==================================================================== CERT-Renater Note d'Information No. 2021/VULN120 _____________________________________________________________________ DATE : 26/02/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Application Services Engine, Cisco ACI Multi-Site Orchestrator Application Services Engine, Cisco NX-OS Software, Cisco Nexus 9000 Series Fabric Switches software, Cisco AnyConnect Secure Mobility Client software. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-February-24. , The following PSIRT security advisories (3 Critical, 4 High, 1 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Application Services Engine Unauthorized Access Vulnerabilities - SIR: Critical 2) Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability - SIR: Critical 3) Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability - SIR: Critical 4) Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability - SIR: High 5) Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability - SIR: High 6) Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability - SIR: High 7) Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability - SIR: High 8) Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Application Services Engine Unauthorized Access Vulnerabilities CVE-2021-1393, CVE-2021-1396 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-case-mvuln-dYrDPC6w ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-case-mvuln-dYrDPC6w"] +-------------------------------------------------------------------- 2) Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability CVE-2021-1388 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv"] +-------------------------------------------------------------------- 3) Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability CVE-2021-1361 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2"] +-------------------------------------------------------------------- 4) Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability CVE-2021-1387 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipv6-netstack-edXPGV7K"] +-------------------------------------------------------------------- 5) Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability CVE-2021-1230 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-bgp-De9dPKSK ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-bgp-De9dPKSK"] +-------------------------------------------------------------------- 6) Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability CVE-2021-1228 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w"] +-------------------------------------------------------------------- 7) Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability CVE-2021-1227 SIR: High CVSS Score v(3.0): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z"] +-------------------------------------------------------------------- 8) Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability CVE-2021-1450 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-55AYyxYr ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-55AYyxYr"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================