Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN336 _____________________________________________________________________ DATE : 05/06/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Identity Services Engine on Cloud Platforms, Cisco Integrated Management Controller, Cisco Nexus Dashboard Fabric Controller, Cisco Unified Communications Products, Cisco Unified Intelligent Contact Management Enterprise, Cisco Identity Services Engine, Cisco Unified Contact Center Express, Cisco ThousandEyes Endpoint Agent for Windows, Cisco Customer Collaboration Platform. ===================================================================== https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2025-June-04. The following PSIRT security advisories (1 Critical, 2 High, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability - SIR: Critical 2) Cisco Integrated Management Controller Privilege Escalation Vulnerability - SIR: High 3) Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability - SIR: High 4) Cisco Unified Communications Products Command Injection Vulnerability - SIR: Medium 5) Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability - SIR: Medium 6) Cisco Identity Services Engine Arbitrary File Upload Vulnerability - SIR: Medium 7) Cisco Unified Contact Center Express Vulnerabilities - SIR: Medium 8) Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability - SIR: Medium 9) Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities - SIR: Medium 10) Cisco Customer Collaboration Platform Information Disclosure Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability CVE-2025-20286 SIR: Critical CVSS Score v(3.1): 9.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7"] +-------------------------------------------------------------------- 2) Cisco Integrated Management Controller Privilege Escalation Vulnerability CVE-2025-20261 SIR: High CVSS Score v(3.1): 8.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-priv-esc-2mZDtdjM"] +-------------------------------------------------------------------- 3) Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability CVE-2025-20163 SIR: High CVSS Score v(3.1): 8.7 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp"] +-------------------------------------------------------------------- 4) Cisco Unified Communications Products Command Injection Vulnerability CVE-2025-20278 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"] +-------------------------------------------------------------------- 5) Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability CVE-2025-20273 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg"] +-------------------------------------------------------------------- 6) Cisco Identity Services Engine Arbitrary File Upload Vulnerability CVE-2025-20130 SIR: Medium CVSS Score v(3.1): 4.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY"] +-------------------------------------------------------------------- 7) Cisco Unified Contact Center Express Vulnerabilities CVE-2025-20276, CVE-2025-20277, CVE-2025-20279 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-multi-UhOTvPGL"] +-------------------------------------------------------------------- 8) Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability CVE-2025-20275 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-editor-rce-ezyYZte8"] +-------------------------------------------------------------------- 9) Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities CVE-2025-20259 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ"] +-------------------------------------------------------------------- 10) Cisco Customer Collaboration Platform Information Disclosure Vulnerability CVE-2025-20129 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================