===================================================================== CERT-Renater Note d'Information No. 2022/VULN020 _____________________________________________________________________ DATE : 13/01/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Unified CCMP/CCDM Release, Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager, Cisco Tetration Release, Cisco Secure Network Analytics, Cisco Adaptive Security Device Manager, Cisco Security Manager Software, Cisco Enterprise Chat and Email Software, IP Conference Phone, Unified IP Conference Phone, Unified IP Phones, Unified SIP Phone, Wireless IP Phones. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-January-12. The following PSIRT security advisories (1 Critical, 8 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability - SIR: Critical 2) Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerabilities - SIR: Medium 3) Cisco Tetration Command Injection Vulnerability - SIR: Medium 4) Cisco Secure Network Analytics Cross-Site Scripting Vulnerability - SIR: Medium 5) Cisco Adaptive Security Device Manager Information Disclosure Vulnerability - SIR: Medium 6) Cisco Security Manager Cross-Site Scripting Vulnerabilities - SIR: Medium 7) Cisco Enterprise Chat and Email Vulnerabilities - SIR: Medium 8) Cisco IP Phones Information Disclosure Vulnerability - SIR: Medium 9) Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability CVE-2022-20658 SIR: Critical CVSS Score v(3.1): 9.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4"] -------------------------------------------------------------------- 2) Cisco Prime Infrastructure and Evolved Programmable Network Manager Vulnerabilities CVE-2022-20656, CVE-2022-20657 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn"] -------------------------------------------------------------------- 3) Cisco Tetration Command Injection Vulnerability CVE-2022-20652 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO"] -------------------------------------------------------------------- 4) Cisco Secure Network Analytics Cross-Site Scripting Vulnerability CVE-2022-20663 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ"] +-------------------------------------------------------------------- 5) Cisco Adaptive Security Device Manager Information Disclosure Vulnerability CVE-2022-20651 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422"] -------------------------------------------------------------------- 6) Cisco Security Manager Cross-Site Scripting Vulnerabilities CVE-2022-20635, CVE-2022-20636, CVE-2022-20637, CVE-2022-20638, CVE-2022-20639, CVE-2022-20640, CVE-2022-20641, CVE-2022-20642, CVE-2022-20643, CVE-2022-20644, CVE-2022-20645, CVE-2022-20646, CVE-2022-20647 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt"] -------------------------------------------------------------------- 7) Cisco Enterprise Chat and Email Vulnerabilities CVE-2022-20631, CVE-2022-20632, CVE-2022-20633, CVE-2022-20634 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR"] -------------------------------------------------------------------- 8) Cisco IP Phones Information Disclosure Vulnerability CVE-2022-20660 SIR: Medium CVSS Score v(3.1): 4.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"] -------------------------------------------------------------------- 9) Cisco Prime Access Registrar Appliance Cross-Site Scripting Vulnerability CVE-2022-20626 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================