You are here
Home > Preporuke > Ranjivosti više Cisco proizvoda

Ranjivosti više Cisco proizvoda

by Marina Dimic Vugec - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-April-15.

The following PSIRT security advisories (3 Critical, 7 High) were published at 16:00 UTC today.

Table of Contents:

1) Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data – SIR: Critical

2) Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability – SIR: Critical

3) Cisco IP Phones Web Application Buffer Overflow Vulnerability – SIR: Critical

4) Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability – SIR: High

5) Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability – SIR: High

6) Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability – SIR: High

7) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability – SIR: High

8) Cisco Unified Communications Manager Path Traversal Vulnerability – SIR: High

9) Cisco IoT Field Network Director Denial of Service Vulnerability – SIR: High

10) Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability – SIR: High

+——————————————————————–

1) Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data

CVE-2020-3239, CVE-2020-3240, CVE-2020-3243, CVE-2020-3247, CVE-2020-3248, CVE-2020-3249, CVE-2020-3250, CVE-2020-3251, CVE-2020-3252

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E”]

+——————————————————————–

2) Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability

CVE-2020-3161

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs”]

+——————————————————————–

3) Cisco IP Phones Web Application Buffer Overflow Vulnerability

CVE-2016-1421

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp”]

+——————————————————————–

4) Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability

CVE-2020-3273

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH”]

+——————————————————————–

5) Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability

CVE-2020-3261

SIR: High

CVSS Score v(3.0): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24”]

+——————————————————————–

6) Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability

CVE-2020-3260

SIR: High

CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz”]

+——————————————————————–

7) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability

CVE-2020-3194

SIR: High

CVSS Score v(3.0): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby”]

+——————————————————————–

8) Cisco Unified Communications Manager Path Traversal Vulnerability

CVE-2020-3177

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r”]

+——————————————————————–

9) Cisco IoT Field Network Director Denial of Service Vulnerability

CVE-2020-3162

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq”]

+——————————————————————–

10) Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability

CVE-2020-3262

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJelzCEXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEpIDxwc2ly
dEBjaXNjby5jb20+AAoJELm9eRtXgZjIDoYQALc4T3VYnT4EvD9roADcWSh+zWio
8Wq/53Oz/0qSMnOKm2m3HWrrz6t+oAvmqj0Sn5Xuszks6Pljiq5k6Y7lkxkc8FLl
YzoV6Vah3Euwhxslz4ljP9O4qBt4F37p+xfYcJq1d/qUamYwaMb5Wl4F40TYeBQL
sq6VCwpwCeUOuJ+U/Es3imIpG1Dl9LUWcc/CyeiT8FuF+VwBlnYB0O23SfJLx4CM
6ZdPW9yFJBcWO0fwyj19F6cWXp1+DkYjIcr4Re/yH7Ucqryy+QQvDRRGmI+de+1d
MTFps+dF8rTccmd5htT/YEYVYPXxX2PDcnXqNlhpbm0wIuskdrVH/wZjtPRPyA5Z
nA/zX1M9E3kyFc0hgFVZLC36n5RR4X86GxB9Alb8B4HCSMwundVso6GN7if/7Sdw
uVh3uswVT77bMAXc+4+lp5Yhf9AAHl/z/e69oyELnPIVwI4OXayfXmVJFhl8w2Sg
aMaXir9GWpSxUaftzg2vXlMpATD92OlPrm3GpwYeQWZdfcp0zP0p7bkGQjIo4w7Y
YKep2J3peadz9R/sjUX/6miriBXTIZZFJ3CGqcULd6pUWVZx6letYtkfmCLfsRrk
Gz+jJeiOjZ8xQ3JxyUkqShFUR7u0xZDUpKnH5TIx8sIIi8IFxhv+JK2ykgSVFFLW
x+6Lom55Tg5CzvQ6
=We1F
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorToni Vugdelija
Cert idNCERT-REF-2020-04-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ipmitool

Otkriven je sigurnosni nedostatak u programskom paketu ipmitool za operacijski sustav RHEL. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izvršavanje proizvoljnog...

Close