==================================================================== CERT-Renater Note d'Information No. 2021/VULN179 _____________________________________________________________________ DATE : 25/03/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Jabber Desktop and Mobile Client Software, Cisco Access Point Software, Cisco Aironet Access Points software, Cisco IOS XE Software, Cisco IOS Software, Cisco IOS XE SD-WAN Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwdos-4zeEeC9w https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-iot-codexec-k46EFF6q https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-evss-code-exe-8cw5VSvw https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5 _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-March-24. The following PSIRT security advisories (1 Critical, 18 High) were published at 16:00 UTC today. Table of Contents: 1) Cisco Jabber Desktop and Mobile Client Software Vulnerabilities - SIR: Critical 2) Cisco Access Point Software Arbitrary Code Execution Vulnerability - SIR: High 3) Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability - SIR: High 4) Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability - SIR: High 5) Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability - SIR: High 6) Cisco IOS XE Software Arbitrary Code Execution Vulnerability - SIR: High 7) Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability - SIR: High 8) Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability - SIR: High 9) Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability - SIR: High 10) Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability - SIR: High 11) Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability - SIR: High 12) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability - SIR: High 13) Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability - SIR: High 14) Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability - SIR: High 15) Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability - SIR: High 16) Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability - SIR: High 17) Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability - SIR: High 18) Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability - SIR: High 19) Cisco IOS XE Software Fast Reload Vulnerabilities - SIR: High +-------------------------------------------------------------------- 1) Cisco Jabber Desktop and Mobile Client Software Vulnerabilities CVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, CVE-2021-1471 SIR: Critical CVSS Score v(3.1): 9.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"] +-------------------------------------------------------------------- 2) Cisco Access Point Software Arbitrary Code Execution Vulnerability CVE-2021-1449 SIR: High CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-privesc-wEVfp8Ud"] +-------------------------------------------------------------------- 3) Cisco Aironet Access Points FlexConnect Multicast DNS Denial of Service Vulnerability CVE-2021-1439 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-mdns-dos-E6KwYuMx"] +-------------------------------------------------------------------- 4) Cisco Aironet Access Points FlexConnect Upgrade Information Disclosure Vulnerability CVE-2021-1437 SIR: High CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironet-info-disc-BfWqghj"] +-------------------------------------------------------------------- 5) Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerability CVE-2021-1403 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5"] +-------------------------------------------------------------------- 6) Cisco IOS XE Software Arbitrary Code Execution Vulnerability CVE-2021-1398 SIR: High CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe"] +-------------------------------------------------------------------- 7) Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability CVE-2021-1392 SIR: High CVSS Score v(3.1): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-SAP-OPLbze68"] +-------------------------------------------------------------------- 8) Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability CVE-2021-1432 SIR: High CVSS Score v(3.1): 7.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwarbcmdexec-sspOMUr3"] +-------------------------------------------------------------------- 9) Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability CVE-2021-1431 SIR: High CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwdos-4zeEeC9w ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-sdwdos-4zeEeC9w"] +-------------------------------------------------------------------- 10) Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability CVE-2021-1433 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc"] +-------------------------------------------------------------------- 11) Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability CVE-2021-1446 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-hbBS7SZE"] +-------------------------------------------------------------------- 12) Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability CVE-2021-1373 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS"] +-------------------------------------------------------------------- 13) Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability CVE-2021-1441 SIR: High CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-iot-codexec-k46EFF6q ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-iot-codexec-k46EFF6q"] +-------------------------------------------------------------------- 14) Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability CVE-2021-1453 SIR: High CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH"] +-------------------------------------------------------------------- 15) Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability CVE-2021-1352 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL"] +-------------------------------------------------------------------- 16) Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability CVE-2021-1442 SIR: High CVSS Score v(3.0): 7.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-pnp-priv-esc-AmG3kuVL"] +-------------------------------------------------------------------- 17) Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability CVE-2021-1452 SIR: High CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw"] +-------------------------------------------------------------------- 18) Cisco IOS XE Software Easy Virtual Switching System Arbitrary Code Execution Vulnerability CVE-2021-1451 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-evss-code-exe-8cw5VSvw ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-evss-code-exe-8cw5VSvw"] +-------------------------------------------------------------------- 19) Cisco IOS XE Software Fast Reload Vulnerabilities CVE-2021-1375, CVE-2021-1376 SIR: High CVSS Score v(3.0): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fast-Zqr6DD5"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================