Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0950
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Enterprise Chat and Email (ECE) | Enterprise Chat and Email versions antérieures à 12.5(1) ES9 | ||
| Cisco | Unified Industrial Wireless Software | Unified Industrial Wireless versions antérieures à 17.15.1 | ||
| Cisco | Nexus Dashboard Fabric Controller | Nexus Dashboard Fabric Controller versions antérieures à 12.2.2 | ||
| Cisco | Enterprise Chat and Email (ECE) | Enterprise Chat and Email versions 12.6 antérieures à 12.6(1) ES9 ET3 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Enterprise Chat and Email versions ant\u00e9rieures \u00e0 12.5(1) ES9",
"product": {
"name": "Enterprise Chat and Email (ECE)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Industrial Wireless versions ant\u00e9rieures \u00e0 17.15.1",
"product": {
"name": "Unified Industrial Wireless Software",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Nexus Dashboard Fabric Controller versions ant\u00e9rieures \u00e0 12.2.2",
"product": {
"name": "Nexus Dashboard Fabric Controller",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Enterprise Chat and Email versions 12.6 ant\u00e9rieures \u00e0 12.6(1) ES9 ET3",
"product": {
"name": "Enterprise Chat and Email (ECE)",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20536"
},
{
"name": "CVE-2024-20418",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20418"
},
{
"name": "CVE-2024-20484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20484"
}
],
"initial_release_date": "2024-11-07T00:00:00",
"last_revision_date": "2024-11-07T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0950",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ece-dos-Oqb9uFEv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ndfc-sqli-CyPPAxrL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs"
}
]
}
CVE-2024-20418 (GCVE-0-2024-20418)
Vulnerability from cvelistv5
Published
2024-11-06 16:59
Modified
2024-11-08 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.
This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Aironet Access Point Software (IOS XE Controller) |
Version: N/A |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "aironet_access_point_software",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "17.14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T04:55:17.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Aironet Access Point Software (IOS XE Controller)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:59:36.640Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs"
}
],
"source": {
"advisory": "cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
"defects": [
"CSCwk98052"
],
"discovery": "INTERNAL"
},
"title": "Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20418",
"datePublished": "2024-11-06T16:59:36.640Z",
"dateReserved": "2023-11-08T15:08:07.663Z",
"dateUpdated": "2024-11-08T04:55:17.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20536 (GCVE-0-2024-20536)
Vulnerability from cvelistv5
Published
2024-11-06 16:31
Modified
2024-11-09 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Data Center Network Manager |
Version: 12.1.2e Version: 12.1.2p Version: 12.1.3b |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:data_center_network_manager:12.1.2e:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "data_center_network_manager",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.1.2e"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:data_center_network_manager:12.1.2p:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "data_center_network_manager",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.1.2p"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:data_center_network_manager:12.1.3b:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "data_center_network_manager",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.1.3b"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-09T04:55:53.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Data Center Network Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1.2e"
},
{
"status": "affected",
"version": "12.1.2p"
},
{
"status": "affected",
"version": "12.1.3b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:31:38.476Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ndfc-sqli-CyPPAxrL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL"
}
],
"source": {
"advisory": "cisco-sa-ndfc-sqli-CyPPAxrL",
"defects": [
"CSCwm50506"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20536",
"datePublished": "2024-11-06T16:31:38.476Z",
"dateReserved": "2023-11-08T15:08:07.693Z",
"dateUpdated": "2024-11-09T04:55:53.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20484 (GCVE-0-2024-20484)
Vulnerability from cvelistv5
Published
2024-11-06 16:29
Modified
2024-11-06 17:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email |
Version: 11.6(1)_ES3 Version: 11.6(1)_ES4 Version: 12.0(1)_ES6 Version: 11.6(1)_ES9 Version: 11.6(1)_ES6 Version: 11.6(1)_ES5 Version: 12.5(1)_ET1 Version: 12.5(1)_ES3_ET1 Version: 12.0(1)_ES3 Version: 11.6(1)_ES11 Version: 12.0(1)_ES4 Version: 12.0(1)_ES5 Version: 11.6(1)_ES2 Version: 11.6(1)_ES9a Version: 11.6(1)_ES10 Version: 12.0(1)_ES1 Version: 12.0(1) Version: 12.5(1)_ES3 Version: 12.6(1) Version: 11.5(1) Version: 12.0(1)_ES2 Version: 11.6(1)_ES7 Version: 12.6(1)_ET1 Version: 11.6(1) Version: 12.6(1)_ET2 Version: 12.5(1)_ES3_ET2 Version: 12.0(1)_ES6_ET2 Version: 12.6(1)_ES1 Version: 11.6(1)_ES12 Version: 12.6(1)_ET3 Version: 12.5(1)_ES4_ET1 Version: 12.0(1)_ES6_ET3 Version: 12.6(1)_ES1_ET1 Version: 12.6(1)_ES2 Version: 12.6_ES2_ET1 Version: 12.5(1)_ES5 Version: 12.6_ES2_ET2 Version: 12.0(1)_ES7 Version: 12.6_ES2_ET3 Version: 12.0(1)_ES7_ET1 Version: 12.5(1)_ES5_ET1 Version: 12.6_ES2_ET4 Version: 12.6(1)_ES3 Version: 11.6(1)_ES12_ET1 Version: 12.6_ES3_ET1 Version: 12.6_ES3_ET2 Version: 12.6(1)_ES4 Version: 12.5(1)_ES7 Version: 12.6(1)_ES4_ET1 Version: 12.6(1)_ES5 Version: 12.6(1)_ES5_ET1 Version: 12.6(1)_ES5_ET2 Version: 12.6(1)_ES6 Version: 12.6(1)_ES6_ET1 Version: 12.5(1)_ES8 Version: 12.6(1)_ES6_ET2 Version: 12.6(1)_ES7 Version: 12.6(1)_ES8 Version: 12.6(1)_ES4_ET2 Version: 12.6(1)_ES3_ET3 Version: 12.6(1)_ES2_ET5 Version: 12.6(1)_ES1_ET2 Version: 12.6(1)_ES8_ET1 Version: 12.6(1)_ES7_ET1 Version: 12.6(1)_ES6_ET3 Version: 12.6(1)_ES5_ET3 Version: 12.5(1)_ES8_ET1 Version: 12.5(1)_ES3_ET3 Version: 12.5(1)_ES5_ET2 Version: 12.5(1)_ES6_ET1 Version: 12.5(1)_ES4_ET2 Version: 12.5(1)_ES7_ET1 Version: 12.6(1)_ES8_ET2 Version: 12.6(1)_ES9 Version: 12.6(1)_ES9_ET1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_chat_and_email",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES9"
},
{
"status": "affected",
"version": "11.6(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES5"
},
{
"status": "affected",
"version": "12.5(1)_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES11"
},
{
"status": "affected",
"version": "12.0(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES5"
},
{
"status": "affected",
"version": "11.6(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES9a"
},
{
"status": "affected",
"version": "11.6(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)_ES1"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES3"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ET1"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES1"
},
{
"status": "affected",
"version": "11.6(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES2"
},
{
"status": "affected",
"version": "12.6_ES2_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5"
},
{
"status": "affected",
"version": "12.6_ES2_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES7"
},
{
"status": "affected",
"version": "12.6_ES2_ET3"
},
{
"status": "affected",
"version": "12.0(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6_ES2_ET4"
},
{
"status": "affected",
"version": "12.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES12_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES4"
},
{
"status": "affected",
"version": "12.5(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES6"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES2_ET5"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T17:20:15.324243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:20:30.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise Chat and Email",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES9"
},
{
"status": "affected",
"version": "11.6(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES5"
},
{
"status": "affected",
"version": "12.5(1)_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES11"
},
{
"status": "affected",
"version": "12.0(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES5"
},
{
"status": "affected",
"version": "11.6(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES9a"
},
{
"status": "affected",
"version": "11.6(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)_ES1"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES3"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ET1"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES1"
},
{
"status": "affected",
"version": "11.6(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES2"
},
{
"status": "affected",
"version": "12.6_ES2_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5"
},
{
"status": "affected",
"version": "12.6_ES2_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES7"
},
{
"status": "affected",
"version": "12.6_ES2_ET3"
},
{
"status": "affected",
"version": "12.0(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6_ES2_ET4"
},
{
"status": "affected",
"version": "12.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES12_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES4"
},
{
"status": "affected",
"version": "12.5(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES6"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES2_ET5"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources \u0026gt; Services \u0026gt; Unified CCE \u0026gt; EAAS, then click Start."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:29:20.865Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ece-dos-Oqb9uFEv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
}
],
"source": {
"advisory": "cisco-sa-ece-dos-Oqb9uFEv",
"defects": [
"CSCwj26667"
],
"discovery": "INTERNAL"
},
"title": "Cisco Enterprise Chat and Email Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20484",
"datePublished": "2024-11-06T16:29:20.865Z",
"dateReserved": "2023-11-08T15:08:07.684Z",
"dateUpdated": "2024-11-06T17:20:30.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…