1. 主页
  2. 保安警报
  3. 保安警报 (A21-04-01)

保安警报 (A21-04-01): Cisco 产品多个漏洞


 

发布日期: 2021年 4月 9日

  
  

描述:

Cisco 发布了安全公告以应对发现于 Cisco 装置及软件中的多个漏洞。有关漏洞及攻击向量的资料,请参阅供应商网站的相应安全公告。

 

受影响的系统:

  • Cisco 运行 IOS XR Software 的产品
  • Cisco Advanced Malware Protection
  • Cisco SD-WAN vManage
  • Cisco Small Business RV Series Routers
  • Cisco Umbrella (cloud based)
  • Cisco Unified Communications Products
  • Cisco Unified Intelligence Center Software
  • Cisco Webex Meetings

有关受影响产品的详细资料,请参阅供应商网站的相应安全公告中有关“Affected Products”的部分。

 

影响:

成功利用这些漏洞可以在受影响的系统导致插入任意指令码、执行任意程式码、跨网址程式编程、服务受阻断、泄漏资讯、绕过保安限制、系统重启、数据篡改、权限提升或完全控制受影响的系统,视乎攻击者利用哪些漏洞而定。

 

建议:

适用于受影响系统的软件更新已可获取。受影响系统的系统管理员应遵从产品供应商的建议,立即采取行动以降低风险。有关修补程式的详细资料,请参阅供应商网站的相应安全公告中有关 “Fixed Software” 的部分。

系统管理员可联络其产品支援供应商,以取得修补程式及有关支援。

 

进一步信息:

  • https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20210408
  • https://us-cert.cisa.gov/ncas/current-activity/2021/04/08/cisco-releases-security-updates-multiple-products
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-tu79hvkO
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-bypass-inject-Rbhgvfdx
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-inject-gbZGHP5T
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-VObwRKWV
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-andro-iac-f3UR8frB
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cmdinj-vsKGherc
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1137
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1251
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1308
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1309
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1362
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1380
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1386
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1399
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1406 (to CVE-2021-1409)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1413 (to CVE-2021-1415)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1420
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1459
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1463
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1467
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1472 (to CVE-2021-1475)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1479
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1480
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1485


标签 : Cisco , Cisco IOS , Cisco AMP , Cisco SD-WAN , Cisco Router , Cisco Umbrella , Cisco Unified Communications , Cisco Unified Intelligence Center , Cisco Webex
标签