==================================================================== CERT-Renater Note d'Information No. 2021/VULN349 _____________________________________________________________________ DATE : 08/07/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Business Process Automation, Cisco AsyncOS for Cisco WSA, Cisco Adaptive Security Device Manager, Cisco IP Phone and Cisco Wireless IP Phone Firmware, Cisco Video Surveillance 7000 Series IP Cameras firmware, Cisco Virtualized Voice Browser, Cisco Identity Services Engine, Cisco BroadWorks Application Server. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broad-as-inf-disc-ZUXGFFXQ _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-July-07. The following PSIRT security advisories (2 High, 6 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Business Process Automation Privilege Escalation Vulnerabilities - SIR: High 2) Cisco Web Security Appliance Privilege Escalation Vulnerability - SIR: High 3) Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability - SIR: Medium 4) Broadcom MediaxChange Vulnerability Affecting Cisco Products: July 2021 - SIR: Medium 5) Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities - SIR: Medium 6) Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability - SIR: Medium 7) Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities - SIR: Medium 8) Cisco BroadWorks Application Server Information Disclosure Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Business Process Automation Privilege Escalation Vulnerabilities CVE-2021-1574, CVE-2021-1576 SIR: High CVSS Score v(3.1): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4"] +-------------------------------------------------------------------- 2) Cisco Web Security Appliance Privilege Escalation Vulnerability CVE-2021-1359 SIR: High CVSS Score v(3.1): 6.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-scr-web-priv-esc-k3HCGJZ"] +-------------------------------------------------------------------- 3) Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability CVE-2021-1585 SIR: Medium CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-rce-gqjShXW"] +-------------------------------------------------------------------- 4) Broadcom MediaxChange Vulnerability Affecting Cisco Products: July 2021 CVE-2021-33478 SIR: Medium CVSS Score v(3.1): 6.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"] +-------------------------------------------------------------------- 5) Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities CVE-2021-1595, CVE-2021-1596, CVE-2021-1597, CVE-2021-1598 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"] +-------------------------------------------------------------------- 6) Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability CVE-2021-1575 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"] +-------------------------------------------------------------------- 7) Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities CVE-2021-1603, CVE-2021-1604, CVE-2021-1605, CVE-2021-1606, CVE-2021-1607 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-stored-xss-TWwjVPdL"] +-------------------------------------------------------------------- 8) Cisco BroadWorks Application Server Information Disclosure Vulnerability CVE-2021-1562 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broad-as-inf-disc-ZUXGFFXQ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broad-as-inf-disc-ZUXGFFXQ"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================