection permettent de réaliser un déni de service à distance et une élévation de privilèges.
Description
De multiples vulnérabilités ont été découvertes dans Cisco Unity Connection :
- un utilisateur authentifié disposant de droits Help Desk Administrator peut élever ses privilèges et obtenir un accès complet au système. Seules les versions 7.1 et antérieures de Cisco Unity Connection sont concernées (CVE-2012-0366) ;
- en envoyant une séquence spécifique de segments TCP, un attaquant distant peut provoquer l'arrêt inopiné de services du système (CVE-2012-0367).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unity Connection | Cisco Unity Connection versions 7.1 et antérieures ; | ||
| Cisco | Unity Connection | Cisco Unity Connection versions 8.0, 8.5 et 8.6. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unity Connection versions 7.1 et ant\u00e9rieures ;",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unity Connection versions 8.0, 8.5 et 8.6.",
"product": {
"name": "Unity Connection",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Unity\nConnection :\n\n- un utilisateur authentifi\u00e9 disposant de droits Help Desk\n Administrator peut \u00e9lever ses privil\u00e8ges et obtenir un acc\u00e8s complet\n au syst\u00e8me. Seules les versions 7.1 et ant\u00e9rieures de Cisco Unity\n Connection sont concern\u00e9es (CVE-2012-0366) ;\n- en envoyant une s\u00e9quence sp\u00e9cifique de segments TCP, un attaquant\n distant peut provoquer l\u0027arr\u00eat inopin\u00e9 de services du syst\u00e8me\n (CVE-2012-0367).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0367",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0367"
},
{
"name": "CVE-2012-0366",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0366"
}
],
"initial_release_date": "2012-03-01T00:00:00",
"last_revision_date": "2012-03-01T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-108",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCisco Unity\nConnection\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service \u00e0 distance\net une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unity Connection",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco 20120229-cuc du 29 f\u00e9vrier 2012",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cuc"
}
]
}