- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-November-18.
The following PSIRT security advisories (3 Critical, 3 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco DNA Spaces Connector Command Injection Vulnerability – SIR: Critical
2) Cisco IoT Field Network Director Unauthenticated REST API Vulnerability – SIR: Critical
3) Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities – SIR: Critical
4) Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability – SIR: High
5) Cisco IoT Field Network Director Missing API Authentication Vulnerability – SIR: High
6) Cisco Secure Web Appliance Privilege Escalation Vulnerability – SIR: High
+——————————————————————–
1) Cisco DNA Spaces Connector Command Injection Vulnerability
CVE-2020-3586
SIR: Critical
CVSS Score v(3.1): 9.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc”]
+——————————————————————–
2) Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
CVE-2020-3531
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F”]
+——————————————————————–
3) Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities
CVE-2020-3470
SIR: Critical
CVSS Score v(3.1): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd”]
+——————————————————————–
4) Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
CVE-2020-26072
SIR: High
CVSS Score v(3.0): 8.7
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR”]
+——————————————————————–
5) Cisco IoT Field Network Director Missing API Authentication Vulnerability
CVE-2020-3392
SIR: High
CVSS Score v(3.0): 7.5
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V”]
+——————————————————————–
6) Cisco Secure Web Appliance Privilege Escalation Vulnerability
CVE-2020-3367
SIR: High
CVSS Score v(3.0): 5.3
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-nPzWZrQj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-nPzWZrQj”]
—–BEGIN PGP SIGNATURE—–
iQKDBAEBAgBtBQJftUfnZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFehHRD/444GMkpTmaUISn
H8tKsQ8BPUwTxNPjMm7eNpRXp0+cUP4MlOJf5vyxRjGKnJBjuAXUoR4TB689KMrs
gXDj+fQeBjf/uiGUoRym1p6CBNNZsqG4jMP2Hv92hlRB0AyZArKmk5AOUfAGUxFw
/RTKohlqXAe4FkfqDeBYf6boREQH7D2rCOJsEn7KjCXDxuRiZUbXwyHaZ85Jeje+
nYoX6S1dI5NOR1BcVkZqBe0wTY/z9XDFIdi4Lrq2RiG/Y8aIKa2XL1gXE2zMGDi4
Bx0B52RiTfwVrGqGx4om728rCWy3jp+ynoWPlsxZH6TfWzuA0xR3i8Ndyt0rVafK
zgm97S7euQ1R1/Y3FiHy2mzb9RvPnFq8GR4pxN3BCnrgKTg0d0sDtTY4N8mozZm6
M+BaXzQpirfVEyipNdQDdWVScf84KoxS7fhtR3Y5aRhS/tGMo1xy91PHAy+dGo9P
yuRbqCHpk7st3m+tSgOl5QiG1Czb256JiYevvdLttl9E42sDoVb21Vk2w3zG+MOf
XNOQ2MIKwTmsa9BtluiA9dJOPjluuG1uNr9JtXm6aIGmbGmk7oeNgnF6LQUct2ko
+IVWrlmnm/i2EtqqwNz/yCIYM73LBjcn9ZRSxHmfsE1iZlU0tb/88gXdiwI0cg/9
Geac6EvI0GSjFW9aCgpHb674LXEIMA==
=ste6
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Dona Seruga |
| Cert id | NCERT-REF-2020-11-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
