Search criteria
2 vulnerabilities found for Optical Site Manager by Cisco
VAR-202504-1178
Vulnerability from variot - Updated: 2025-11-18 15:12Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. ERLANG of Erlang/OTP Products from multiple vendors such as these contain vulnerabilities related to the lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202504-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.18"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1.16.2"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3.8.1"
},
{
"model": "smart phy",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.2"
},
{
"model": "rv260w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "cloud native broadband network gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03.1"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.3"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.8"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2.11.1"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.4.1"
},
{
"model": "rv260p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "staros",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2.11.1"
},
{
"model": "inode manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv160w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv260",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv340w",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.4.4.1"
},
{
"model": "ncs 2000 shelf virtualization orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.1.1"
},
{
"model": "erlang\\/otp",
"scope": "gte",
"trust": 1.0,
"vendor": "erlang",
"version": "27.0"
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "27.3.3"
},
{
"model": "ultra cloud core",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03.1"
},
{
"model": "rv160",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.2"
},
{
"model": "rv345p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "optical site manager",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "25.2.1"
},
{
"model": "ultra services platform",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "5.7.19.1"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3.8.1"
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "25.3.2.20"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.1.16.2"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.2"
},
{
"model": "confd basic",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.3"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4"
},
{
"model": "rv340",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "erlang\\/otp",
"scope": "lt",
"trust": 1.0,
"vendor": "erlang",
"version": "26.2.5.11"
},
{
"model": "confd basic",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.7.19.1"
},
{
"model": "enterprise nfv infrastructure software",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "4.18"
},
{
"model": "network services orchestrator",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.2"
},
{
"model": "network services orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.1.1"
},
{
"model": "erlang\\/otp",
"scope": "gte",
"trust": 1.0,
"vendor": "erlang",
"version": "26.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "ultra packet core",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2025.03"
},
{
"model": "rv345",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "cisco ultra cloud core",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv160 vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco enterprise nfv infrastructure software",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco intelligent node manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "confd basic",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ultra packet core",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco cloud native broadband network gateway",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco optical site manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ultra services platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "erlang/otp",
"scope": null,
"trust": 0.8,
"vendor": "erlang",
"version": null
},
{
"model": "cisco network services orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ncs 2000 shelf virtualization orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco staros",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv260 vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco smart phy",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "rv160w wireless-ac vpn \u30eb\u30fc\u30bf",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"cve": "CVE-2025-32433",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-32433",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-006839",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "security-advisories@github.com",
"id": "CVE-2025-32433",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006839",
"trust": 0.8,
"value": "Critical"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules. ERLANG of Erlang/OTP Products from multiple vendors such as these contain vulnerabilities related to the lack of authentication for important functions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-32433"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-32433",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/16/2",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/1",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/19/1",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/6",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/04/18/2",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-140-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96418823",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006839",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"id": "VAR-202504-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18174963
},
"last_update_date": "2025-11-18T15:12:07.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/16/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/1"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/2"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/18/6"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2025/04/19/1"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20250425-0001/"
},
{
"trust": 1.8,
"url": "https://github.com/prodefense/cve-2025-32433/blob/main/cve-2025-32433.py"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/6eef04130afc8b0ccb63c9a0d8650209cf54892f"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2025-32433"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/commit/b1924d37fd83c070055beb115d5d6a6a9490b891"
},
{
"trust": 1.0,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-erlang-otp-ssh-xyzzy"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
},
{
"trust": 1.0,
"url": "https://github.com/erlang/otp/security/advisories/ghsa-37cp-fgq5-7wc2"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96418823/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-32433"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-07"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"date": "2025-04-16T22:15:14.373000",
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-13T05:39:00",
"db": "JVNDB",
"id": "JVNDB-2025-006839"
},
{
"date": "2025-11-04T14:49:05.177000",
"db": "NVD",
"id": "CVE-2025-32433"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ERLANG\u00a0 of \u00a0Erlang/OTP\u00a0 Vulnerabilities related to lack of authentication for important functions in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006839"
}
],
"trust": 0.8
}
}
CERTFR-2024-AVI-0772
Vulnerability from certfr_avis - Published: 2024-09-12 - Updated: 2024-09-12
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Crosswork NSO | Crosswork NSO versions 6.1.x antérieures à 6.1.9 | ||
| Cisco | Routed Passive Optical Network Controller | Routed Passive Optical Network Controller versions antérieures à 24.4.1 | ||
| Cisco | IOS XR | IOS XR versions postérieures à 24.1.x et antérieures à 24.2.2 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 6.2.x antérieures à 6.2.3 | ||
| Cisco | IOS XR | IOS XR versions 24.4.x antérieures à 24.4.1 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 5.8.x antérieures à 5.8.13.1 | ||
| Cisco | ConfD | ConfD versions 7.7.x antérieures à 7.7.16 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 5.5.x antérieures à 5.5.10.1 | ||
| Cisco | ConfD | ConfD versions 7.5.x antérieures à 7.5.10.2 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 6.0.x antérieures à 6.0.13 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 5.7.x antérieures à 5.7.16 | ||
| Cisco | IOS XR | IOS XR versions postérieures à 7.10.x antérieures à 7.11.21 | ||
| Cisco | Crosswork NSO | Crosswork NSO versions 5.6.x antérieures à 5.6.14.3 | ||
| Cisco | ConfD | ConfD versions 8.0.x antérieures à 8.0.13 | ||
| Cisco | Optical Site Manager | Optical Site Manager versions antérieures à 24.3.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Crosswork NSO versions 6.1.x ant\u00e9rieures \u00e0 6.1.9",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Routed Passive Optical Network Controller versions ant\u00e9rieures \u00e0 24.4.1",
"product": {
"name": "Routed Passive Optical Network Controller",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR versions post\u00e9rieures \u00e0 24.1.x et ant\u00e9rieures \u00e0 24.2.2 ",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR versions 24.4.x ant\u00e9rieures \u00e0 24.4.1",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 5.8.x ant\u00e9rieures \u00e0 5.8.13.1",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.7.x ant\u00e9rieures \u00e0 7.7.16",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 5.5.x ant\u00e9rieures \u00e0 5.5.10.1",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 7.5.x ant\u00e9rieures \u00e0 7.5.10.2",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 6.0.x ant\u00e9rieures \u00e0 6.0.13",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 5.7.x ant\u00e9rieures \u00e0 5.7.16",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS XR versions post\u00e9rieures \u00e0 7.10.x ant\u00e9rieures \u00e0 7.11.21",
"product": {
"name": "IOS XR",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Crosswork NSO versions 5.6.x ant\u00e9rieures \u00e0 5.6.14.3",
"product": {
"name": "Crosswork NSO",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "ConfD versions 8.0.x ant\u00e9rieures \u00e0 8.0.13",
"product": {
"name": "ConfD",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Optical Site Manager versions ant\u00e9rieures \u00e0 24.3.1",
"product": {
"name": "Optical Site Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20406"
},
{
"name": "CVE-2024-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20483"
},
{
"name": "CVE-2024-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20317"
},
{
"name": "CVE-2024-20489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20489"
},
{
"name": "CVE-2024-20398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20398"
},
{
"name": "CVE-2024-20381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20381"
},
{
"name": "CVE-2024-20304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20304"
}
],
"initial_release_date": "2024-09-12T00:00:00",
"last_revision_date": "2024-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0772",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nso-auth-bypass-QnTEesp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-isis-xehpbVNe",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-xehpbVNe"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-l2services-2mvHdNuC",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-l2services-2mvHdNuC"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxr-priv-esc-CrG5vhCq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-CrG5vhCq"
},
{
"published_at": "2024-09-11",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-pak-mem-exhst-3ke9FeFy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pak-mem-exhst-3ke9FeFy"
}
]
}