===================================================================== CERT-Renater Note d'Information No. 2022/VULN279 _____________________________________________________________________ DATE : 24/08/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco AsyncOS for Cisco Secure Web Appliance, Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers software, Cisco Unified CM software and Cisco Unified CM SME software, Cisco BroadWorks Application Delivery Platform Software, Cisco ISE Software, Cisco Webex Meetings. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS _____________________________________________________________________ The following Cisco High Security Advisory was published by Cisco PSIRT at 16:00 UTC on 2022-August-17. +-------------------------------------------------------------------- Cisco Secure Web Appliance Privilege Escalation Vulnerability CVE-2022-20871 SIR: High CVSS Score v(3.1): 6.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8"] _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-August-10. The following PSIRT security advisories (1 High, 1 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability - SIR: High 2) Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability CVE-2022-20866 SIR: High CVSS Score v(3.1): 7.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz"] +-------------------------------------------------------------------- 2) Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability CVE-2022-20713 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-webvpn-LOeKsNmO"] _ ____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-August-03. DATE : The following PSIRT security advisories (1 Critical, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Small Business RV Series Routers Vulnerabilities - SIR: Critical 2) Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability - SIR: Medium 3) Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability - SIR: Medium 4) Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability - SIR: Medium 5) Cisco Webex Meetings Web Interface Vulnerabilities - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Small Business RV Series Routers Vulnerabilities CVE-2022-20827, CVE-2022-20841, CVE-2022-20842 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR"] +-------------------------------------------------------------------- 2) Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability CVE-2022-20816 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE"] +-------------------------------------------------------------------- 3) Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability CVE-2022-20869 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-xbhfr4cD"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability CVE-2022-20914 SIR: Medium CVSS Score v(3.1): 4.9 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF"] +-------------------------------------------------------------------- 5) Cisco Webex Meetings Web Interface Vulnerabilities CVE-2022-20820, CVE-2022-20852 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-frmhijck-kO3wmkuS"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================