===================================================================== CERT-Renater Note d'Information No. 2021/VULN611 _____________________________________________________________________ DATE : 18/11/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Common Services Platform versions versions prior to 2.9.0.2. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-XSS-KjrNbM3p https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X _____________________________________________________________________ Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability Medium Advisory ID: cisco-sa-CSPC-XSS-KjrNbM3p First Published: 2021 November 17 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvx73336 CSCvx79930 CVSS Score: Base 5.5 Base 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X CVE-2021-40131 CWE-87 Summary A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-XXS-KjrNbM3p Affected Products Vulnerable Products At the time of publication, this vulnerability affected Cisco CSPC. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds There are no workarounds that address this vulnerability. Fixed Software When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco CSPC Release First Fixed Release Earlier than 2.9.0.2 2.9.0.2 The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Exploitation and Public Announcements The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was found during internal security testing by Aaron Rhodes and Reno Zenere of the Cisco Advanced Security Initiatives Group (ASIG). URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-XSS-KjrNbM3p Revision History Version Description Section Status Date 1.0 Initial public release. - Final 2021-NOV-17 LEGAL DISCLAIMER THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. +-------------------------------------------------------------------- Cisco Common Services Platform Collector SQL Injection Vulnerability Medium Advisory ID: cisco-sa-CSPC-SQLI-unVPTn5 First Published: 2021 November 17 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvx76422 CVSS Score: Base 4.9 Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X CVE-2021-40129 CWE-89 Summary A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5 Affected Products Vulnerable Products At the time of publication, this vulnerability affected Cisco CSPC. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds There are no workarounds that address this vulnerability. Fixed Software When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco CSPC Release First Fixed Release Earlier than 2.9.0.2 2.9.0.2 The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Exploitation and Public Announcements The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was found during internal security testing by Aaron Rhodes and Reno Zenere of the Cisco Advanced Security Initiatives Group (ASIG). URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5 Revision History Version Description Section Status Date 1.0 Initial public release. - Final 2021-NOV-17 LEGAL DISCLAIMER THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. +-------------------------------------------------------------------- Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability Medium Advisory ID: cisco-sa-CSPC-ILR-8qmW8y8X First Published: 2021 November 17 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvx79941 CVSS Score: Base 4.9 Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X CVE-2021-40130 CWE-284 Summary A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X Affected Products Vulnerable Products At the time of publication, this vulnerability affected Cisco CSPC. For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds There are no workarounds that address this vulnerability. Fixed Software When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, the release information in the following table(s) was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability described in this advisory and which release included the fix for this vulnerability. Cisco CSPC Release First Fixed Release Earlier than 2.9.0.2 2.9.0.2 The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory. Exploitation and Public Announcements The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source This vulnerability was found during internal security testing by Aaron Rhodes and Reno Zenere of the Cisco Advanced Security Initiatives Group (ASIG). URL https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X Revision History Version Description Section Status Date 1.0 Initial public release. - Final 2021-NOV-17 LEGAL DISCLAIMER THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================