Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN409
_____________________________________________________________________

DATE                : 03/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unified Communications Manager,
                      Cisco Enterprise Chat and Email,
                      Cisco Spaces Connector,
                      Cisco BroadWorks Application.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2025-July-02.

The following PSIRT security advisories (1 Critical, 3 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Unified Communications Manager Static SSH Credentials
Vulnerability - SIR: Critical

2) Cisco Enterprise Chat and Email Stored Cross-Site Scripting
Vulnerability - SIR: Medium

3) Cisco Spaces Connector Privilege Escalation Vulnerability -
SIR: Medium

4) Cisco BroadWorks Application Delivery Platform Cross-Site
Scripting Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Unified Communications Manager Static SSH Credentials
Vulnerability

CVE-2025-20309

SIR: Critical

CVSS Score v(3.1): 10.0

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7"]

+--------------------------------------------------------------------

2) Cisco Enterprise Chat and Email Stored Cross-Site Scripting
Vulnerability

CVE-2025-20310

SIR: Medium

CVSS Score v(3.1): 6.1

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-xss-CbtKtEYc"]

+--------------------------------------------------------------------

3) Cisco Spaces Connector Privilege Escalation Vulnerability

CVE-2025-20308

SIR: Medium

CVSS Score v(3.1): 6.0

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spaces-conn-privesc-kgD2CcDU"]

+--------------------------------------------------------------------

4) Cisco BroadWorks Application Delivery Platform Cross-Site
Scripting Vulnerability

CVE-2025-20307

SIR: Medium

CVSS Score v(3.1): 4.8

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-O696ymRA"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================