==================================================================== CERT-Renater Note d'Information No. 2020/VULN354 _____________________________________________________________________ DATE : 18/06/2020 HARDWARE PLATFORM(S): Cisco Small Business RV Series Routers, Cisco TelePresence Collaboration Endpoint, Cisco ASR 5000 Series Routers, Cisco GGSN Gateway GPRS Support Node, Cisco PGW Packet Data Network Gateway. OPERATING SYSTEM(S): Systems running Cisco TelePresence IX5000 Series, Cisco MME Mobility Management Entity, Cisco Modeling Labs Corporate Edition (CML), Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE), Cisco Webex Meetings, Cisco Webex Meetings Server, RoomOS, Cisco Webex Meetings Desktop App, Cisco System Architecture Evolution Gateway (SAEGW). ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-cmd-inj-7ZpWhvZb https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 _____________________________________________________________________ The following Cisco Security Advisory was published by Cisco PSIRT at 20:00 UTC on 2020-June-17. +-------------------------------------------------------------------- Multiple Vulnerabilities in Treck IP Stack Affecting Cisco Products: June 2020 CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 SIR: Critical URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC"] ______________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-June-17. The following PSIRT security advisories (1 Critical, 7 High) were published at 16:00 UTC today. Table of Contents: 1) SaltStack FrameWork Vulnerabilities Affecting Cisco Products - SIR: Critical 2) Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability - SIR: High 3) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities - SIR: High 4) Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability - SIR: High 5) Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability - SIR: High 6) Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability - SIR: High 7) Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities - SIR: High 8) Cisco Small Business RV Series Routers Command Injection Vulnerabilities - SIR: High +-------------------------------------------------------------------- 1) SaltStack FrameWork Vulnerabilities Affecting Cisco Products CVE-2020-11651, CVE-2020-11652 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG"] +-------------------------------------------------------------------- 2) Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability CVE-2020-3361 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-token-zPvEjKN"] +-------------------------------------------------------------------- 3) Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities CVE-2020-3268, CVE-2020-3269 SIR: High CVSS Score v(3.0): 7.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ"] +-------------------------------------------------------------------- 4) Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability CVE-2020-3336 SIR: High CVSS Score v(3.0): 7.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-cmd-inj-7ZpWhvZb ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-cmd-inj-7ZpWhvZb"] +-------------------------------------------------------------------- 5) Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability CVE-2020-3342 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-mac-X7vp65BL"] +-------------------------------------------------------------------- 6) Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability CVE-2020-3263 SIR: High CVSS Score v(3.0): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-url-fcmpdfVY"] +-------------------------------------------------------------------- 7) Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities CVE-2020-3286, CVE-2020-3287, CVE-2020-3288, CVE-2020-3289, CVE-2020-3290, CVE-2020-3291, CVE-2020-3292, CVE-2020-3293, CVE-2020-3294, CVE-2020-3295, CVE-2020-3296 SIR: High CVSS Score v(3.0): 7.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz"] +-------------------------------------------------------------------- 8) Cisco Small Business RV Series Routers Command Injection Vulnerabilities CVE-2020-3274, CVE-2020-3275, CVE-2020-3276, CVE-2020-3277, CVE-2020-3278, CVE-2020-3279 SIR: High CVSS Score v(3.0): 7.2 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-Rj5JRfF8"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================