===================================================================== CERT-Renater Note d'Information No. 2022/VULN397 _____________________________________________________________________ DATE : 21/10/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco Meraki MX Firmware versions prior to 16.16.6, 17.10.1, Cisco ISE versions prior to 3.1P5 (Nov 2022), 3.2P1 (Jan 2023), 2.7P8 (Oct 2022), 3.0P7 (Feb 2023), 3.2P1 (Jan 2023), Cisco TelePresence CE Software versions prior to 9.15.13.0, 10.15.2.2, 10.20.1, 10.19.1. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2022-October-19. The following PSIRT security advisories (2 High, 2 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability - SIR: High 2) Cisco Identity Services Engine Unauthorized File Access Vulnerability - SIR: High 3) Cisco Identity Services Engine Cross-Site Scripting Vulnerability - SIR: Medium 4) Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability CVE-2022-20933 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf"] +-------------------------------------------------------------------- 2) Cisco Identity Services Engine Unauthorized File Access Vulnerability CVE-2022-20822 SIR: High CVSS Score v(3.1): 7.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM"] +-------------------------------------------------------------------- 3) Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2022-20959 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M"] +-------------------------------------------------------------------- 4) Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities CVE-2022-20776, CVE-2022-20811, CVE-2022-20953, CVE-2022-20954, CVE-2022-20955 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-trav-beFvCcyu"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================