{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>SD-WAN versions ant\u00e9rieures \u00e0 20.1.2</li> <li>SD-WAN versions ant\u00e9rieures \u00e0 20.3.2</li> <li>application Webex Meetings Desktop pour Windows 40.6.x versions ant\u00e9rieures \u00e0 40.6.9</li> <li>application Webex Meetings Desktop pour Windows 40.8.x versions ant\u00e9rieures \u00e0 40.8.9</li> <li>Webex Meetings sites 40.6.x versions ant\u00e9rieures \u00e0 40.6.11</li> <li>Webex Meetings sites 40.8.x versions ant\u00e9rieures \u00e0 40.8.0</li> <li>Webex Meetings Server 3.x versions ant\u00e9rieures \u00e0 3.0MR3 SP4</li> <li>Webex Meetings Server 4.x versions ant\u00e9rieures \u00e0 4.0MR3 SP4</li> <li><span class=\"more\">application Cisco\u00a0AnyConnect Secure Mobility toutes versions avec les options \"Auto Update\" et \"Enable Scripting\" activ\u00e9es</span></li> <li>Cisco IOS XR pour ASR 9000 versions ant\u00e9rieures \u00e0 6.5.2 avec une version de BIOS ant\u00e9rieure \u00e0 10.65, 14.35, 16.14, 17.34, 22.20, 30.23 ou 31.20 en fonction du mat\u00e9riel</li> <li>Cisco IOS XR pour NCS 1000 versions ant\u00e9rieures \u00e0 7.1.1 avec une version de BIOS ant\u00e9rieure \u00e0 14.60</li> <li>Cisco IOS XR pour NCS 540 versions ant\u00e9rieures \u00e0 7.2.1 avec une version de BIOS ant\u00e9rieure \u00e0 1.15</li> <li>Cisco IOS XR pour NCS 560 versions ant\u00e9rieures \u00e0 6.6.3, 6.6.24 et 7.0.2 avec une version de BIOS ant\u00e9rieure \u00e0 0.14</li> <li>Cisco IOS XR pour NCS 5000 versions ant\u00e9rieures \u00e0 7.2.1 avec une version de BIOS ant\u00e9rieure \u00e0 1.13 ou 1.14 en fonction du mat\u00e9riel</li> <li>Cisco IOS XR pour NCS 5500 versions ant\u00e9rieures \u00e0 6.6.3 et 6.6.24 avec une version de BIOS ant\u00e9rieure \u00e0 9.30, 1.21 ou 1.12 en fonction du mat\u00e9riel</li> </ul> <p>Les versions SD-WAN 18.x et 19.x sont \u00e9galement affect\u00e9es et doivent faire l'objet d'une mise \u00e0 jour vers les versions ci-dessus.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-3284","url":"https://www.cve.org/CVERecord?id=CVE-2020-3284"},{"name":"CVE-2020-3600","url":"https://www.cve.org/CVERecord?id=CVE-2020-3600"},{"name":"CVE-2020-3556","url":"https://www.cve.org/CVERecord?id=CVE-2020-3556"},{"name":"CVE-2020-26074","url":"https://www.cve.org/CVERecord?id=CVE-2020-26074"},{"name":"CVE-2020-3574","url":"https://www.cve.org/CVERecord?id=CVE-2020-3574"},{"name":"CVE-2020-3595","url":"https://www.cve.org/CVERecord?id=CVE-2020-3595"},{"name":"CVE-2020-26071","url":"https://www.cve.org/CVERecord?id=CVE-2020-26071"},{"name":"CVE-2020-3593","url":"https://www.cve.org/CVERecord?id=CVE-2020-3593"},{"name":"CVE-2020-3603","url":"https://www.cve.org/CVERecord?id=CVE-2020-3603"},{"name":"CVE-2020-3573","url":"https://www.cve.org/CVERecord?id=CVE-2020-3573"},{"name":"CVE-2020-3604","url":"https://www.cve.org/CVERecord?id=CVE-2020-3604"},{"name":"CVE-2020-26073","url":"https://www.cve.org/CVERecord?id=CVE-2020-26073"},{"name":"CVE-2020-3588","url":"https://www.cve.org/CVERecord?id=CVE-2020-3588"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 f\u00e9vrier 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK"},{"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepegr-4xynYLUj du 04 f\u00e9vrier 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj"},{"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 f\u00e9vrier 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2"}],"reference":"CERTFR-2020-AVI-713","revisions":[{"description":"Version initiale","revision_date":"2020-11-05T00:00:00.000000"},{"description":"ajout des syst\u00e8mes affect\u00e9s manquants et correction de dates erron\u00e9es","revision_date":"2020-11-06T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vman-traversal-hQh24tmk du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-vdi-qQrpBwuJ du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepegr-4xynYLUj du 04 novembre 2020","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepeshlg-tJghOQcA du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vmanage-escalation-Jhqs5Skf du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vsoln-arbfile-gtsEYxns du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepescm-BjgQm4vJ du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-nbr-NOS6FQ24 du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-ipc-KfQO9QhK du 04 novembre 2020","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 du 04 novembre 2020","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-voip-phone-flood-dos-YnU9EXOv du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-vepestd-8C3J9Vc du 04 novembre 2020","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc"}]}