==================================================================== CERT-Renater Note d'Information No. 2019/VULN298 _____________________________________________________________________ DATE : 02/10/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco ASA, Cisco FMC, Cisco FTD Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2019-October-02. The following PSIRT security advisories (13 High) were published at 16:00 UTC today. Table of Contents: 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability - SIR: High 2) Cisco Firepower Management Center Command Injection Vulnerability - SIR: High 3) Cisco Firepower Management Center Remote Code Execution Vulnerability - SIR: High 4) Cisco Firepower Management Center Remote Code Execution Vulnerability - SIR: High 5) Cisco Firepower Management Center SQL Injection Vulnerabilities - SIR: High 6) Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities - SIR: High 7) Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability - SIR: High 8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability - SIR: High 9) Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability - SIR: High 10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability - SIR: High 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability - SIR: High 12) Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities - SIR: High 13) Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability - SIR: High +-------------------------------------------------------------------- 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability CVE-2019-15256 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos"] +-------------------------------------------------------------------- 2) Cisco Firepower Management Center Command Injection Vulnerability CVE-2019-12690 SIR: High CVSS Score v(3.0): 7.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj"] +-------------------------------------------------------------------- 3) Cisco Firepower Management Center Remote Code Execution Vulnerability CVE-2019-12689 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689"] +-------------------------------------------------------------------- 4) Cisco Firepower Management Center Remote Code Execution Vulnerability CVE-2019-12687, CVE-2019-12688 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce"] +-------------------------------------------------------------------- 5) Cisco Firepower Management Center SQL Injection Vulnerabilities CVE-2019-12679, CVE-2019-12680, CVE-2019-12681, CVE-2019-12682, CVE-2019-12683, CVE-2019-12684, CVE-2019-12685, CVE-2019-12686 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj"] +-------------------------------------------------------------------- 6) Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities CVE-2019-12699 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject"] +-------------------------------------------------------------------- 7) Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability CVE-2019-12700 SIR: High CVSS Score v(3.0): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos"] +-------------------------------------------------------------------- 8) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability CVE-2019-12676 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos"] +-------------------------------------------------------------------- 9) Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability CVE-2019-12677 SIR: High CVSS Score v(3.0): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos"] +-------------------------------------------------------------------- 10) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability CVE-2019-12678 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos"] +-------------------------------------------------------------------- 11) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability CVE-2019-12673 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos"] +-------------------------------------------------------------------- 12) Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities CVE-2019-12674, CVE-2019-12675 SIR: High CVSS Score v(3.0): 8.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc"] +-------------------------------------------------------------------- 13) Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability CVE-2019-1915 SIR: High CVSS Score v(3.0): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================