BugZero | Cisco BugID CSCwi09614 - Vulnerabilities in d-bus 1.12.2

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCwi09614 - Vulnerabilities in d-bus 1.12.2

Cisco - Defect ID: CSCwi09614

Vulnerabilities in d-bus 1.12.2

Cisco - Defect ID: CSCwi09614

Vulnerabilities in d-bus 1.12.2

Last updated on November 13th, 2023

BugZero Risk Score
7.3 High

Overall: 7.3

Severity: 8.2

Lifecycle: 4.0

Popularity: 3.7

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

This product includes Third-party Software that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs: CVE-2019-12749 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12749 CVE-2020-12049 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12049 CVE-2022-42010 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42010 CVE-2022-42011 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42011 CVE-2022-42012 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012 CVE-2023-34969 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34969 After analysis, Cisco has decided against performing additional actions on this product due to one of the following reasons: - The product is no longer maintained, having reached End of Software Maintenance. - The product is still being maintained, but a business decision was made not to upgrade the vulnerable product. - The product uses the affected third-party component in such a way as to not be affected by these vulnerabilities.

Conditions

Device with default configuration.

Workaround

Not available or not applicable.

Further Problem Description

Additional details about the vulnerabilities listed above can be found at https://www.cve.org/. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3.0 score. The Base CVSS score as of the time of evaluation is: 7.1 https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C CVE ID CVE-2019-12749, CVE-2020-12049, CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, CVE-2023-34969 have been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Change history

2023-11-13 Added: 15.2(8g)

Top Cisco Defects

9.7Defect ID: CSCwf80292
ISE cannot retrieve a peer certificate during EAP-TLS authentication
9.7Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'
9.7Defect ID: CSCwj73634
Full or partial 9800 configuration loss after HA SSO failover
9.7Defect ID: CSCwj74769
After [non]pairwise key enabling and reboot, bfd ip and port mismatch on device.
9.7Defect ID: CSCwc80831
High CPU seen across vEdge platform

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwi09614

Vulnerabilities in d-bus 1.12.2

Cisco - Defect ID: CSCwi09614

Vulnerabilities in d-bus 1.12.2

Last updated on November 13th, 2023

BugZero Risk Score7.3 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
7.3 High