描述:
Cisco 发布了安全公告以应对发现於 Cisco 装置及软件中的多个漏洞。有关漏洞及攻击向量的资料,请参阅供应商网站的相应安全公告。
受影响的系统:
- Cisco AnyConnect Secure Mobility Client for Windows
- Cisco Catalyst PON Series Switches Optical Network Terminal
- Cisco Common Services Platform Collector
- Cisco Email Security Appliance
- Cisco Policy Suite
- Cisco Prime Access Registrar
- Cisco Prime Infrastructure and Evolved Programmable Network Manager
- Cisco Small Business RV Series Routers
- Cisco Small Business Series Switches
- Cisco Webex Video Mesh Software
- Cisco Unified Communications
有关受影响产品的详细资料,请参阅供应商网站的相应安全公告中有关 “Affected Products” 的部分。
影响:
成功利用这些漏洞可以在受影响的系统导致远端执行程式码、插入任意指令码、跨网址程式编程、跨网址请求伪造、服务受阻断、泄漏资讯、权限提升、绕过保安限制、篡改、仿冒诈骗或完全控制受影响的系统,视乎攻击者利用哪些漏洞而定。
建议:
适用於受影响系统的软件更新已可获取。受影响系统的系统管理员应遵从产品供应商的建议,立即采取行动以降低风险。有关修补程式的详细资料,请参阅供应商网站的相应安全公告中有关 “Fixed Software”的部分。
系统管理员可联络其产品支援供应商,以取得修补程式及有关支援。
进一步信息:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT
- https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20211104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1500
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34731
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34741
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34773
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34774
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40119
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40124
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40126 (to CVE-2021-40128)