=====================================================================

                              CERT-Renater

                   Note d'Information No. 2023/VULN372

_____________________________________________________________________

DATE                : 05/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Emergency Responder
                                     software,
                      Cisco Unified Communications Products software,
                          ConfD CLI Secure Shell Server software,
                       Cisco Network Services Orchestrator software,
                         Cisco IOx Application Hosting Environment.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2023-October-04.

The following PSIRT security advisories (1 Critical, 3 High, 1
Medium) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Emergency Responder Static Credentials Vulnerability - SIR:
Critical

2) Multiple Cisco Unified Communications Products Unauthenticated
API High CPU Utilization Denial of Service Vulnerability - SIR: High

3) ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
- SIR: High

4) Cisco Network Services Orchestrator CLI Secure Shell Server
Privilege Escalation Vulnerability - SIR: High

5) Cisco IOx Application Hosting Environment Privilege Escalation
Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Emergency Responder Static Credentials Vulnerability

CVE-2023-20101

SIR: Critical

CVSS Score v(3.1): 9.8

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9"]

+--------------------------------------------------------------------

2) Multiple Cisco Unified Communications Products Unauthenticated
API High CPU Utilization Denial of Service Vulnerability

CVE-2023-20259

SIR: High

CVSS Score v(3.1): 8.6

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"]

+--------------------------------------------------------------------

3) ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

CVE-2021-1572

SIR: High

CVSS Score v(3.1): 7.8

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"]

+--------------------------------------------------------------------

4) Cisco Network Services Orchestrator CLI Secure Shell Server Privilege 
Escalation Vulnerability

CVE-2021-1572

SIR: High

CVSS Score v(3.1): 7.8

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"]

+--------------------------------------------------------------------

5) Cisco IOx Application Hosting Environment Privilege Escalation
Vulnerability

CVE-2023-20235

SIR: Medium

CVSS Score v(3.1): 6.5

URL: 
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn 
["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================