Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN199

_____________________________________________________________________

DATE                : 03/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Meraki MX and Z Serie,
                           Cisco Enterprise Chat and Email,
                     Cisco Evolved Programmable Network Manager
                            and Cisco Prime Infrastructure.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2025-April-02.

The following PSIRT security advisories (2 High, 1 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service
Vulnerability - SIR: High

2) Cisco Enterprise Chat and Email Denial of Service Vulnerability
- SIR: High

3) Cisco Evolved Programmable Network Manager and Cisco Prime
Infrastructure Stored Cross-Site Scripting Vulnerabilities - SIR:
Medium

+--------------------------------------------------------------------

1) Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service
Vulnerability

CVE-2025-20212

SIR: High

CVSS Score v(3.1): 7.7

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vNRpDvfb"]

+--------------------------------------------------------------------

2) Cisco Enterprise Chat and Email Denial of Service Vulnerability

CVE-2025-20139

SIR: High

CVSS Score v(3.1): 7.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-tC6m9GZ8"]

+--------------------------------------------------------------------

3) Cisco Evolved Programmable Network Manager and Cisco Prime
Infrastructure Stored Cross-Site Scripting Vulnerabilities

CVE-2025-20120, CVE-2025-20203

SIR: Medium

CVSS Score v(3.1): 6.1

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-GSScPGY4"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================