Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN463
_____________________________________________________________________

DATE                : 06/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unity software,
                  Cisco Crosswork Network Controller and Cisco Network
                          Services Orchestrator Connection,
                   Cisco SG350 and SG350X Series Managed Switches,
                          Cisco IoT Field Network Director,
                    Cisco Slido,
                    Cisco Identity Services Engine,
                    Cisco Prime Infrastructure,
                    Cisco Enterprise Chat and Email Lite Agent.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2026-May-06.

The following PSIRT security advisories (4 High, 4 Medium) were
published at 16:00 UTC today.

Table of Contents:

1) Cisco Unity Connection Remote Code Execution and Server-Side Request
Forgery Vulnerabilities - SIR: High

2) Cisco Crosswork Network Controller and Cisco Network Services
Orchestrator Connection Exhaustion Denial of Service Vulnerability
- SIR: High

3) Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service
Vulnerability - SIR: High

4) Cisco IoT Field Network Director Vulnerabilities - SIR: High

5) Cisco Slido Insecure Direct Object Reference Vulnerability - SIR:
Medium

6) Cisco Identity Services Engine Authentication Bypass Vulnerabilities
- SIR: Medium

7) Cisco Prime Infrastructure Information Disclosure Vulnerability
- SIR: Medium

8) Cisco Enterprise Chat and Email Lite Agent File Upload
Vulnerability - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Unity Connection Remote Code Execution and Server-Side
Request Forgery Vulnerabilities

CVE-2026-20034, CVE-2026-20035

SIR: High

CVSS Score v(3.1): 8.8

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"]

+--------------------------------------------------------------------

2) Cisco Crosswork Network Controller and Cisco Network Services
Orchestrator Connection Exhaustion Denial of Service Vulnerability

CVE-2026-20188

SIR: High

CVSS Score v(3.1): 7.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc"]

+--------------------------------------------------------------------

3) Cisco SG350 and SG350X Series Managed Switches SNMP Denial
of Service Vulnerability

CVE-2026-20185

SIR: High

CVSS Score v(3.1): 7.7

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"]

+--------------------------------------------------------------------

4) Cisco IoT Field Network Director Vulnerabilities

CVE-2026-20167, CVE-2026-20168, CVE-2026-20169

SIR: High

CVSS Score v(3.1): 7.7

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u"]

+--------------------------------------------------------------------

5) Cisco Slido Insecure Direct Object Reference Vulnerability

CVE-2026-20219

SIR: Medium

CVSS Score v(3.1): 5.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN"]

+--------------------------------------------------------------------

6) Cisco Identity Services Engine Authentication Bypass
Vulnerabilities

CVE-2026-20193, CVE-2026-20195

SIR: Medium

CVSS Score v(3.1): 5.3

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb"]

+--------------------------------------------------------------------

7) Cisco Prime Infrastructure Information Disclosure
Vulnerability

CVE-2026-20189

SIR: Medium

CVSS Score v(3.1): 4.3

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey"]

+--------------------------------------------------------------------

8) Cisco Enterprise Chat and Email Lite Agent File Upload
Vulnerability

CVE-2026-20172

SIR: Medium

CVSS Score v(3.1): 4.3

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================