===================================================================== CERT-Renater Note d'Information No. 2022/VULN209 _____________________________________________________________________ DATE : 20/06/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Small Business RV110W, RV130, RV130W, RV215W Routers firmware, Cisco Email Security Appliance and Cisco Secure Email and Web Manager, Cisco Identity Services Engine, Cisco IP Phone, Cisco AppDynamics Controller, Cisco Identity Services Engine. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disclosure-Os6fSd6N https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-June-15. The following PSIRT security advisories (2 Critical, 1 High, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability - SIR: Critical 2) Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability - SIR: Critical 3) Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability - SIR: High 4) Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability - SIR: Medium 5) Cisco IP Phone Duplicate Key Vulnerability - SIR: Medium 6) Cisco AppDynamics Controller Authorization Bypass Vulnerability - SIR: Medium 7) Cisco Identity Services Engine Authentication Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability CVE-2022-20825 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-overflow-s2r82P9v"] +-------------------------------------------------------------------- 2) Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability CVE-2022-20798 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD"] +-------------------------------------------------------------------- 3) Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability CVE-2022-20664 SIR: High CVSS Score v(3.1): 7.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasma-info-dsc-Q9tLuOvM"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability CVE-2022-20819 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disclosure-Os6fSd6N ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disclosure-Os6fSd6N"] +-------------------------------------------------------------------- 5) Cisco IP Phone Duplicate Key Vulnerability CVE-2022-20817 SIR: Medium CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"] +-------------------------------------------------------------------- 6) Cisco AppDynamics Controller Authorization Bypass Vulnerability CVE-2022-20736 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-contrl-athzn-bp-BLypgsbu"] +-------------------------------------------------------------------- 7) Cisco Identity Services Engine Authentication Bypass Vulnerability CVE-2022-20733 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================