==================================================================== CERT-Renater Note d'Information No. 2021/VULN331 _____________________________________________________________________ DATE : 18/06/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco Small Business 220 Series Smart Switches firmware versions prior to 1.2.0.6, Windows running Cisco AnyConnect Secure Mobility Client versions prior to 4.10.01075, Cisco AsyncOS versions prior to 12.5.3-035, 13.0.0-030, 13.5.3-010, 11.8.3-021, 12.0.3-005, 12.5.1-043, Cisco DNA Center Software versions prior to 2.2.2.11, 2.2.2.3, Cisco Jabber versions prior to 14.0.1, Cisco Unified Intelligence Cente, Cisco Unified Contact Center Express versions prior to 11.6(1), 12.0(1), 12.5(1), Cisco Meeting Server versions 3 prior to 3.1.2. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-June-16. The following PSIRT security advisories (4 High, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Small Business 220 Series Smart Switches Vulnerabilities - SIR: High 2) Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability - SIR: High 3) Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability - SIR: High 4) Cisco DNA Center Certificate Validation Vulnerability - SIR: High 5) Cisco Jabber Desktop and Mobile Client Software Vulnerabilities - SIR: Medium 6) Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability - SIR: Medium 7) Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability - SIR: Medium 8) Cisco Meeting Server API Denial of Service Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Small Business 220 Series Smart Switches Vulnerabilities CVE-2021-1541, CVE-2021-1542, CVE-2021-1543, CVE-2021-1571 SIR: High CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E"] +-------------------------------------------------------------------- 2) Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability CVE-2021-1567 SIR: High CVSS Score v(3.1): 7.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv"] +-------------------------------------------------------------------- 3) Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability CVE-2021-1566 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW"] +-------------------------------------------------------------------- 4) Cisco DNA Center Certificate Validation Vulnerability CVE-2021-1134 SIR: High CVSS Score v(3.0): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-certvalid-USEj2CZk ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-certvalid-USEj2CZk"] +-------------------------------------------------------------------- 5) Cisco Jabber Desktop and Mobile Client Software Vulnerabilities CVE-2021-1569, CVE-2021-1570 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG"] +-------------------------------------------------------------------- 6) Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability CVE-2021-1568 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8"] +-------------------------------------------------------------------- 7) Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability CVE-2021-1395 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"] +-------------------------------------------------------------------- 8) Cisco Meeting Server API Denial of Service Vulnerability CVE-2021-1524 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================