===================================================================== CERT-Renater Note d'Information No. 2023/VULN043 _____________________________________________________________________ DATE : 02/02/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco IOS XE Software with Cisco IOx feature enabled and without native docker support, Cisco Prime Infrastructure Release prior to 3.10.3, Cisco ISE Software Release prior to 3.2 Patch1, Cisco Software for Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Router. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-xss-PU6dnfD9 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-GecEHY58 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-os-injection-pxhKsDM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2023-February-01. The following PSIRT security advisories (1 High, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco IOx Application Hosting Environment Command Injection Vulnerability - SIR: High 2) Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability - SIR: Medium 3) Cisco Identity Services Engine XML External Entity Injection Vulnerability - SIR: Medium 4) Cisco Identity Services Engine Privilege Escalation Vulnerabilities - SIR: Medium 5) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco IOx Application Hosting Environment Command Injection Vulnerability CVE-2023-20076 SIR: High CVSS Score v(3.1): 7.2 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"] +-------------------------------------------------------------------- 2) Cisco Prime Infrastructure Reflected Cross-Site Scripting Vulnerability CVE-2023-20068 SIR: Medium CVSS Score v(3.0): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-xss-PU6dnfD9 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-xss-PU6dnfD9"] +-------------------------------------------------------------------- 3) Cisco Identity Services Engine XML External Entity Injection Vulnerability CVE-2023-20030 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-GecEHY58 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-GecEHY58"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Privilege Escalation Vulnerabilities CVE-2023-20021, CVE-2023-20022, CVE-2023-20023 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-os-injection-pxhKsDM ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-os-injection-pxhKsDM"] +-------------------------------------------------------------------- 5) Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability CVE-2023-20073 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================