===================================================================== CERT-Renater Note d'Information No. 2023/VULN082 _____________________________________________________________________ DATE : 16/02/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-ubfHG75C https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2023-February-15. The following PSIRT security advisories (1 Critical, 2 High, 3 Medium) were published at 16:00 UTC today. Table of Contents: 1) ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 - SIR: Critical 2) Cisco Nexus Dashboard Denial of Service Vulnerability - SIR: High 3) Cisco Email Security Appliance and Cisco Secure Email and Web *Manager Vulnerabilities - SIR: High 4) Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability - SIR: Medium 5) Cisco Nexus Dashboard Cross-Site Scripting Vulnerability - SIR: Medium 6) ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 - SIR: Medium +-------------------------------------------------------------------- 1) ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023 CVE-2023-20032 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"] +-------------------------------------------------------------------- 2) Cisco Nexus Dashboard Denial of Service Vulnerability CVE-2023-20014 SIR: High CVSS Score v(3.1): 7.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-dnsdos-bYscZOsu"] +-------------------------------------------------------------------- 3) Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities CVE-2023-20009, CVE-2023-20075 SIR: High CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability CVE-2023-20085 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-ubfHG75C ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-ubfHG75C"] +-------------------------------------------------------------------- 5) Cisco Nexus Dashboard Cross-Site Scripting Vulnerability CVE-2023-20053 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-dashboard-xss-xc5BcgsQ"] +-------------------------------------------------------------------- 6) ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023 CVE-2023-20052 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================