- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-November-04.
The following PSIRT security advisories (12 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco SD-WAN vManage Software Privilege Escalation Vulnerability – SIR: High
2) Cisco SD-WAN vManage Software Directory Traversal Vulnerability – SIR: High
3) Cisco SD-WAN Software Arbitrary File Creation Vulnerability – SIR: High
4) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High
5) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High
6) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High
7) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High
8) Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability – SIR: High
9) Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability – SIR: High
10) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities – SIR: High
11) Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability – SIR: High
12) Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability – SIR: High
+——————————————————————–
1) Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
CVE-2020-26074
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf”]
+——————————————————————–
2) Cisco SD-WAN vManage Software Directory Traversal Vulnerability
CVE-2020-26073
SIR: High
CVSS Score v(3.1): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk”]
+——————————————————————–
3) Cisco SD-WAN Software Arbitrary File Creation Vulnerability
CVE-2020-26071
SIR: High
CVSS Score v(3.1): 8.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns”]
+——————————————————————–
4) Cisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2020-3600
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA”]
+——————————————————————–
5) Cisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2020-3595
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj”]
+——————————————————————–
6) Cisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2020-3594
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc”]
+——————————————————————–
7) Cisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2020-3593
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ”]
+——————————————————————–
8) Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability
CVE-2020-3588
SIR: High
CVSS Score v(3.1): 7.3
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ”]
+——————————————————————–
9) Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
CVE-2020-3574
SIR: High
CVSS Score v(3.1): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv”]
+——————————————————————–
10) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
CVE-2020-3573, CVE-2020-3603, CVE-2020-3604
SIR: High
CVSS Score v(3.1): 7.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24”]
+——————————————————————–
11) Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
CVE-2020-3556
SIR: High
CVSS Score v(3.1): 7.3
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK”]
+——————————————————————–
12) Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability
CVE-2020-3284
SIR: High
CVSS Score v(3.0): 8.1
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2”]
—–BEGIN PGP SIGNATURE—–
iQKDBAEBAgBtBQJfotL8ZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFelJwD/9LC9iUetW67JYs
+Gva34WjLE6GINn6DPEtn/bNXHiYB+27o8KauCQpU/5+YN/KVUvwvaoh68TpWNEr
BmY0T/VKvvoBoPL1/R3VU8fcJvaPoqlamJIF/y7QTLhVp4aqJvdkJc6TZgLJW9pI
oqACXTA3oeiussSEtLvD3tluQTq5W8Dl+oub648UapilKjeZiiuEPxSRFu8IOEoe
SQU7kH8i1ICNmWa0bl6UX8rS1ezyBZsnSUAUPurIcYpJqwTDht/8300l+BzMKBa6
BJrDHDi1dHKysDozhqXeVZDIQ5xP8cgdJ4P8DCBmhuh6MSq2jFObVBWsYdmgWLXw
aygwX/r+wpg3/4jBp0aI6sVMxTk/+AoyFvbZ/LMYL9m1qYXgvkfz7qjideIsNY04
Kp5hH5SSaHjHJbUTvj1nzGFZMl6DK7TyMfLLhyaA6BbN72qN5+WVvypdF7iueBZU
MppStNqow/NSh4ccYc9GYiz3ujkLdg38Tf42/BUArjWxdaDKPmjT3W3ZghJb3nvV
Sd9Mr4X7r4XN1in6cOpJZhM+yhOCP26iJXko/4WeaCqmdyLVK2R5imh6ucEbIYHC
OPnhbayKmWTDPPC/0RvP/9zNV+Q2O9uyPcQWZ2eT2/psIGo+T1WreEQJ3s5EA0QB
r6wukmUaX8mFtagAbConrgYOCFzoig==
=vO4p
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Bruno Varga |
| Cert id | NCERT-REF-2020-11-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
