You are here
Home > Preporuke > Ranjivosti više Cisco proizvoda

Ranjivosti više Cisco proizvoda

  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2019-August-21.

The following PSIRT security advisories (4 Critical, 14 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability – SIR: Critical

2) Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability – SIR: Critical

3) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability – SIR: Critical

4) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability – SIR: Critical

5) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability – SIR: High

6) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability – SIR: High

7) Cisco Integrated Management Controller Information Disclosure Vulnerability – SIR: High

8) Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability – SIR: High

9) Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability – SIR: High

10) Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability – SIR: High

11) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High

12) Cisco Integrated Management Controller CLI Command Injection Vulnerability – SIR: High

13) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High

14) Cisco Integrated Management Controller Buffer Overflow Vulnerability – SIR: High

15) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High

16) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High

17) Cisco Integrated Management Controller Privilege Escalation Vulnerability – SIR: High

18) Cisco Integrated Management Controller Command Injection Vulnerability – SIR: High

+——————————————————————–

1) Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

CVE-2019-1974

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authbypass”]

+——————————————————————–

2) Cisco UCS Director and Cisco UCS Director Express for Big Data API Authentication Bypass Vulnerability

CVE-2019-1938

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass”]

+——————————————————————–

3) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Authentication Bypass Vulnerability

CVE-2019-1937

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-authby”]

+——————————————————————–

4) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SCP User Default Credentials Vulnerability

CVE-2019-1935

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-usercred”]

+——————————————————————–

5) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

CVE-2019-12634

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-imc-dos”]

+——————————————————————–

6) Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Command Injection Vulnerability

CVE-2019-1936

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imcs-ucs-cmdinj”]

+——————————————————————–

7) Cisco Integrated Management Controller Information Disclosure Vulnerability

CVE-2019-1908

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-infodisc”]

+——————————————————————–

8) Cisco Integrated Management Controller Substring Comparison Privilege Escalation Vulnerability

CVE-2019-1907

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privescal”]

+——————————————————————–

9) Cisco Integrated Management Controller Unauthenticated Denial of Service Vulnerability

CVE-2019-1900

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-dos”]

+——————————————————————–

10) Cisco Integrated Management Controller CSR Generation Command Injection Vulnerability

CVE-2019-1896

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896”]

+——————————————————————–

11) Cisco Integrated Management Controller Command Injection Vulnerability

CVE-2019-1885

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucs-cimc”]

+——————————————————————–

12) Cisco Integrated Management Controller CLI Command Injection Vulnerability

CVE-2019-1883

SIR: High

CVSS Score v(3.0): 7.0

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-cimc-cli-inject”]

+——————————————————————–

13) Cisco Integrated Management Controller Command Injection Vulnerability

CVE-2019-1634

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634”]

+——————————————————————–

14) Cisco Integrated Management Controller Buffer Overflow Vulnerability

CVE-2019-1871

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-bo”]

+——————————————————————–

15) Cisco Integrated Management Controller Command Injection Vulnerability

CVE-2019-1865

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1865”]

+——————————————————————–

16) Cisco Integrated Management Controller Command Injection Vulnerability

CVE-2019-1864

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1864”]

+——————————————————————–

17) Cisco Integrated Management Controller Privilege Escalation Vulnerability

CVE-2019-1863

SIR: High

CVSS Score v(3.0): 6.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-privilege”]

+——————————————————————–

18) Cisco Integrated Management Controller Command Injection Vulnerability

CVE-2019-1850

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinj-1850”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJdXWqeXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczy/oQAIfw6YzVrbwXyDJ30PO35sKcCOYk
YUxQqyx2mi8CytU7BKViHeQVezQX1zZUzkIX33miJbM4EPJCFyeLryhutH4Cs8eg
tQmrWozAkbLtDV+XsvRtBuawf3g7ifdCR6AG2x5AMZGs3L63X2eQUSvHnc14DRhR
K2jPcQEnj3WGnmFBcV2MuB+IZQQv7wH6UGF2NA3dbs2E9uhTRKDgdoe4PZcupbvI
BRSmtB1KrZ5PCzV2tr21OvwQpeMfvDFGSEBngVeJGFoqh+Wq5QwjuWcjXBRQJjvE
q3UyopUSXWa0BshwELFDWoWIizS2OlQkLnwRukCM6O/E0vNtjKqwJKeRV0g6VL9+
gD5FaNNIl/PXM8qxnwUT2B9JPXu8KXKvlfBI52OH30rC0fDytWMe6/jh2An85TYy
jnXvghglF+1e5NXxCTXnpieY4I8fFcad7kLCfkOhKYmv1+SqC7Ln0lm+N1l78+T0
Afzk/sLiQyhP3shRxcsrFgzjJQgr0+xLL90XN6oC3lgttUC0pb0u31kJ1pcx2jLl
bh/7ztXSG3h6giWG/2dSNDbU1xS2kuRZgER7Tk1MvgG3xWvsjcWmYS+sWfCLGKcC
eA2GfVWhoTL9svMkdDFxstLQW9FLvCDDD7TNiWL1og9Da/NMTwka1jSZ/7vhB/aS
a8zNo1l5kJAAbqD0
=p584
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorVlatka Misic
Cert idNCERT-REF-2019-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openjpeg2

Otkriveni su sigurnosni nedostaci u programskom paketu openjpeg2 za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja...

Close