You are here
Home > Preporuke > Ranjivosti više Cisco proizvoda

Ranjivosti više Cisco proizvoda

  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-02.

The following PSIRT security advisories (1 Critical, 4 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability – SIR: Critical

2) Cisco IOS XR Authenticated User Privilege Escalation Vulnerability – SIR: High

3) Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability – SIR: High

4) Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability – SIR: High

5) Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability – SIR: High

+——————————————————————–

1) Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability

CVE-2020-3495

SIR: Critical

CVSS Score v(3.1): 9.9

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg”]

+——————————————————————–

2) Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

CVE-2020-3530

SIR: High

CVSS Score v(3.1): 8.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv”]

+——————————————————————–

3) Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability

CVE-2020-3430

SIR: High

CVSS Score v(3.1): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB”]

+——————————————————————–

4) Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

CVE-2020-3478

SIR: High

CVSS Score v(3.1): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-file-overwrite-UONzPMkr [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-file-overwrite-UONzPMkr”]

+——————————————————————–

5) Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

CVE-2020-3473

SIR: High

CVSS Score v(3.0): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN”]

—–BEGIN PGP SIGNATURE—–

iQKDBAEBAgBtBQJfT8W5ZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFesZXD/9ZJ6IfQMabRetz
IDYJmrg4mWsB5UG6WVXsoVx1ytOvexnQoiwtaNzBoHhM1diUzT1aVcW1Ul7/0Rfi
hbvAFPys1QEGZuE6Pgocbe8YE+qZg2dRQ3xCE1eQaxjHsjPieDLRgkWYZNMJon+z
dhUOfF3fsZ7dmSMl0KgDBaZGeQ86QTDrxTQ6DQg1eJLqC0QLUpkBADOlHGkLxCyl
kmLbKP/7TTkrUVOjsd60QFyb5lN1gjZbNSseFlwPvQK8v1HR7QeqJfd8girv63nV
bAxbPCfUMLMYT9f9S/tsveYsLbJf/uQV0h5lcD8+1vGlxEcoeZFTVUfzNL9NF7+g
PQml+JVclpkdGrHR01pi3x4dtl3Nfg76JUndUJIXqDLk8Fdc3yHM09DGj51XcImc
maQqnEQhIpB8PpYq9afTvuVtc+2hWD96h7P+WVpQkvJ6FOXgGUJV41rVzHsK/CC5
renkTHjJk38pq5COhtqktg0ZUjo6Wn+DXhmh0XarRCcltCQu985LkWDnUNu2x1Ud
2bICfA/s4aGU4JeQMgTUqQ1WgBoVFdSCsZ68GvgqYKCx0TDHSJYftRLTdVrg1znQ
wyne3bKB6aoEyURIjoHwGUtdeoyeVsVpnM122dxIT0pfMOeM7GBipXK2e87l4sFz
16ofWSehQrAkVYst+TkdaBdVdlRA8Q==
=01b7
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostak SCTP implementacije

Otkriven je sigurnosni nedostatak u SCTP implementaciji za operacijski sustav FreeBSD. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close