Ranjivosti više Cisco proizvoda

Preporuke

by - 7. listopada 2019.0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2019-October-02.

The following PSIRT security advisories (13 High) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability – SIR: High

2) Cisco Firepower Management Center Command Injection Vulnerability – SIR: High

3) Cisco Firepower Management Center Remote Code Execution Vulnerability – SIR: High

4) Cisco Firepower Management Center Remote Code Execution Vulnerability – SIR: High

5) Cisco Firepower Management Center SQL Injection Vulnerabilities – SIR: High

6) Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities – SIR: High

7) Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability – SIR: High

8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability – SIR: High

9) Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability – SIR: High

10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability – SIR: High

11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability – SIR: High

12) Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities – SIR: High

13) Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability – SIR: High

+——————————————————————–

1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability

CVE-2019-15256

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos”]

+——————————————————————–

2) Cisco Firepower Management Center Command Injection Vulnerability

CVE-2019-12690

SIR: High

CVSS Score v(3.0): 7.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj”]

+——————————————————————–

3) Cisco Firepower Management Center Remote Code Execution Vulnerability

CVE-2019-12689

SIR: High

CVSS Score v(3.0): 7.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689”]

+——————————————————————–

4) Cisco Firepower Management Center Remote Code Execution Vulnerability

CVE-2019-12687, CVE-2019-12688

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce”]

+——————————————————————–

5) Cisco Firepower Management Center SQL Injection Vulnerabilities

CVE-2019-12679, CVE-2019-12680, CVE-2019-12681, CVE-2019-12682, CVE-2019-12683, CVE-2019-12684, CVE-2019-12685, CVE-2019-12686

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj”]

+——————————————————————–

6) Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities

CVE-2019-12699

SIR: High

CVSS Score v(3.0): 8.8

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject”]

+——————————————————————–

7) Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

CVE-2019-12700

SIR: High

CVSS Score v(3.0): 7.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos”]

+——————————————————————–

8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability

CVE-2019-12676

SIR: High

CVSS Score v(3.0): 7.4

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos”]

+——————————————————————–

9) Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability

CVE-2019-12677

SIR: High

CVSS Score v(3.0): 7.7

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos”]

+——————————————————————–

10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability

CVE-2019-12678

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos”]

+——————————————————————–

11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

CVE-2019-12673

SIR: High

CVSS Score v(3.0): 8.6

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos”]

+——————————————————————–

12) Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities

CVE-2019-12674, CVE-2019-12675

SIR: High

CVSS Score v(3.0): 8.2

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc”]

+——————————————————————–

13) Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

CVE-2019-1915

SIR: High

CVSS Score v(3.0): 6.5

URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJdlMmuXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz/FMP/0BxHc48drcVbDlaphH390IpDYKt
t0K9jcs/IAU7HvKyMzvBykroAuYzU7MvBvvTLzNdaiTVSLU+9fevsh4+hUPJ4QVO
kpELQ81mRlMLveqDQYos5le2jxf0495B4lI7BCoZr6qNz2dPvgmXAxAcONAzEi0Z
jKdvtbrgaLyokgE1tBUpu+EJlJjdUt0SqgtOIgSYUQHq0QYJviQp/AaMDqzlOpET
EKGBuCvIQzyXzJjBYR4c1eFBgxoocRerFM3zKJaP/WvmoHMm/J9nEK/83BAsQVHy
maT6+Ki4O90cJzuZZt9us7/XbYxrRrhu8iJjF4g9JLXB7nmF4Ccjww5jWhA2q17F
E6hAmzWwCVEG7tftXss/aYcM/ueXeG1wdgW8aVVkrm+WfzSjTBnMKsF00ybJGKhi
IHmJMTxJkMQ1tx2fROduEPLekY89yDBh8SgGAFPyYZb3ik2QdRbZWQixeUWwzL3e
50dj6HcVYjtDPZyhKyiPXvqAPoxuMxtUion6ZqCKc9EFOzQekYg29l4gt34FgyOF
oFdljinSfrRD8aBQitSoNFLo99ekNUlkIijSiS4FCxo+NHCk1B7bpbJ4ldoUKalX
h1sdyxMUDggXShs01l+7Q1QRyi2/feIvr+zTBV7w8OSOG2W3z2kYEpcGczt58Wrk
L+/E8njUUeSuaElW
=armZ
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

Ranjivosti više Cisco proizvoda

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa glpi