CERTFR-2018-AVI-536
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco Small Business Cisco Small Business 500 Series Stackable Managed Switches
Cisco N/A Appareils Cisco Meraki MR
Cisco N/A Appareils Cisco Meraki Z1 et Z3
Cisco Meraki MX Appareils Cisco Meraki MX (incluant les équipements physiques et l'équipement virtuel vMX100)
Cisco N/A Cisco Stealthwatch Enterprise versions 6.10.2 et antérieures
Cisco N/A Appareils Cisco Meraki MS
Cisco N/A Cisco 350 Series Managed Switches
Cisco Small Business Cisco Small Business 300 Series Managed Switches
Cisco Small Business Cisco Small Business 200 Series Smart Switches
Cisco N/A Cisco 550X Series Stackable Managed Switches
Cisco N/A Cisco 250 Series Smart Switches
Cisco N/A Cisco Unity Express toutes versions antérieures à 9.0.6
Cisco N/A Cisco 350X Series Stackable Managed Switches
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Small Business 500 Series Stackable Managed Switches",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Appareils Cisco Meraki MR",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Appareils Cisco Meraki Z1 et Z3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Appareils Cisco Meraki MX (incluant les \u00e9quipements physiques et l\u0027\u00e9quipement virtuel vMX100)",
      "product": {
        "name": "Meraki MX",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Stealthwatch Enterprise versions 6.10.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Appareils Cisco Meraki MS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 350 Series Managed Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Small Business 300 Series Managed Switches",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Small Business 200 Series Smart Switches",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 550X Series Stackable Managed Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 250 Series Smart Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unity Express toutes versions ant\u00e9rieures \u00e0 9.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 350X Series Stackable Managed Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-15381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15381"
    },
    {
      "name": "CVE-2018-15394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15394"
    },
    {
      "name": "CVE-2018-15439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15439"
    },
    {
      "name": "CVE-2018-0284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0284"
    }
  ],
  "initial_release_date": "2018-11-08T00:00:00",
  "last_revision_date": "2018-11-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-536",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-smc-auth-bypass du 7 novembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-sbsw-privacc du 7 novembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-meraki du 7 novembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20181107-cue du 7 novembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.