===================================================================== CERT-Renater Note d'Information No. 2022/VULN284 _____________________________________________________________________ DATE : 25/08/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco ACI MSO Cisco software, Cisco FXOS Software, Cisco NX-OS Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-August-24. The following PSIRT security advisories (3 High, 1 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability - SIR: High 2) Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability - SIR: High 3) Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability - SIR: High 4) Cisco FXOS Software Command Injection Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco ACI Multi-Site Orchestrator Privilege Escalation Vulnerability CVE-2022-20921 SIR: High CVSS Score v(3.1): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs"] +-------------------------------------------------------------------- 2) Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability CVE-2022-20824 SIR: High CVSS Score v(3.1): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9"] +-------------------------------------------------------------------- 3) Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability CVE-2022-20823 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu"] +-------------------------------------------------------------------- 4) Cisco FXOS Software Command Injection Vulnerability CVE-2022-20865 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================