{"id":234729,"date":"2020-08-21T17:37:54","date_gmt":"2020-08-21T15:37:54","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=234729"},"modified":"2020-08-21T17:37:54","modified_gmt":"2020-08-21T15:37:54","slug":"cisco-dringende-sicherheitspatches-erforderlich-august-2020","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2020\/08\/21\/cisco-dringende-sicherheitspatches-erforderlich-august-2020\/","title":{"rendered":"Cisco: Dringende Sicherheitspatches erforderlich (August 2020)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\"\/>Ein statische Passwort f\u00fcr ein Benutzerkonto erlaubt die \u00dcbernahme diverser Cisco-Produkte. Administratoren von Cisco Virtual Wide Area Application Services (vWAAS) mit Cisco Enterprise NFV Infrastructure Software (NFVIS), die auf den Appliances CSP 5000-W und ENCS 5400-W sollten zeitnah ein Sicherheitsupdate installieren.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg08.met.vgwort.de\/na\/3a45c942f1c045cd91cdf236fc03b380\" width=\"1\" height=\"1\"\/>Zum 19. August 2020 hat Cisco eine <a href=\"https:\/\/tools.cisco.com\/security\/center\/publicationListing.x\" target=\"_blank\" rel=\"noopener noreferrer\">ganze Latte an Sicherheitswarnungen<\/a> zu diversen Produkten ver\u00f6ffentlicht. Nachfolgende Schwachstellen werden als kritisch bis hoch eingestuft. <\/p>\n<ul>\n<li>CVE-2020-3446: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-waas-encsw-cspw-cred-hZzL29A7\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3443: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-smart-priv-esca-nqwxXWBu\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3506, CVE-2020-3507: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ipcameras-rce-dos-uPyJYxN3\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities<\/a><\/li>\n<\/ul>\n<p>Zu diesen Schwachstellen findet sich bei heise <a href=\"https:\/\/www.heise.de\/news\/Sicherheitsupdates-Wieder-eine-vergessene-Hintertuer-in-Cisco-Produkten-4875646.html\" target=\"_blank\" rel=\"noopener noreferrer\">dieser Artikel<\/a> mit einigen Kurzhinweisen. Die nachfolgenden Schwachstellen haben den Bedrohunggrad mittel erhalten. <\/p>\n<ul>\n<li>CVE-2020-3440: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-webex-desktop-app-OVSfpVMj\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3484: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-vdsd-W7mnkwj7\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Vision Dynamic Signage Director Directory Traversal Information Disclosure Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3496: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sbss-ipv6-dos-tsgqbffW\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3466: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dnac-mlt-xss-zUzbcdEV\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco DNA Center Cross-Site Scripting Vulnerabilities<\/a>  <\/li>\n<li>CVE-2020-3439: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-xss-stored-w4rJZJtO\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3518: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-xss-JnHSWG5C\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Cross-Site Scripting Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3523: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-xss-5TdMJRB3\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Cross-Site Scripting Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3519: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-patrav-pW9RkhyW\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Path Traversal Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3538: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-pa-trav-bMdfSTTq\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Path Traversal Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3520: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-infordisc-DOAXVvFV\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Information Disclosure Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3521: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-file-path-6PKONjHe\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Read File Path Traversal Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3540: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-bypass-auth-mVDR6ygT\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Authorization Bypass Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3539: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-authbypass-YVJzqgk2\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Authorization Bypass Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3522: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-dcnm-auth-bypass-MYeFpFcF\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Data Center Network Manager Authorization Bypass Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3491: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cvdsd-xss-teMmLyUr\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Vision Dynamic Signage Director Stored Cross-Site Scripting Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3485: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cvdsd-rbac-y9LM5jw4\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability<\/a>  <\/li>\n<li>CVE-2020-3490: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cvdsd-pathtrv-5tLJRrFn\" target=\"_blank\" rel=\"noopener noreferrer\">Cisco Vision Dynamic Signage Director Path Traversal Vulnerability<\/a><\/li>\n<\/ul>\n<p>Details sind den verlinkten Artikeln mit den Sicherheitshinweisen zu entnehmen.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ein statische Passwort f\u00fcr ein Benutzerkonto erlaubt die \u00dcbernahme diverser Cisco-Produkte. Administratoren von Cisco Virtual Wide Area Application Services (vWAAS) mit Cisco Enterprise NFV Infrastructure Software (NFVIS), die auf den Appliances CSP 5000-W und ENCS 5400-W sollten zeitnah ein Sicherheitsupdate &hellip; <a href=\"https:\/\/borncity.com\/blog\/2020\/08\/21\/cisco-dringende-sicherheitspatches-erforderlich-august-2020\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[731,426],"tags":[3081,4328],"class_list":["post-234729","post","type-post","status-publish","format-standard","hentry","category-gerate","category-sicherheit","tag-geraete","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/234729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=234729"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/234729\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=234729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=234729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=234729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}