—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-January-22.
The following PSIRT security advisories (1 Critical, 7 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability – SIR: Critical
2) Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability – SIR: High
3) Cisco IOS XE SD-WAN Software Default Credentials Vulnerability – SIR: High
4) Cisco SD-WAN Solution Local Privilege Escalation Vulnerability – SIR: High
5) Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability – SIR: High
6) Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability – SIR: High
7) Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability – SIR: High
8) Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities – SIR: High
+——————————————————————–
1) Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability
CVE-2019-16028
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth”]
+——————————————————————–
2) Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
CVE-2020-3143
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ”]
+——————————————————————–
3) Cisco IOS XE SD-WAN Software Default Credentials Vulnerability
CVE-2019-1950
SIR: High
CVSS Score v(3.0): 8.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259”]
+——————————————————————–
4) Cisco SD-WAN Solution Local Privilege Escalation Vulnerability
CVE-2020-3115
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc”]
+——————————————————————–
5) Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability
CVE-2019-16029
SIR: High
CVSS Score v(3.0): 8.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos”]
+——————————————————————–
6) Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability
CVE-2019-16027
SIR: High
CVSS Score v(3.0): 7.7
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos”]
+——————————————————————–
7) Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability
CVE-2019-16018
SIR: High
CVSS Score v(3.0): 7.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes”]
+——————————————————————–
8) Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
CVE-2019-16019, CVE-2019-16020, CVE-2019-16021, CVE-2019-16022, CVE-2019-16023
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJeKHQ6XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEpIDxwc2ly
dEBjaXNjby5jb20+AAoJELm9eRtXgZjI+3wQAIvHX17NCfXQSduDXGuX69mKNm4E
zIpsDYNr06CfCG0oql+Lng/RU4biHm9fg0+y6LACvO/9vH7LQrtUAIlJi+hHzuo/
OPbqVtbHKP+Y+T257KyfjivKET652Bt7/PD2qlK4OIY0ZFjAlKfkCGuzwQ1DNu2H
meAmgIVzyNLNu725mS6rykhbbnf28Wm11H+gvQL4J6B8xFO4LzbKrN9m6DY7vZJr
JnHb1Cgevkfs2vu76uexW2lp4sxrcXOJ9uM21CLb6H9XQP1FzTaeIv/7yJcbMrau
BkOPFiD1ZA5Ic3vkbVHkfqKgkrQD/iAbz3+kM77K/8dIrlNBqBHZi4TsjQJkTidS
gwcrjRZ1sE3l7uV3zYOoNYgvkCaX/+GDf2CuD6smLUTKfvuorUHxKZToz0omlcr5
C8oFjT63x2MaZZNzFoaTEm6QVrGS4ChX3G/oNBT47GEvATmwDnqm+7fTfpSnADj0
LhpcOhvCIdbLn1mdJg8J0DnXzv/KBrZkn+aSVe7ISuZmhPrC06NnX7MVglwa1O1s
vHmu9ma2SHw8/hLBbIJL7Q8E34Abt6V9sCkWpBxOtSAv0j/MpFAfg71os14wVWib
hHHfVlIhoZotHmbx4OxyzXad7seUFnO/LmF6Eu90vsc06PkitUhe5UH/mF83R1hI
NhCfZR8Ugxme1d4r
=yW2l
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com