—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-July-29.
The following PSIRT security advisories (3 Critical, 5 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco Data Center Network Manager Authentication Bypass Vulnerability – SIR: Critical
2) Cisco SD-WAN Solution Software Buffer Overflow Vulnerability – SIR: Critical
3) Cisco SD-WAN vManage Software Authorization Bypass Vulnerability – SIR: Critical
4) Cisco Data Center Network Manager Improper Authorization Vulnerability – SIR: High
5) Cisco Data Center Network Manager Command Injection Vulnerability – SIR: High
6) Cisco Data Center Network Manager Path Traversal Vulnerability – SIR: High
7) Cisco Data Center Network Manager Command Injection Vulnerability – SIR: High
8) Cisco Data Center Network Manager Authentication Bypass Vulnerability – SIR: High
+——————————————————————–
1) Cisco Data Center Network Manager Authentication Bypass Vulnerability
CVE-2020-3382
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-dyEejUMs [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-bypass-dyEejUMs”]
+——————————————————————–
2) Cisco SD-WAN Solution Software Buffer Overflow Vulnerability
CVE-2020-3375
SIR: Critical
CVSS Score v(3.0): 9.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdbufof-h5f5VSeL”]
+——————————————————————–
3) Cisco SD-WAN vManage Software Authorization Bypass Vulnerability
CVE-2020-3374
SIR: Critical
CVSS Score v(3.0): 9.9
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-SYGzt8Bv [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uabvman-SYGzt8Bv”]
+——————————————————————–
4) Cisco Data Center Network Manager Improper Authorization Vulnerability
CVE-2020-3386
SIR: High
CVSS Score v(3.0): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-improper-auth-7Krd9TDT [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-improper-auth-7Krd9TDT”]
+——————————————————————–
5) Cisco Data Center Network Manager Command Injection Vulnerability
CVE-2020-3384
SIR: High
CVSS Score v(3.1): 8.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-rest-inj-BCt8pwAJ”]
+——————————————————————–
6) Cisco Data Center Network Manager Path Traversal Vulnerability
CVE-2020-3383
SIR: High
CVSS Score v(3.1): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-path-trav-2xZOnJdR”]
+——————————————————————–
7) Cisco Data Center Network Manager Command Injection Vulnerability
CVE-2020-3377
SIR: High
CVSS Score v(3.1): 6.3
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-devmgr-cmd-inj-Umc8RHNh”]
+——————————————————————–
8) Cisco Data Center Network Manager Authentication Bypass Vulnerability
CVE-2020-3376
SIR: High
CVSS Score v(3.1): 7.3
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-auth-bypass-JkubGpu3”]
—–BEGIN PGP SIGNATURE—–
iQKDBAEBAgBtBQJfIZ3EZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFet+UD/4wUIoLhYTzXmts
uQwyLrpTIfdl4V/bk16sx1ELaRmVCY1WzG5gp1/pfhnffz/nbsJ8X0/BGPkZ3oeZ
aCrxOmbLYOwhhDJEF9pJpeGmyEDLGc3bAdSvRv+aLSIuYgEc/UnUlzX/W5KHbUQO
Bm55rwqAFTaf/VR0MMhiIdQaCGCLszwfk9QDJwr5FXZJg4qhlkaSVM6I+Yj6no2C
iqo1bZN7e+zU/n8osKppVcIzagQy5Lu51XPWsOlJ1xqKwGBeDYpQ9HWdHzp0BpU+
VoFQ4kWwderGyCZlwPlwD9pRFUtODGd00V0zgvWCThn+gIZM2No+B0v0V7l4FaOf
V17B8mbm+fgtU0uLU0JI9n62nwOtzQW7fLblmAqEm5USvYhGfBdI/wH+Q8r0FWCI
816ITC0EQxcVHFsI2bEr8Pz0tJLMeE5QJT7l3SbgquXl0SsA842FXmWxNisewITI
dwoZBdg+DT2AagxccWcLLOCRfM3PIxtI6NV8hgLxVUWMRjqVuzW128lm4yZYcySJ
/sBzJ1g3Rd8Esn8ssNby8adcG6OS1/+0vuf0UTcljUooXQXCW+w+WbhP1JIgCagN
hs5yyGxmWE625oUrU3tnGgtHheQ9ilrUhx/RrqcNWzIWDK+xuIM5+aD8bSy4hoCT
8mv8n7Wvfn6nwGXk4U4LJuynHIjXmg==
=XFg5
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com