—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-January-22.

The following PSIRT security advisories (1 Critical, 7 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability – SIR: Critical

2) Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability – SIR: High

3) Cisco IOS XE SD-WAN Software Default Credentials Vulnerability – SIR: High

4) Cisco SD-WAN Solution Local Privilege Escalation Vulnerability – SIR: High

5) Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability – SIR: High

6) Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability – SIR: High

7) Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability – SIR: High

8) Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities – SIR: High

+——————————————————————–

1) Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability

CVE-2019-16028

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth”]

+——————————————————————–

2) Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability

CVE-2020-3143

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ”]

+——————————————————————–

3) Cisco IOS XE SD-WAN Software Default Credentials Vulnerability

CVE-2019-1950

SIR: High

CVSS Score v(3.0): 8.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259”]

+——————————————————————–

4) Cisco SD-WAN Solution Local Privilege Escalation Vulnerability

CVE-2020-3115

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc”]

+——————————————————————–

5) Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability

CVE-2019-16029

SIR: High

CVSS Score v(3.0): 8.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos”]

+——————————————————————–

6) Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

CVE-2019-16027

SIR: High

CVSS Score v(3.0): 7.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos”]

+——————————————————————–

7) Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability

CVE-2019-16018

SIR: High

CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes”]

+——————————————————————–

8) Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

CVE-2019-16019, CVE-2019-16020, CVE-2019-16021, CVE-2019-16022, CVE-2019-16023

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJeKHQ6XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEpIDxwc2ly
dEBjaXNjby5jb20+AAoJELm9eRtXgZjI+3wQAIvHX17NCfXQSduDXGuX69mKNm4E
zIpsDYNr06CfCG0oql+Lng/RU4biHm9fg0+y6LACvO/9vH7LQrtUAIlJi+hHzuo/
OPbqVtbHKP+Y+T257KyfjivKET652Bt7/PD2qlK4OIY0ZFjAlKfkCGuzwQ1DNu2H
meAmgIVzyNLNu725mS6rykhbbnf28Wm11H+gvQL4J6B8xFO4LzbKrN9m6DY7vZJr
JnHb1Cgevkfs2vu76uexW2lp4sxrcXOJ9uM21CLb6H9XQP1FzTaeIv/7yJcbMrau
BkOPFiD1ZA5Ic3vkbVHkfqKgkrQD/iAbz3+kM77K/8dIrlNBqBHZi4TsjQJkTidS
gwcrjRZ1sE3l7uV3zYOoNYgvkCaX/+GDf2CuD6smLUTKfvuorUHxKZToz0omlcr5
C8oFjT63x2MaZZNzFoaTEm6QVrGS4ChX3G/oNBT47GEvATmwDnqm+7fTfpSnADj0
LhpcOhvCIdbLn1mdJg8J0DnXzv/KBrZkn+aSVe7ISuZmhPrC06NnX7MVglwa1O1s
vHmu9ma2SHw8/hLBbIJL7Q8E34Abt6V9sCkWpBxOtSAv0j/MpFAfg71os14wVWib
hHHfVlIhoZotHmbx4OxyzXad7seUFnO/LmF6Eu90vsc06PkitUhe5UH/mF83R1hI
NhCfZR8Ugxme1d4r
=yW2l
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com