===================================================================== CERT-Renater Note d'Information No. 2021/VULN403 _____________________________________________________________________ DATE : 19/08/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco products running BlackBerry QNX, Cisco Small Business RV Series Routers with UPnP configured, Cisco 3000 Series Industrial Security Appliances (ISAs), Cisco FTD Software, Cisco WSA Software, Cisco Secure Email and Web Manager versions prior to 14.1, Cisco Video Surveillance 7000 Series IP Cameras firmware version 2.12.4, Cisco Expressway Series, Cisco TelePresence VCS versions prior to X14.0.3, X8.6. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-August-18. The following PSIRT security advisories (2 Critical, 5 Medium) were published at 16:00 UTC today. Table of Contents: 1) BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021 - SIR: Critical 2) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability - SIR: Critical 3) Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability - SIR: Medium 4) Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability - SIR: Medium 5) Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability - SIR: Medium 6) Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability - SIR: Medium 7) Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021 CVE-2021-22156 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"] +-------------------------------------------------------------------- 2) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability CVE-2021-34730 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"] +-------------------------------------------------------------------- 3) Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability CVE-2021-34734 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j"] +-------------------------------------------------------------------- 4) Cisco Expressway Series and TelePresence Video Communication Server Remote Code Execution Vulnerability CVE-2021-34716 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh"] +-------------------------------------------------------------------- 5) Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability CVE-2021-34749 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN"] +-------------------------------------------------------------------- 6) Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability CVE-2021-34715 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx"] +-------------------------------------------------------------------- 7) Cisco Secure Email and Web Manager Spam Quarantine Unauthorized Access Vulnerability CVE-2021-1561 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================