===================================================================== CERT-Renater Note d'Information No. 2023/VULN297 _____________________________________________________________________ DATE : 07/09/2023 HARDWARE PLATFORM(S): Cisco OPERATING SYSTEM(S): Systems running Cisco BroadWorks Application Delivery Platform and Xtended Services Platform, Cisco Identity Services Engine, Cisco Small Business software, Cisco Adaptive Security Appliance Software, Cisco HyperFlex HX Data Platform. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2023-September-06. The following PSIRT security advisories (1 Critical, 1 High, 4 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability - SIR: Critical 2) Cisco Identity Services Engine RADIUS Denial of Service Vulnerability - SIR: High 3) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability - SIR: Medium 4) Cisco Identity Services Engine Privilege Escalation Vulnerabilities - SIR: Medium 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability - SIR: Medium 6) Cisco HyperFlex HX Data Platform Open Redirect Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability CVE-2023-20238 SIR: Critical CVSS Score v(3.1): 10.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX"] +-------------------------------------------------------------------- 2) Cisco Identity Services Engine RADIUS Denial of Service Vulnerability CVE-2023-20243 SIR: High CVSS Score v(3.1): 8.6 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt"] +-------------------------------------------------------------------- 3) Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability CVE-2023-20250 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N"] +-------------------------------------------------------------------- 4) Cisco Identity Services Engine Privilege Escalation Vulnerabilities CVE-2023-20193, CVE-2023-20194 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw"] +-------------------------------------------------------------------- 5) Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability CVE-2023-20269 SIR: Medium CVSS Score v(3.1): 5.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC"] +-------------------------------------------------------------------- 6) Cisco HyperFlex HX Data Platform Open Redirect Vulnerability CVE-2023-20263 SIR: Medium CVSS Score v(3.1): 4.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================