CERTFR-2016-AVI-140
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco ASA Services Module pour Cisco Catalyst 6500 Series Switches et Cisco 7600 Series Routers versions 9.4 antérieures à 9.4.1 | ||
| Cisco | N/A | Cisco WLC versions antérieures à 8.0.132.0 | ||
| Cisco | N/A | Cisco Adaptive Security Virtual Appliance (ASAv) versions 9.4 antérieures à 9.4.1 | ||
| Cisco | IOS XE | Cisco IOS XE versions 3.2.0 à 3.18.0S | ||
| Cisco | N/A | Cisco Unified Computing System Platform Emulator | ||
| Cisco | IOS | Cisco IOS versions 15.5(3)M01 et antérieures | ||
| Cisco | N/A | Cisco ASA 5500-X Series Next-Generation Firewalls versions 9.4 antérieures à 9.4.1 | ||
| Cisco | N/A | Produits Cisco exécutant libSRTP versions antérieures à 1.5.3. Voir sur le site du constructeur pour une liste exhaustive (cf. section Documentation, avis de sécurité cisco-sa-20160420-libsrtp) |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco ASA Services Module pour Cisco Catalyst 6500 Series Switches et Cisco 7600 Series Routers versions 9.4 ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions ant\u00e9rieures \u00e0 8.0.132.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Adaptive Security Virtual Appliance (ASAv) versions 9.4 ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS XE versions 3.2.0 \u00e0 3.18.0S",
"product": {
"name": "IOS XE",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Computing System Platform Emulator",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IOS versions 15.5(3)M01 et ant\u00e9rieures",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5500-X Series Next-Generation Firewalls versions 9.4 ant\u00e9rieures \u00e0 9.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Produits Cisco ex\u00e9cutant libSRTP versions ant\u00e9rieures \u00e0 1.5.3. Voir sur le site du constructeur pour une liste exhaustive (cf. section Documentation, avis de s\u00e9curit\u00e9 cisco-sa-20160420-libsrtp)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1384",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1384"
},
{
"name": "CVE-2016-1364",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1364"
},
{
"name": "CVE-2016-1362",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1362"
},
{
"name": "CVE-2016-1340",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1340"
},
{
"name": "CVE-2016-1339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1339"
},
{
"name": "CVE-2016-1367",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1367"
},
{
"name": "CVE-2016-1363",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1363"
},
{
"name": "CVE-2015-6360",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6360"
}
],
"initial_release_date": "2016-04-21T00:00:00",
"last_revision_date": "2016-04-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-bdos du 20 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-bdos"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-libsrtp du 20 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-asa-dhcpv6 du 20 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-asa-dhcpv6"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-wlc du 20 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-wlc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160414-ucspe2 du 14 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160414-ucspe1 du 14 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160419-ios du 19 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-htrd du 20 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-htrd"
}
],
"reference": "CERTFR-2016-AVI-140",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-bdos du 20 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160414-ucspe2 du 14 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-htrd du 20 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-libsrtp du 20 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160419-ios du 19 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-asa-dhcpv6 du 20 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160414-ucspe1 du 14 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 les produits Cisco cisco-sa-20160420-wlc du 20 avril 2016",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…