=====================================================================

                           CERT-Renater

                 Note d'Information No. 2022/VULN030
_____________________________________________________________________

DATE                : 21/01/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco StarOS Software,
                 Ultra Gateway Platform, Network Services Orchestrator,
                 Enterprise NFV Infrastructure Software,
                 Virtual Topology System, Carrier Packet Transport,
                 IOS XE SD-WAN, IOS XR (64-bit) Software,
                 Network Convergence System,
                 SD-WAN vBond Software, SD-WAN vEdge Routers,
                 SD-WAN vManage Software, SD-WAN vSmart Software,
                 Cisco FTD Software, Cisco Cybervision Software,
                 Cisco Meraki MX Software, Cisco UTD Software,
                 Cisco Snort Software, ConfD Release,
                 Cisco Webex Meetings.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco PSIRT
on 2022-January-19.

The following PSIRT security advisories (1 Critical, 3 High, 1 Medium)
were published at 16:00 UTC today.


Table of Contents:

1) Cisco Redundancy Configuration Manager for Cisco StarOS Software
   Multiple Vulnerabilities - SIR: Critical

2) Multiple Cisco Products CLI Command Injection Vulnerability - SIR:
   High

3) Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
   - SIR: High

4) ConfD CLI Command Injection Vulnerability - SIR: High

5) Cisco Webex Meetings Cross-Site Scripting Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Redundancy Configuration Manager for Cisco StarOS Software
   Multiple Vulnerabilities

CVE-2022-20648, CVE-2022-20649

SIR: Critical

CVSS Score v(3.1): 9.0

URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq"]

+--------------------------------------------------------------------

2) Multiple Cisco Products CLI Command Injection Vulnerability

CVE-2022-20655

SIR: High

CVSS Score v(3.1): 8.8

URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB"]

+--------------------------------------------------------------------

3) Multiple Cisco Products Snort Modbus Denial of Service Vulnerability

CVE-2022-20685

SIR: High

CVSS Score v(3.1): 7.5

URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj"]

+--------------------------------------------------------------------

4) ConfD CLI Command Injection Vulnerability

CVE-2022-20655

SIR: High

URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh"]

+--------------------------------------------------------------------

5) Cisco Webex Meetings Cross-Site Scripting Vulnerability

CVE-2022-20654

SIR: Medium

CVSS Score v(3.1): 6.1

URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe

["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================