You are here
Home > Preporuke > Ranjivost više cisco proizvoda

Ranjivost više cisco proizvoda

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-November-04.

The following PSIRT security advisories (12 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco SD-WAN vManage Software Privilege Escalation Vulnerability – SIR: High

2) Cisco SD-WAN vManage Software Directory Traversal Vulnerability – SIR: High

3) Cisco SD-WAN Software Arbitrary File Creation Vulnerability – SIR: High

4) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High

5) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High

6) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High

7) Cisco SD-WAN Software Privilege Escalation Vulnerability – SIR: High

8) Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability – SIR: High

9) Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability – SIR: High

10) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities – SIR: High

11) Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability – SIR: High

12) Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability – SIR: High

+——————————————————————–

1) Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

CVE-2020-26074

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf”]

+——————————————————————–

2) Cisco SD-WAN vManage Software Directory Traversal Vulnerability

CVE-2020-26073

SIR: High

CVSS Score v(3.1): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk”]

+——————————————————————–

3) Cisco SD-WAN Software Arbitrary File Creation Vulnerability

CVE-2020-26071

SIR: High

CVSS Score v(3.1): 8.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns”]

+——————————————————————–

4) Cisco SD-WAN Software Privilege Escalation Vulnerability

CVE-2020-3600

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA”]

+——————————————————————–

5) Cisco SD-WAN Software Privilege Escalation Vulnerability

CVE-2020-3595

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj”]

+——————————————————————–

6) Cisco SD-WAN Software Privilege Escalation Vulnerability

CVE-2020-3594

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc”]

+——————————————————————–

7) Cisco SD-WAN Software Privilege Escalation Vulnerability

CVE-2020-3593

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ”]

+——————————————————————–

8) Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability

CVE-2020-3588

SIR: High

CVSS Score v(3.1): 7.3

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ”]

+——————————————————————–

9) Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability

CVE-2020-3574

SIR: High

CVSS Score v(3.1): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv”]

+——————————————————————–

10) Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities

CVE-2020-3573, CVE-2020-3603, CVE-2020-3604

SIR: High

CVSS Score v(3.1): 7.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24”]

+——————————————————————–

11) Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

CVE-2020-3556

SIR: High

CVSS Score v(3.1): 7.3

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK”]

+——————————————————————–

12) Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability

CVE-2020-3284

SIR: High

CVSS Score v(3.0): 8.1

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2”]

—–BEGIN PGP SIGNATURE—–

iQKDBAEBAgBtBQJfotL8ZhxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDIwLTIwMjEgW3JlZnJl
c2hdKSA8cHNpcnRAY2lzY28uY29tPgAKCRCbFvaOC+BFelJwD/9LC9iUetW67JYs
+Gva34WjLE6GINn6DPEtn/bNXHiYB+27o8KauCQpU/5+YN/KVUvwvaoh68TpWNEr
BmY0T/VKvvoBoPL1/R3VU8fcJvaPoqlamJIF/y7QTLhVp4aqJvdkJc6TZgLJW9pI
oqACXTA3oeiussSEtLvD3tluQTq5W8Dl+oub648UapilKjeZiiuEPxSRFu8IOEoe
SQU7kH8i1ICNmWa0bl6UX8rS1ezyBZsnSUAUPurIcYpJqwTDht/8300l+BzMKBa6
BJrDHDi1dHKysDozhqXeVZDIQ5xP8cgdJ4P8DCBmhuh6MSq2jFObVBWsYdmgWLXw
aygwX/r+wpg3/4jBp0aI6sVMxTk/+AoyFvbZ/LMYL9m1qYXgvkfz7qjideIsNY04
Kp5hH5SSaHjHJbUTvj1nzGFZMl6DK7TyMfLLhyaA6BbN72qN5+WVvypdF7iueBZU
MppStNqow/NSh4ccYc9GYiz3ujkLdg38Tf42/BUArjWxdaDKPmjT3W3ZghJb3nvV
Sd9Mr4X7r4XN1in6cOpJZhM+yhOCP26iJXko/4WeaCqmdyLVK2R5imh6ucEbIYHC
OPnhbayKmWTDPPC/0RvP/9zNV+Q2O9uyPcQWZ2eT2/psIGo+T1WreEQJ3s5EA0QB
r6wukmUaX8mFtagAbConrgYOCFzoig==
=vO4p
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa Red Hat Single Sign-On

Otkriveni su sigurnosni nedostaci u programskom paketu Red Hat Single Sign-On za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju...

Close