===================================================================== CERT-Renater Note d'Information No. 2023/VULN478 _____________________________________________________________________ DATE : 16/11/2023 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Identity Services Engine, Cisco AppDynamics PHP Agent, Cisco Secure Client Software, Cisco IP Phone, Cisco Secure Endpoint for Windows. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2023-November-15. The following PSIRT security advisories (5 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Identity Services Engine Vulnerabilities - SIR: Medium 2) Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability - SIR: Medium 3) Cisco Secure Client Software Denial of Service Vulnerabilities - SIR: Medium 4) Cisco IP Phone Stored Cross-Site Scripting Vulnerability - SIR: Medium 5) Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Identity Services Engine Vulnerabilities CVE-2023-20208, CVE-2023-20272 SIR: Medium CVSS Score v(3.1): 6.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR"] +-------------------------------------------------------------------- 2) Cisco AppDynamics PHP Agent Privilege Escalation Vulnerability CVE-2023-20274 SIR: Medium CVSS Score v(3.1): 6.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5"] +-------------------------------------------------------------------- 3) Cisco Secure Client Software Denial of Service Vulnerabilities CVE-2023-20240, CVE-2023-20241 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8"] +-------------------------------------------------------------------- 4) Cisco IP Phone Stored Cross-Site Scripting Vulnerability CVE-2023-20265 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA"] +-------------------------------------------------------------------- 5) Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability CVE-2023-20084 SIR: Medium CVSS Score v(3.1): 5.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================