You are here
Home > Preporuke > Ranjivosti više Cisco proizvoda

Ranjivosti više Cisco proizvoda

by Marina Dimic Vugec - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-June-03.

The following PSIRT security advisories (3 Critical, 21 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities – SIR: Critical

2) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability – SIR: Critical

3) Cisco IOx for IOS XE Software Privilege Escalation Vulnerability – SIR: Critical

4) Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities – SIR: High

5) Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability – SIR: High

6) Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability – SIR: High

7) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability – SIR: High

8) Cisco IOS XE Software Command Injection Vulnerability – SIR: High

9) Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability – SIR: High

10) Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability – SIR: High

11) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability – SIR: High

12) Cisco IOS XE Software Web UI Command Injection Vulnerability – SIR: High

13) Cisco IOS XE Software Web UI Command Injection Vulnerability – SIR: High

14) Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability – SIR: High

15) Cisco IOS XE Software Web UI Command Injection Vulnerability – SIR: High

16) Cisco IOS XE Software Web UI Remote Code Execution Vulnerability – SIR: High

17) Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability – SIR: High

18) Cisco IOS XE Software Web UI Command Injection Vulnerability – SIR: High

19) Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities – SIR: High

20) Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability – SIR: High

21) Cisco IOS XE Software Web UI Privilege Escalation Vulnerability – SIR: High

22) Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability – SIR: High

23) Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability – SIR: High

24) Cisco IOx Application Framework Arbitrary File Creation Vulnerability – SIR: High

+——————————————————————–

1) Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities

CVE-2020-3198, CVE-2020-3258

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH”]

+——————————————————————–

2) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

CVE-2020-3205

SIR: Critical

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt”]

+——————————————————————–

3) Cisco IOx for IOS XE Software Privilege Escalation Vulnerability

CVE-2020-3227

SIR: Critical

CVSS Score v(3.0): 9.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9”]

+——————————————————————–

4) Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities

CVE-2020-3199, CVE-2020-3257

SIR: High

CVSS Score v(3.0): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-gos-vuln-s9qS8kYL”]

+——————————————————————–

5) Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability

CVE-2020-3200

SIR: High

CVSS Score v(3.0): 7.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-dos-Un22sd2A”]

+——————————————————————–

6) Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

CVE-2020-3203

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-dos-TkuPVmZN”]

+——————————————————————–

7) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability

CVE-2020-3234

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cred-uPMp9zbY”]

+——————————————————————–

8) Cisco IOS XE Software Command Injection Vulnerability

CVE-2020-3207

SIR: High

CVSS Score v(3.0): 6.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ngwc-cmdinj-KEwWVWR”]

+——————————————————————–

9) Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability

CVE-2020-3208

SIR: High

CVSS Score v(3.0): 6.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-ir800-img-verif-wHhLYHjK”]

+——————————————————————–

10) Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability

CVE-2020-3209

SIR: High

CVSS Score v(3.0): 6.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq”]

+——————————————————————–

11) Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability

CVE-2020-3210

SIR: High

CVSS Score v(3.0): 6.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-vds-cmd-inj-VfJtqGhE”]

+——————————————————————–

12) Cisco IOS XE Software Web UI Command Injection Vulnerability

CVE-2020-3211

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj4-S2TmH7GA”]

+——————————————————————–

13) Cisco IOS XE Software Web UI Command Injection Vulnerability

CVE-2020-3212

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj3-44st5CcA”]

+——————————————————————–

14) Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability

CVE-2020-3217

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-onepk-rce-6Hhyt4dC”]

+——————————————————————–

15) Cisco IOS XE Software Web UI Command Injection Vulnerability

CVE-2020-3219

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-web-cmdinj2-fOnjk2LD”]

+——————————————————————–

16) Cisco IOS XE Software Web UI Remote Code Execution Vulnerability

CVE-2020-3218

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-rce-uk8BXcUD”]

+——————————————————————–

17) Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability

CVE-2020-3221

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-fnfv9-dos-HND6Fc9u”]

+——————————————————————–

18) Cisco IOS XE Software Web UI Command Injection Vulnerability

CVE-2020-3224

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-zM283Zdw”]

+——————————————————————–

19) Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities

CVE-2020-3225

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx”]

+——————————————————————–

20) Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability

CVE-2020-3226

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sip-Cv28sQw2”]

+——————————————————————–

21) Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

CVE-2020-3229

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-PZgQxjfG”]

+——————————————————————–

22) Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability

CVE-2020-3230

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-9p23Jj2a”]

+——————————————————————–

23) Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability

CVE-2020-3235

SIR: High

CVSS Score v(3.0): 7.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-dos-USxSyTk5”]

+——————————————————————–

24) Cisco IOx Application Framework Arbitrary File Creation Vulnerability

CVE-2020-3238

SIR: High

CVSS Score v(3.0): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJe18laXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEpIDxwc2ly
dEBjaXNjby5jb20+AAoJELm9eRtXgZjIxEoQALgryvWBi7f/C6NvZ7vqwjfH6psZ
zdlgU23F7/JSGF1VbONA0buEDNk+Pq9UFip/t7mxFV3Mi8A+Cafu1rhwxBResS2I
H/MEYCZg6hc3n0ajDBmemkZNupbri2qJuDkp4zgTueQf9YnsrCGdspbDx0cARX64
UF/kRr5LM8MvIGPTyQn0v2YJEWawNj+8y+3ljp2uZo9mVOm+7ohzUm6Bg5N9fV0Q
1Jfukmh3G3o8Fk1oUkKtiKH0AH23k0gKp4Lw/TwyCkzNgM7DqRKlVwXRujfiLk5G
tUppUtc8PD35QwRfdUKxCphgx+h7YEmP71SaK8yr6+PuYeeL2vY83WSQgBiQstzg
lJjAw4ZMLWOzugmKgPdteDV7L36CFbHP/sM7ObQMt7G0+hvJkCBKPSyD2gXaNyOt
Qt6C6pQhNnhgYXr6S2e28p8FVYE+OaGBppPcllSQ0GKuGsPLSE8U9OE1ZxlbSXZY
KD9XuSnaR52iXIxyqNGcTS5nQMrvLRWZsWZ6x4kkyOl3/ygFVqNX9CpI99XLLQ4P
uTkzuESjVJT51cbxK9pJO+ulWQYIwPmwq2HwImPI+0/7v0nV23YLfDUsZnHUREHx
OIaVm7Bq9Izuuh59xz2X9Yzk18yjT7onFMfU7Kb1I3048HlpnXEauZlIdGIVaU6S
En8UVtLRILnEd3Pz
=wVFW
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python-django

Otkriveni su sigurnosni nedostaci u programskom paketu python-django za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanjem...

Close