You are here
Home > Preporuke > Ranjivosti više Cisco proizvoda

Ranjivosti više Cisco proizvoda

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-November-18.

The following PSIRT security advisories (3 Critical, 3 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco DNA Spaces Connector Command Injection Vulnerability – SIR: Critical

2) Cisco IoT Field Network Director Unauthenticated REST API Vulnerability – SIR: Critical

3) Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities – SIR: Critical

4) Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability – SIR: High

5) Cisco IoT Field Network Director Missing API Authentication Vulnerability – SIR: High

6) Cisco Secure Web Appliance Privilege Escalation Vulnerability – SIR: High

+——————————————————————–

1) Cisco DNA Spaces Connector Command Injection Vulnerability

CVE-2020-3586

SIR: Critical

CVSS Score v(3.1): 9.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dna-cmd-injection-rrAYzOwc”]

+——————————————————————–

2) Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

CVE-2020-3531

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F”]

+——————————————————————–

3) Cisco Integrated Management Controller Multiple Remote Code Execution Vulnerabilities

CVE-2020-3470

SIR: Critical

CVSS Score v(3.1): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-api-rce-UXwpeDHd”]

+——————————————————————–

4) Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

CVE-2020-26072

SIR: High

CVSS Score v(3.0): 8.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR”]

+——————————————————————–

5) Cisco IoT Field Network Director Missing API Authentication Vulnerability

CVE-2020-3392

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V”]

+——————————————————————–

6) Cisco Secure Web Appliance Privilege Escalation Vulnerability

CVE-2020-3367

SIR: High

CVSS Score v(3.0): 5.3

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-nPzWZrQj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-nPzWZrQj”]

—–BEGIN PGP SIGNATURE—–

iQKDBAEBAgBtBQJftUfnZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFehHRD/444GMkpTmaUISn
H8tKsQ8BPUwTxNPjMm7eNpRXp0+cUP4MlOJf5vyxRjGKnJBjuAXUoR4TB689KMrs
gXDj+fQeBjf/uiGUoRym1p6CBNNZsqG4jMP2Hv92hlRB0AyZArKmk5AOUfAGUxFw
/RTKohlqXAe4FkfqDeBYf6boREQH7D2rCOJsEn7KjCXDxuRiZUbXwyHaZ85Jeje+
nYoX6S1dI5NOR1BcVkZqBe0wTY/z9XDFIdi4Lrq2RiG/Y8aIKa2XL1gXE2zMGDi4
Bx0B52RiTfwVrGqGx4om728rCWy3jp+ynoWPlsxZH6TfWzuA0xR3i8Ndyt0rVafK
zgm97S7euQ1R1/Y3FiHy2mzb9RvPnFq8GR4pxN3BCnrgKTg0d0sDtTY4N8mozZm6
M+BaXzQpirfVEyipNdQDdWVScf84KoxS7fhtR3Y5aRhS/tGMo1xy91PHAy+dGo9P
yuRbqCHpk7st3m+tSgOl5QiG1Czb256JiYevvdLttl9E42sDoVb21Vk2w3zG+MOf
XNOQ2MIKwTmsa9BtluiA9dJOPjluuG1uNr9JtXm6aIGmbGmk7oeNgnF6LQUct2ko
+IVWrlmnm/i2EtqqwNz/yCIYM73LBjcn9ZRSxHmfsE1iZlU0tb/88gXdiwI0cg/9
Geac6EvI0GSjFW9aCgpHb674LXEIMA==
=ste6
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa OpenShift Serverless

Otkriveni su sigurnosni nedostaci u programskom paketu OpenShift Serverless za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS...

Close