—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-October-21.
The following PSIRT security advisories (20 High) were published at 16:00 UTC today.
Table of Contents:
1) Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability – SIR: High
2) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Session Denial of Service Vulnerability – SIR: High
3) Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability – SIR: High
4) Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability – SIR: High
5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Denial of Service Vulnerability – SIR: High
6) Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability – SIR: High
7) Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability – SIR: High
8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability – SIR: High
9) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability – SIR: High
10) Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability – SIR: High
11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability – SIR: High
12) Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability – SIR: High
13) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities – SIR: High
14) Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability – SIR: High
15) Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability – SIR: High
16) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability – SIR: High
17) Cisco Firepower Management Center Software Denial of Service Vulnerability – SIR: High
18) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability – SIR: High
19) Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability – SIR: High
20) Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability – SIR: High
+——————————————————————–
1) Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability
CVE-2020-3577
SIR: High
CVSS Score v(3.0): 7.4
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-inline-dos-nXqUyEqM [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-inline-dos-nXqUyEqM”]
+——————————————————————–
2) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Session Denial of Service Vulnerability
CVE-2020-3572
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-tcp-dos-N3DMnU4T [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-tcp-dos-N3DMnU4T”]
+——————————————————————–
3) Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability
CVE-2020-3571
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmp-dos-hxxcycM [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-icmp-dos-hxxcycM”]
+——————————————————————–
4) Cisco Firepower Threat Defense Software TCP Flood Denial of Service Vulnerability
CVE-2020-3563
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-GDcZDqAf [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-GDcZDqAf”]
+——————————————————————–
5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Denial of Service Vulnerability
CVE-2020-3554
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx”]
+——————————————————————–
6) Cisco Firepower Management Center Software Common Access Card Authentication Bypass Vulnerability
CVE-2020-3410
SIR: High
CVSS Score v(3.1): 8.1
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cacauthbyp-NCLGZm3Q [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cacauthbyp-NCLGZm3Q”]
+——————————————————————–
7) Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability
CVE-2020-3533
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snmp-dos-R8ENPbOs [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snmp-dos-R8ENPbOs”]
+——————————————————————–
8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability
CVE-2020-3529
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx”]
+——————————————————————–
9) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability
CVE-2020-3528
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r”]
+——————————————————————–
10) Cisco Firepower Threat Defense Software Multi-Instance Container Escape Vulnerability
CVE-2020-3514
SIR: High
CVSS Score v(3.1): 8.2
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-container-esc-FmYqFBQV [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-container-esc-FmYqFBQV”]
+——————————————————————–
11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability
CVE-2020-3373
SIR: High
CVSS Score v(3.1): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-frag-memleak-mCtqdP9n [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-frag-memleak-mCtqdP9n”]
+——————————————————————–
12) Cisco Firepower 2100 Series SSL/TLS Inspection Denial of Service Vulnerability
CVE-2020-3562
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-dcrpt-dos-RYEkX4yy [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-dcrpt-dos-RYEkX4yy”]
+——————————————————————–
13) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass Vulnerabilities
CVE-2020-3458
SIR: High
CVSS Score v(3.0): 6.7
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbyp-KqP6NgrE [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbyp-KqP6NgrE”]
+——————————————————————–
14) Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability
CVE-2020-3455
SIR: High
CVSS Score v(3.0): 6.7
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn”]
+——————————————————————–
15) Cisco FXOS Software Firepower Chassis Manager Cross-Site Request Forgery Vulnerability
CVE-2020-3456
SIR: High
CVSS Score v(3.1): 8.8
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxosfcm-csrf-uhO4e5BZ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxosfcm-csrf-uhO4e5BZ”]
+——————————————————————–
16) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services File Upload Denial of Service Vulnerability
CVE-2020-3436
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys”]
+——————————————————————–
17) Cisco Firepower Management Center Software Denial of Service Vulnerability
CVE-2020-3499
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dos-NjYvDcLA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dos-NjYvDcLA”]
+——————————————————————–
18) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability
CVE-2020-3304
SIR: High
CVSS Score v(3.0): 8.6
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw”]
+——————————————————————–
19) Cisco Firepower Management Center Software and Firepower Threat Defense Software sftunnel Pass the Hash Vulnerability
CVE-2020-3549
SIR: High
CVSS Score v(3.0): 8.1
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-sft-mitm-tc8AzFs2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-sft-mitm-tc8AzFs2”]
+——————————————————————–
20) Cisco Firepower Management Center Software and Firepower Threat Defense Software Directory Traversal Vulnerability
CVE-2020-3550
SIR: High
CVSS Score v(3.0): 8.1
URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftdfmc-dirtrav-NW8XcuSB”]
—–BEGIN PGP SIGNATURE—–
iQKDBAEBAgBtBQJfkF0OZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFeq67D/0bqZW/Tq8qATG/
G8Dtb4LOPktVyxF0uKijSyeV9Xtb8UQ5sNBljLJAvW9EqGHB99Dchicwlh9Fqku2
Q+Rhug59NJPU78WtHsvAEGD285LzVHROqMsKYPHV11wV69uTUiHkAa6DtqWPvrT1
5fd/sTk6gKels3PAR4mSDA1DTABQ9LbdOzk2ZHiwHj96IcFJi8+Q8K1RRBKQSLB9
GZdQn/9LVy2FtXWSAPNC4LCI1kti09wrk1q2xiWNtCkwTG8VtIdpSJCxYPvOuiko
vHRnHLUzWANnm3PqmOXl9+fzB6c5oqfA5Tk7TFZVzZ47BKFmu/aJQWCzeWvd0Xm4
dmEXnrr7vV6Jwy494Wwm4cuF/oS2D1Zns7rNr72J1ELHiPO4AIeXar4gWb/lMGoA
+4ztZMGrjVlhnQjhin7F9BVBJ2wz23VKfNHzdHFwvHz3tSiQn9Fm9+KtaPgdW1vy
Ts82SiBhCeR9WEog5zhx+Vuls1TxHjZB8YJhX4jFbaasCGztrYf/LqyFWSv2yzkj
El+QWdL3FuWU8Ec9ILnCmd9pYd3WN4o9ZdbJhRABMVfNUcxNBzJDBfTzSFjOio2J
3sOvnwTg6tn0uLheRHa5BqTCQSkbwB7T9ADlMnqLcsb3uR0RWxyHB+v/B/hmO1kO
P6/EepSBtbCHoDujTRGuiXALhA7DeA==
=UY6T
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com