===================================================================== CERT-Renater Note d'Information No. 2021/VULN550 _____________________________________________________________________ DATE : 21/10/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Standalone IOS XE SD-WAN Software, Universal IOS XE Software, Cisco Meeting Server software, Cisco Identity Services software, Cisco TelePresence Management Suite (TMS) Software, Cisco Tetration software, UCS C-Series Rack Servers software, UCS S-Series Storage Servers software, Cisco Webex Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-CwjZJSQc https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-download-B3BR5KQA https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-October-20. The following PSIRT security advisories (1 High, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOS XE SD-WAN Software Command Injection Vulnerability - SIR: High 2) Cisco Meeting Server Call Bridge Denial of Service Vulnerability - SIR: Medium 3) Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities - SIR: Medium 4) Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability - SIR: Medium 5) Cisco Tetration Stored Cross-Site Scripting Vulnerability - SIR: Medium 6) Cisco Integrated Management Controller GUI Denial of Service Vulnerability - SIR: Medium 7) Cisco Identity Services Engine File Download Vulnerability - SIR: Medium 8) Cisco Webex Software Application Authorization Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOS XE SD-WAN Software Command Injection Vulnerability CVE-2021-1529 SIR: High CVSS Score v(3.1): 7.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-rhpbE34A"] +-------------------------------------------------------------------- 2) Cisco Meeting Server Call Bridge Denial of Service Vulnerability CVE-2021-40122 SIR: Medium CVSS Score v(3.1): 5.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cms-LAHe8z5v"] +-------------------------------------------------------------------- 3) Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities CVE-2021-34738, CVE-2021-40121 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V"] +-------------------------------------------------------------------- 4) Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability CVE-2021-34760 SIR: Medium CVSS Score v(3.0): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-CwjZJSQc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tms-xss-CwjZJSQc"] +-------------------------------------------------------------------- 5) Cisco Tetration Stored Cross-Site Scripting Vulnerability CVE-2021-34789 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q"] +-------------------------------------------------------------------- 6) Cisco Integrated Management Controller GUI Denial of Service Vulnerability CVE-2021-34736 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-gui-dos-TZjrFyZh"] +-------------------------------------------------------------------- 7) Cisco Identity Services Engine File Download Vulnerability CVE-2021-40123 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-download-B3BR5KQA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-download-B3BR5KQA"] +-------------------------------------------------------------------- 8) Cisco Webex Software Application Authorization Bypass Vulnerability CVE-2021-34743 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================