- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2019-September-25.
The following PSIRT security advisories (12 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability – SIR: High
2) Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability – SIR: High
3) Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability – SIR: High
4) Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability – SIR: High
5) Cisco IOS XE Software Web UI Command Injection Vulnerabilities – SIR: High
6) Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability – SIR: High
7) Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability – SIR: High
8) Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability – SIR: High
9) Cisco IOx Application Environment Denial of Service Vulnerability – SIR: High
10) Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability – SIR: High
11) Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability – SIR: High
12) Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability – SIR: High
+——————————————————————–
1) Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
CVE-2019-12646
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-alg”]
+——————————————————————–
2) Cisco IOS and IOS XE Software IP Ident Denial of Service Vulnerability
CVE-2019-12647
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-identd-dos”]
+——————————————————————–
3) Cisco Catalyst 4000 Series Switches TCP Denial of Service Vulnerability
CVE-2019-12652
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-cat4000-tcp-dos”]
+——————————————————————–
4) Cisco IOx for IOS Software Guest Operating System Unauthorized Access Vulnerability
CVE-2019-12648
SIR: High
CVSS Score v(3.0): 9.9
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth”]
+——————————————————————–
5) Cisco IOS XE Software Web UI Command Injection Vulnerabilities
CVE-2019-12650, CVE-2019-12651
SIR: High
CVSS Score v(3.0): 7.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection”]
+——————————————————————–
6) Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability
CVE-2019-12654
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-sip-dos”]
+——————————————————————–
7) Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability
CVE-2019-12653
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos”]
+——————————————————————–
8) Cisco IOS XE Software Filesystem Exhaustion Denial of Service Vulnerability
CVE-2019-12658
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-fsdos”]
+——————————————————————–
9) Cisco IOx Application Environment Denial of Service Vulnerability
CVE-2019-12656
SIR: High
CVSS Score v(3.0): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iox”]
+——————————————————————–
10) Cisco IOS XE Software FTP Application Layer Gateway for NAT, NAT64, and ZBFW Denial of Service Vulnerability
CVE-2019-12655
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ftp”]
+——————————————————————–
11) Cisco IOS XE Software Unified Threat Defense Denial of Service Vulnerability
CVE-2019-12657
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd”]
+——————————————————————–
12) Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
CVE-2019-12649
SIR: High
CVSS Score v(3.0): 6.7
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJdi6OPXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcztGwP/1l4QuVVauwziCCa5bVzBjh723O5
6cphlqhWFBX/35dOcHm3yY5L4pW2FsnGYoKDm/p2UmOzlCZp1DW49RTatWx/QqLt
wpf6QO+o4UPuLRPPFqVSsNOYu27x+t+agJ/S7nZNCw9CHB484+f6xBObn9StMVtD
T62lRylXNH03dGxzIPzIyYW15OH9i2TdjtgR9tyjWkO+IJSWArlAp7D/JnQpgUPz
S2ujnJTLlihCAwIczDInQWJlkou5kLqDzlRtAsVbyTxRmO3wCMkJUFwvqcO5/0f5
cg61ahkzyaBtR0l0QBFzayk/Wonc7bE9O2Sr/BfhIsG2qLZ4bgDnJXK4mm1NiaaH
nyHNs15k83oPn2ddPilwBtNLWGkAWbPTehlP3lrCc1XqJAFrU0tKjL0HqECKMFv8
BYGdLBm4zRjESiFksxrDQETfNFDzSX1rff/gIKHZSTWHCY4u9rHPzHMzvjf5F5S8
Oje6F+lj/6rGEAIgzt9pbHkqDKT5WWc5lZ6zoZfSu0DMFOg44DjfQwZW8VgwmxLD
frd5M9F++7zcs9G7Jke/nbScE5pCKnxOSyv1e4WPYpXvDnA/vf35GqSGAbDJsv45
em+zWXVCnIPkSUAxTp/nFracv5EeTnw5z2lDjLDukiA+iXOyU/kGt4JZoKmndon7
3MIylaGjWvXJy9Wk
=LiS+
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Toni Vugdelija |
| Cert id | NCERT-REF-2019-09-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
