Cisco informuje o nowych podatnościach. (P23-019)

cert.pse-online.pl 1 rok temu

22 marca 2023 r. firma Cisco opublikowała poradniki bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów.

Opis/Link	Krytyczność	CVSS	CVE
Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability	8.6	AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20027
Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability	7.8	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVE-2023-20065
Cisco IOS XE SD-WAN Software Command Injection Vulnerability	7.8	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVE-2023-20035
Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability	8.6	AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20072
Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability	8.6	AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20080
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability	7.4	AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20067
Cisco DNA Center Privilege Escalation Vulnerability	8.0	AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H	CVE-2023-20055
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability	6.1	AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	CVE-2023-20082
Cisco Access Point Software Association Request Denial of Service Vulnerability	6.1	AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	CVE-2023-20112
Cisco IOS XE Software Web UI Path Traversal Vulnerability	6.5	AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	CVE-2023-20066
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability	6.5	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	CVE-2023-20113
Cisco IOS XE Software Privilege Escalation Vulnerability	4.4	AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N	CVE-2023-20029
Cisco DNA Center Information Disclosure Vulnerability	4.3	AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	CVE-2023-20059
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability	6.8	AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20100
Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability	6.8	AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20081
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability	5.3	AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	CVE-2023-20107
Cisco Access Point Software Denial of Service Vulnerability	6.5	AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H	CVE-2023-20056
Cisco Access Point Software Command Injection Vulnerability	4.6	AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	CVE-2023-20097