Vulnérabilités informatiques de Cisco PRSM

NTP.org : cinq vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de NTP.org...
9010095, bulletinapr2016, CERTFR-2016-AVI-209, cisco-sa-20160603-ntpd, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, FEDORA-2016-89e0874533, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:24.ntp, hpesbhf03757, ICSA-16-175-03, K03331206, K64505405, K82644737, NTAP-20160722-0001, openSUSE-SU-2016:1583-1, openSUSE-SU-2016:1636-1, SOL03331206, SSA:2016-155-01, SUSE-SU-2016:1563-1, SUSE-SU-2016:1568-1, SUSE-SU-2016:1584-1, SUSE-SU-2016:1602-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-19790, VU#321640

OpenSSL : six vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de OpenSSL...
1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-2019-197, DSA-2020-062, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007

OpenSSL : sept vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de OpenSSL...
000008897, 046178, 046208, 1979498, 1979602, 1987779, 1993210, 2003480, 2003620, 2003673, 2012827, 2013020, 2014202, 2014651, 2014669, 2015080, 2016039, 7043086, 9010066, 9010067, 9010072, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CTX208403, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842, DSA-2020-062, DSA-3500-1, ESA-2016-080, FEDORA-2016-2802690366, FEDORA-2016-e1234b65a2, FEDORA-2016-e6807b3394, FreeBSD-SA-16:12.openssl, HPESBHF03741, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10722, JSA10759, K22334603, K52349521, K93122894, MBGSA-1602, NTAP-20160301-0001, NTAP-20160303-0001, NTAP-20160321-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:0720-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:1211-1, openSUSE-SU-2017:1212-1, PAN-SA-2016-0020, PAN-SA-2016-0028, PAN-SA-2016-0030, RHSA-2016:0301-01, RHSA-2016:0302-01, RHSA-2016:0303-01, RHSA-2016:0304-01, RHSA-2016:0305-01, RHSA-2016:0306-01, RHSA-2016:0372-01, RHSA-2016:0445-01, RHSA-2016:0446-01, RHSA-2016:0490-01, RHSA-2016:1519-01, RHSA-2016:2073-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA117, SA40168, SA44073-2019-03, SB10156, SOL22334603, SOL40524634, SOL52349521, SOL79215841, SOL93122894, SSA:2016-062-02, SSA-623229, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2016-03, USN-2914-1, VIGILANCE-VUL-19060, VN-2016-004, VU#583776

OpenSSL : deux vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de OpenSSL...
046178, 046208, 1979498, 9010067, BSA-2016-004, bulletinapr2016, bulletinjan2016, CERTFR-2016-AVI-076, CERTFR-2016-AVI-080, cisco-sa-20160302-openssl, CVE-2016-0703, CVE-2016-0704, DSA-2020-062, FreeBSD-SA-16:12.openssl, HPESBHF03741, JSA10759, NTAP-20160303-0001, openSUSE-SU-2016:0627-1, openSUSE-SU-2016:0628-1, openSUSE-SU-2016:0638-1, openSUSE-SU-2016:0720-1, PAN-SA-2016-0030, RHSA-2016:0372-01, SA117, SA40168, SOL95463126, SUSE-SU-2016:0617-1, SUSE-SU-2016:0620-1, SUSE-SU-2016:0621-1, SUSE-SU-2016:0624-1, SUSE-SU-2016:0631-1, SUSE-SU-2016:0641-1, SUSE-SU-2016:0678-1, TNS-2016-03, VIGILANCE-VUL-19061

Cisco ASA-CX, Prime Security Manager : élévation de privilèges via la fonction de changement de mot de passe
Un attaquant peut définir le mot de passe d'un utilisateur arbitraire de Cisco ASA et Prime Security Manager, afin d'élever ses privilèges...
CERTFR-2016-AVI-047, cisco-sa-20160203-prsm, CVE-2016-1301, VIGILANCE-VUL-18868

NTP.org : multiples vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de NTP.org...
BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787

OpenSSL : déni de service via ServerKeyExchange
Un attaquant peut envoyer un message ServerKeyExchange malveillant vers un client compilé avec OpenSSL, afin de mener un déni de service...
1972951, 2003480, 2003620, 2003673, 9010051, c05398322, cisco-sa-20151204-openssl, CVE-2015-1794, DSA-2020-062, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2016:0637-1, PAN-SA-2016-0020, PAN-SA-2016-0028, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18443

OpenSSL : utilisation de mémoire libérée via PSK Identify Hint
Un attaquant peut provoquer l'utilisation d'une zone mémoire libérée via PSK Identify Hint dans un client OpenSSL multi-threadé, afin de mener un déni de service, et éventuellement d'exécuter du code...
1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-2020-062, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437

OpenSSL : obtention d'information via X509_ATTRIBUTE
Un attaquant peut lire un fragment de la mémoire via X509_ATTRIBUTE de OpenSSL manipulant des données PKCS#7 ou CMS, afin d'obtenir des informations sensibles...
1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-2020-062, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436

OpenSSL : déréférencement de pointeur NULL via Certificate Verification
Un attaquant peut forcer le déréférencement d'un pointeur NULL durant la vérification d'un certificat par OpenSSL (en mode client ou serveur), afin de mener un déni de service...
1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-2020-062, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, SUSE-SU-2019:14246-1, USN-2830-1, VIGILANCE-VUL-18435

Notre base de données contient d'autres bulletins. Vous pouvez utiliser un essai gratuit pour les consulter.

Consulter les informations sur Cisco PRSM :

https://www.cisco.com/c/en/us/products/security/prime-security-manager/index.html