===================================================================== CERT-Renater Note d'Information No. 2021/VULN587 _____________________________________________________________________ DATE : 04/11/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Policy Suite, Cisco Catalyst PON Series Switches, Cisco Small Business Series Switches, Cisco Email Security Appliance, Cisco AnyConnect Secure Mobility Client for Windows, Cisco Small Business RV Series Routers, Cisco Unified Communications Products, Cisco Webex Video Mesh, Cisco Webex Meetings, Cisco Prime Access Registrar, Cisco Prime Infrastructure and Evolved Programmable Network Manager, Cisco Common Services Platform Collector, Cisco Umbrella, Cisco Unified Communications Products. ===================================================================== https://tools.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-November-03. The following PSIRT security advisories (2 Critical, 2 High, 12 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Policy Suite Static SSH Keys Vulnerability - SIR: Critical 2) Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities - SIR: Critical 3) Cisco Small Business Series Switches Session Credentials Replay Vulnerability - SIR: High 4) Cisco Email Security Appliance Denial of Service Vulnerability - SIR: High 5) Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability - SIR: Medium 6) Cisco Small Business RV Series Routers Command Injection Vulnerability - SIR: Medium 7) Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability - SIR: Medium 8) Cisco Webex Video Mesh Cross-Site Scripting Vulnerability - SIR: Medium 9) Cisco Webex Meetings Email Content Injection Vulnerability - SIR: Medium 10) Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability - SIR: Medium 11) Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability - SIR: Medium 12) Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability - SIR: Medium 13) Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability - SIR: Medium 14) Cisco Common Services Platform Collector Information Disclosure Vulnerability - SIR: Medium 15) Cisco Umbrella Email Enumeration Vulnerability - SIR: Medium 16) Cisco Unified Communications Products Path Traversal Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Policy Suite Static SSH Keys Vulnerability CVE-2021-40119 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv"] +-------------------------------------------------------------------- 2) Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities CVE-2021-34795, CVE-2021-40112, CVE-2021-40113 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr"] +-------------------------------------------------------------------- 3) Cisco Small Business Series Switches Session Credentials Replay Vulnerability CVE-2021-34739 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5"] +-------------------------------------------------------------------- 4) Cisco Email Security Appliance Denial of Service Vulnerability CVE-2021-34741 SIR: High CVSS Score v(3.1): 7.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO"] +-------------------------------------------------------------------- 5) Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability CVE-2021-40124 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT"] +-------------------------------------------------------------------- 6) Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2021-40120 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK"] +-------------------------------------------------------------------- 7) Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability CVE-2021-34773 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H"] +-------------------------------------------------------------------- 8) Cisco Webex Video Mesh Cross-Site Scripting Vulnerability CVE-2021-40115 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf"] +-------------------------------------------------------------------- 9) Cisco Webex Meetings Email Content Injection Vulnerability CVE-2021-40128 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy"] +-------------------------------------------------------------------- 10) Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability CVE-2021-40127 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8"] +-------------------------------------------------------------------- 11) Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability CVE-2021-1500 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5"] +-------------------------------------------------------------------- 12) Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability CVE-2021-34731 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG"] +-------------------------------------------------------------------- 13) Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability CVE-2021-34784 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j"] +-------------------------------------------------------------------- 14) Cisco Common Services Platform Collector Information Disclosure Vulnerability CVE-2021-34774 SIR: Medium CVSS Score v(3.1): 4.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL"] +-------------------------------------------------------------------- 15) Cisco Umbrella Email Enumeration Vulnerability CVE-2021-40126 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE"] +-------------------------------------------------------------------- 16) Cisco Unified Communications Products Path Traversal Vulnerability CVE-2021-34701 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================