CERTFR-2017-AVI-084

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco N/A Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et postérieures
Cisco N/A Cisco 8500 Series Wireless Controller
Cisco N/A Cisco Flex 7500 Series Wireless Controller
Cisco N/A Cisco Virtual Wireless Controller
Cisco N/A Cisco Mobility Express 1800 Series Access Points avec une version logicielle antérieure à 8.2.110.0
Cisco N/A Cisco Virtualized Packet Core avec StarOS versions antérieures à N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH
Cisco N/A Wireless Services Module 2 (WiSM2)
Cisco N/A Cisco ASR 5000/5500/5700 Series avec StarOS versions postérieures à 17.7.0 et antérieures à 18.7.4, 19.5, ou 20.2.3 avec SSH
Cisco N/A Cisco 5500 Series Wireless Controller
Cisco N/A Cisco Workload Automation Client Manager Server versions 6.3.0.116 et postérieures
Cisco N/A Cisco 2500 Series Wireless Controller
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Tidal Enterprise Scheduler Client Manager Server versions 6.2.1.435 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 8500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Flex 7500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtual Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Mobility Express 1800 Series Access Points avec une version logicielle ant\u00e9rieure \u00e0 8.2.110.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtualized Packet Core avec StarOS versions ant\u00e9rieures \u00e0 N 4.2.7 (19.3.v7) et N4.7 (20.2.v0) avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Wireless Services Module 2 (WiSM2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASR 5000/5500/5700 Series avec StarOS versions post\u00e9rieures \u00e0 17.7.0 et ant\u00e9rieures \u00e0 18.7.4, 19.5, ou 20.2.3 avec SSH",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 5500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Workload Automation Client Manager Server versions 6.3.0.116 et post\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 2500 Series Wireless Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3831"
    },
    {
      "name": "CVE-2017-3819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3819"
    },
    {
      "name": "CVE-2017-3846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3846"
    },
    {
      "name": "CVE-2017-3854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3854"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-tes"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15    mars 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800"
    }
  ],
  "reference": "CERTFR-2017-AVI-084",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-ap1800 du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-tes du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-wlc-mesh du 15 mars 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170315-asr du 15 mars 2017",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.