===================================================================== CERT-Renater Note d'Information No. 2021/VULN372 _____________________________________________________________________ DATE : 21/07/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco Intersight Virtual Appliance versions prior to 1.0.9-292, Cisco SD-WAN vManage Software versions prior to 20.4.2, 20.5.1, Cisco FDM On-Box Software versions prior to 6.4.0.12, 6.4.4, 6.7.0.2, Cisco SD-WAN Software versions prior to 18.4.6, 19.2.3, 20.3.2, 20.4.1, 20.5.1, Cisco Unified CVP versions prior to 12.6(1). ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-July-21. The following PSIRT security advisories (1 High, 5 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities - SIR: High 2) Cisco Intersight Virtual Appliance Vulnerabilities - SIR: Medium 3) Cisco SD-WAN vManage Software Information Disclosure Vulnerability - SIR: Medium 4) Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability - SIR: Medium 5) Cisco SD-WAN Software Information Disclosure Vulnerability - SIR: Medium 6) Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities CVE-2021-1600, CVE-2021-1601 SIR: High CVSS Score v(3.1): 8.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"] +-------------------------------------------------------------------- 2) Cisco Intersight Virtual Appliance Vulnerabilities CVE-2021-1617, CVE-2021-1618 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"] +-------------------------------------------------------------------- 3) Cisco SD-WAN vManage Software Information Disclosure Vulnerability CVE-2021-34700 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE"] +-------------------------------------------------------------------- 4) Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability CVE-2021-1518 SIR: Medium CVSS Score v(3.1): 6.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq"] +-------------------------------------------------------------------- 5) Cisco SD-WAN Software Information Disclosure Vulnerability CVE-2021-1614 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq"] +-------------------------------------------------------------------- 6) Cisco Unified Customer Voice Portal Cross-Site Scripting Vulnerability CVE-2021-1599 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvp-xss-yvE6L8Zq"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================