Cisco

Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability

Cisco Security Advisories - Fri, 09/18/2020 - 6:30pm

A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to gain out-of-scope access to email.

The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sma-info-dis


Security Impact Rating: Medium
CVE: CVE-2019-12635
Categories: Cisco

Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

Cisco Security Advisories - Fri, 09/04/2020 - 5:34pm

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. A successful exploit could allow the attacker to cause an unexpected reboot of the switch, leading to a DoS condition.

This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.

Cisco has released software updates that address this vulnerability for devices that have not reached the end of software maintenance. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbss-ipv6-dos-3bLk6vA


Security Impact Rating: High
CVE: CVE-2020-3363
Categories: Cisco

Cisco Email Security Appliance Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device.

There is a workaround that addresses this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-info-disclosure-vMJMMgJ


Security Impact Rating: Medium
CVE: CVE-2020-3546
Categories: Cisco

Cisco Webex Training Unauthorized Meeting Join Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in Cisco Webex Training could allow an authenticated, remote attacker to join a password-protected meeting without providing the meeting password.

The vulnerability is due to improper validation of input to API requests that are a part of meeting join flow. An attacker could exploit this vulnerability by sending an API request to the application, which would return a URL that includes a meeting join page that is prepopulated with the meeting username and password. A successful exploit could allow the attacker to join the password-protected meeting. The attacker would be visible in the attendee list of the meeting.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-meetings-UtbwOR4Q


Security Impact Rating: Medium
CVE: CVE-2020-3542
Categories: Cisco

Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information.

The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-media-znjfwHD6


Security Impact Rating: Medium
CVE: CVE-2020-3541
Categories: Cisco

Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device.

The vulnerability exists because an insecure method is used to mask certain passwords on the web-based management interface. An attacker could exploit this vulnerability by looking at the raw HTML code that is received from the interface. A successful exploit could allow the attacker to obtain some of the passwords configured throughout the interface.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP


Security Impact Rating: Medium
CVE: CVE-2020-3547
Categories: Cisco

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv


Security Impact Rating: Medium
CVE: CVE-2020-3451,CVE-2020-3453
Categories: Cisco

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories.

The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could allow the attacker to overwrite files on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-path-emy79OC2


Security Impact Rating: Medium
CVE: CVE-2020-3365
Categories: Cisco

Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to overwrite certain files that should be restricted on an affected device.

The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by uploading a file using the REST API. A successful exploit could allow an attacker to overwrite and upload files, which could degrade the functionality of the affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-file-overwrite-UONzPMkr


Security Impact Rating: High
CVE: CVE-2020-3478
Categories: Cisco

Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands.

The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this vulnerability by convincing a user to click a link within a message sent by email or other messaging platform. A successful exploit could allow the attacker to execute arbitrary commands on a targeted system with the privileges of the user account that is running the Cisco Jabber client software.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-vY8M4KGB


Security Impact Rating: High
CVE: CVE-2020-3430
Categories: Cisco

Cisco Jabber for Windows Information Disclosure Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted system. A successful exploit could allow the attacker to cause the application to return sensitive authentication information to another system, possibly for use in further attacks.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ttcgB9R3


Security Impact Rating: Medium
CVE: CVE-2020-3498
Categories: Cisco

Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code.

The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages to the affected software. A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg


Security Impact Rating: Critical
CVE: CVE-2020-3495
Categories: Cisco

Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in Cisco Jabber for Windows software could allow an authenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages that contain Universal Naming Convention (UNC) links to a targeted user and convincing the user to follow the provided link. A successful exploit could allow the attacker to cause the application to access a remote system, possibly allowing the attacker to gain access to sensitive information that the attacker could use in additional attacks.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-G3NSjPn7


Security Impact Rating: Medium
CVE: CVE-2020-3537
Categories: Cisco

Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device.

The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv


Security Impact Rating: High
CVE: CVE-2020-3530
Categories: Cisco

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device.

The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN


Security Impact Rating: High
CVE: CVE-2020-3473
Categories: Cisco

Cisco FXOS Software Buffer Overflow Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition.

The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file. An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. An attacker would need to have valid administrative credentials to exploit this vulnerability.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-buffer-cSdmfWUt


Security Impact Rating: Medium
CVE: CVE-2020-3545
Categories: Cisco

Cisco Email Security Appliance Denial of Service Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 7:00pm

A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb


Security Impact Rating: Medium
CVE: CVE-2020-3548
Categories: Cisco

Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability

Cisco Security Advisories - Wed, 09/02/2020 - 6:21pm

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system.

The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system, possibly corrupting or deleting critical system files.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-desktop-app-OVSfpVMj


Security Impact Rating: Medium
CVE: CVE-2020-3440
Categories: Cisco

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco Security Advisories - Sat, 08/29/2020 - 6:00am

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device.

The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols.

Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. There are multiple mitigations available to customers depending on their needs.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz


Security Impact Rating: High
CVE: CVE-2020-3566
Categories: Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability

Cisco Security Advisories - Thu, 08/27/2020 - 5:33pm

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.

The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. As an example, this could allow an attacker to impersonate another VPN user and establish a Clientless SSL VPN or AnyConnect VPN session to the device as that user.

The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files, underlying operating system (OS) files, or VPN user login credentials.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Note: Cisco has become aware of the availability of public exploit code and active exploitation of the vulnerability that is described in this advisory. Cisco encourages customers with affected products to upgrade to a fixed release as soon as possible.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86


Security Impact Rating: High
CVE: CVE-2020-3452
Categories: Cisco

Pages