CERTFR-2019-AVI-284

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco N/A Cisco TelePresence Integrator C Series
Cisco N/A Logiciel Cisco DNA Center versions antérieures à 1.3.
Cisco N/A Logiciel vSmart Controller exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Routeurs vEdge Cloud exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Routeurs vEdge 100 Series exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Routeur RV215W Wireless-N VPN versions antérieures à 1.3.1.4
Cisco N/A Cisco Virtualized Packet Core-Single Instance (VPC-SI) exécutant une version vulnérable de Cisco StarOS
Cisco N/A Logiciel Cisco Prime Service Catalog toutes versions antérieures à 12.1 Cumulative patch version 10
Cisco N/A Cisco Meeting Server deployments exécutant une version logicielle antérieure à 2.2.14 et 2.3.8
Cisco N/A Routeurs vEdge 2000 Series exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Cisco TelePresence MX Series
Cisco N/A Cisco TelePresence SX Series
Cisco N/A Routeurs vEdge 1000 Series exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Cisco TelePresence EX Series
Cisco N/A Pare-feu RV110W Wireless-N VPN versions antérieures à 1.2.2.4
Cisco N/A Routeurs vEdge 5000 Series exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Routeur RV130W Wireless-N Multifunction VPN versions antérieures à 1.0.3.51
Cisco N/A Logiciel vManage Network Management exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.0 et 19.1.0
Cisco N/A Logiciel vBond Orchestrator exécutant Cisco SD-WAN Solution versions antérieures à 18.3.6, 18.4.1 et 19.1.0
Cisco N/A Cisco Webex Room Series
Cisco N/A Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) exécutant une version vulnérable de Cisco StarOS
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco TelePresence Integrator C Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Logiciel Cisco DNA Center versions ant\u00e9rieures \u00e0 1.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Logiciel vSmart Controller ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeurs vEdge Cloud ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeurs vEdge 100 Series ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeur RV215W Wireless-N VPN versions ant\u00e9rieures \u00e0 1.3.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtualized Packet Core-Single Instance (VPC-SI) ex\u00e9cutant une version vuln\u00e9rable de Cisco StarOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Logiciel Cisco Prime Service Catalog toutes versions ant\u00e9rieures \u00e0 12.1 Cumulative patch version 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Meeting Server deployments ex\u00e9cutant une version logicielle ant\u00e9rieure \u00e0 2.2.14 et 2.3.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeurs vEdge 2000 Series ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence MX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence SX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeurs vEdge 1000 Series ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Pare-feu RV110W Wireless-N VPN versions ant\u00e9rieures \u00e0 1.2.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeurs vEdge 5000 Series ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Routeur RV130W Wireless-N Multifunction VPN versions ant\u00e9rieures \u00e0 1.0.3.51",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Logiciel vManage Network Management ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.0 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Logiciel vBond Orchestrator ex\u00e9cutant Cisco SD-WAN Solution versions ant\u00e9rieures \u00e0 18.3.6, 18.4.1 et 19.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Webex Room Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) ex\u00e9cutant une version vuln\u00e9rable de Cisco StarOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1878"
    },
    {
      "name": "CVE-2019-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1623"
    },
    {
      "name": "CVE-2019-1874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1874"
    },
    {
      "name": "CVE-2019-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1843"
    },
    {
      "name": "CVE-2019-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1624"
    },
    {
      "name": "CVE-2019-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1848"
    },
    {
      "name": "CVE-2019-1625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1625"
    },
    {
      "name": "CVE-2019-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1626"
    },
    {
      "name": "CVE-2019-1869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1869"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-284",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-dnac-bypass du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-staros-asr-dos du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-tele-shell-inj du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-cms-codex du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-rvrouters-dos du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-sdwan-privesca du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-sdwan-cmdinj du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-cmdinj"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-psc-csrf du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-psc-csrf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20190619-sdwan-privilescal du 19 juin 2019",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privilescal"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.