System logs:
Event ID 8
The domain controller rejected the client certificate of user U1@abc.com, used for smart card logon. The following error was returned from the certificate validation process: A certificate chain processed correctly, but one of the CA certificate is not trusted by the policy provider.
A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device.
The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM
Security Impact Rating: Medium
CVE: CVE-2020-3360
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device.
The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM
Security Impact Rating: Medium
CVE: CVE-2020-3360
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system.
The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy
Security Impact Rating: Medium
CVE: CVE-2020-3350
You can use OpenSSL implementation of BSD Unix distribution on ADC to import/export the certificate and key files. The exported files are free of the control characters that are preventing successful installation of the certificate and key files:
Use a secure copy program (WinSCP ) to copy the certificate and key files to the/nsconfig/ssl directory of the ADC appliance.
The Certificate and Key files can also be uploaded to the ADC using the Configuration Utility. Navigate to Traffic Management > SSL > Manage Certificates / Keys / CSRs > Upload as shown in the following screen shots:
Open a Secure Shell (SSH) session to the appliance, and after authentication, run the shell command to switch to shell.
Navigate to /nsconfig/ssl directory:
cd /nsconfig/ssl
Use OpenSSL to import and export the certificate file. The following example is for PEM or Base64 certificates:
openssl x509 -in <certificateFileName> -out <newCertificateFileName>
Use OpenSSL to import and export the key file. The following example is for PEM or Base64 key files:
openssl rsa -in <keyFileName> -out <newKeyFileName>
You will now be able to successfully import the certificate on the ADC appliance by using the new exported version of the files.
Open the certificate on a Windows computer and convert it to Base-64 encoded X.509 (.CER) and then install the certificate on the appliance:
Go to Start > Run and type mmc on a Windows machine.
Double-click and open the certificate file that you want to convert.
Click Details.
Click Copy to File.
Select the Base-64 encoded X.509 (.CER) option.
Click Next.
Browse to the location you want to save the converted certificate. Name the file with a .cer extension.
Click Next.
Install the converted certificate on the NetScaler appliance.
This error occurs when the PKCS #7 (.p7b) certificate is incorrectly converted to PEM format. Refer to CTX124783 – How to Convert a PKCS #7 Certificate to PEM Format for the correct procedure.
Group Policy was modified on the Cloud Connectors restricting kerberos to only support encryption method AES128_HMAC_SHA1 & AES256_HMAC_SHA1
Kerberos session ticket being denied from the domain controller due to non-supported encryption type.
Error found in trace file: “KRB5KDC_ERR_ETYPE_NOSUPP”
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text.
The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-audit-log-59RBdwb6
Security Impact Rating: Medium
CVE: CVE-2020-3281
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cipdos-hkfTZXEx
This advisory is part of the June 3, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 23 Cisco Security Advisories that describe 25 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2020-3225
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an
authenticated, remote attacker to write or modify arbitrary files in the
virtual instance that is running on the affected device.
The vulnerability is due to insufficient input validation of
user-supplied application packages. An attacker who can upload a
malicious package within Cisco IOx could exploit the vulnerability to
modify arbitrary files. The impacts of a successful exploit are limited
to the scope of the virtual instance and do not affect the device that
is hosting Cisco IOx.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-caf-3dXM8exv
Security Impact Rating: High
CVE: CVE-2020-3238