==================================================================== CERT-Renater Note d'Information No. 2020/VULN539 _____________________________________________________________________ DATE : 25/09/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS XE, Cisco IOS, Cisco Catalyst 9200 Series Switches software, Cisco IOS Software for Cisco Industrial Routers, Cisco Aironet Access Points software, Cisco Wireless LAN Controller Software, Cisco Catalyst 9800 Wireless Controller Software Cisco Business Access Point Software, Cisco AireOS WLC Software. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2020-September-24. The following PSIRT security advisories (29 High) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability - SIR: High 2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability - SIR: High 3) Cisco IOS XE ROM Monitor Software Vulnerability - SIR: High 4) Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability - SIR: High 5) Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities - SIR: High 6) Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability - SIR: High 7) Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability - SIR: High 8) Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability - SIR: High 9) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability - SIR: High 10) Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability - SIR: High 11) Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability - SIR: High 12) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability - SIR: High 13) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability - SIR: High 14) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability - SIR: High 15) Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability - SIR: High 16) Cisco IOS XE Software Privilege Escalation Vulnerabilities - SIR: High 17) Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability - SIR: High 18) Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability - SIR: High 19) Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities - SIR: High 20) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities - SIR: High 21) Cisco IOS XE Software Arbitrary Code Execution Vulnerability - SIR: High 22) Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability - SIR: High 23) Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability - SIR: High 24) Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability - SIR: High 25) Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability - SIR: High 26) Cisco IOS XE Software Web UI Authorization Bypass Vulnerability - SIR: High 27) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability - SIR: High 28) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability - SIR: High 29) Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability - SIR: High +-------------------------------------------------------------------- 1) Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability CVE-2020-3526 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-COPS-VLD-MpbTvGEW"] +-------------------------------------------------------------------- 2) Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability CVE-2020-3552 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ethport-dos-xtjTt8pY"] +-------------------------------------------------------------------- 3) Cisco IOS XE ROM Monitor Software Vulnerability CVE-2020-3524 SIR: High CVSS Score v(3.0): 6.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC"] +-------------------------------------------------------------------- 4) Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability CVE-2020-3465 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-le-drTOB625"] +-------------------------------------------------------------------- 5) Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities CVE-2020-3416, CVE-2020-3513 SIR: High CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"] +-------------------------------------------------------------------- 6) Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability CVE-2020-3508 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esp20-arp-dos-GvHVggqJ"] +-------------------------------------------------------------------- 7) Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability CVE-2020-3511 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-isdn-q931-dos-67eUZBTf"] +-------------------------------------------------------------------- 8) Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability CVE-2020-3512 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-profinet-dos-65qYG3W5"] +-------------------------------------------------------------------- 9) Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability CVE-2020-3509 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-dhcp-dos-JSCKX43h"] +-------------------------------------------------------------------- 10) Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability CVE-2020-3510 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-umbrella-dos-t2QMUX37"] +-------------------------------------------------------------------- 11) Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability CVE-2020-3527 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-JP-DOS-g5FfGm8y"] +-------------------------------------------------------------------- 12) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability CVE-2020-3429 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wpa-dos-cXshjerc"] +-------------------------------------------------------------------- 13) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability CVE-2020-3428 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dclass-dos-VKh9D8k3"] +-------------------------------------------------------------------- 14) Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability CVE-2020-3359 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mdns-dos-3tH6cA9J"] +-------------------------------------------------------------------- 15) Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability CVE-2020-3492 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX"] +-------------------------------------------------------------------- 16) Cisco IOS XE Software Privilege Escalation Vulnerabilities CVE-2020-3141, CVE-2020-3425 SIR: High CVSS Score v(3.1): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-webui-priv-esc-K8zvEWM"] +-------------------------------------------------------------------- 17) Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability CVE-2020-3426 SIR: High CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"] +-------------------------------------------------------------------- 18) Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability CVE-2020-3422 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-jw2DJmSv"] +-------------------------------------------------------------------- 19) Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities CVE-2020-3421, CVE-2020-3480 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-94ckG4G"] +-------------------------------------------------------------------- 20) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities CVE-2020-3486, CVE-2020-3487, CVE-2020-3488, CVE-2020-3489, CVE-2020-3493, CVE-2020-3494, CVE-2020-3497 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-TPdNTdyq"] +-------------------------------------------------------------------- 21) Cisco IOS XE Software Arbitrary Code Execution Vulnerability CVE-2020-3417 SIR: High CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS"] +-------------------------------------------------------------------- 22) Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability CVE-2020-3414 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISR4461-gKKUROhx"] +-------------------------------------------------------------------- 23) Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability CVE-2020-3409 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-profinet-J9QMCHPB"] +-------------------------------------------------------------------- 24) Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability CVE-2020-3408 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-splitdns-SPWqpdGW"] +-------------------------------------------------------------------- 25) Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability CVE-2020-3407 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confacl-HbPtfSuO"] +-------------------------------------------------------------------- 26) Cisco IOS XE Software Web UI Authorization Bypass Vulnerability CVE-2020-3400 SIR: High CVSS Score v(3.0): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-auth-bypass-6j2BYUc7"] +-------------------------------------------------------------------- 27) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability CVE-2020-3399 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capwap-dos-ShFzXf"] +-------------------------------------------------------------------- 28) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability CVE-2020-3390 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K"] +-------------------------------------------------------------------- 29) Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability CVE-2020-3560 SIR: High CVSS Score v(3.0): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-dos-VHr2zG9y"] ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41          + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================