发布日期: 2018年 3月 29日
最後更新: 2025年 8月 21日
发布日期: 2018年 3月 29日
最後更新: 2025年 8月 21日
Cisco 发布了20个安全公告,以应对发现于 Cisco IOS及IOS XE软件中的多个漏洞,当中有3个公告被评级为严重,17个公告被评级为高级。未经授权的远端攻击者可以使用没有记载的管理帐户及预设的凭证资料登入受影响的装置。攻击者也可向受影响装置传送特制的封包求来攻击这些漏洞。
Cisco 指 Cisco IOS 及 IOS XE Software 的 Smart Install 功能的远端执行程式码漏洞 (CVE-2018-0171) 持续受到攻击。Cisco 发布了安全性更新以应对以上问题。系统管理员应立即为受影响的系统评估及更新,以减低受到网络攻击的风险。
成功利用这些漏洞可以导致执行任意程式码、系统重启、服务受阻断、权限提升或控制受影响的系统,视乎攻击者利用哪个漏洞而定。
适用于受影响系统的修补程式已可获取。受影响系统的用户应遵从产品供应商的建议,立即采取行动以降低风险。有关修补程式的详细资料,请参阅供应商网站的相应安全公告中有关 “Fixed Software” 的部分。
用户可联络其产品支援供应商,以取得修补程式及有关支援。
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc
https://www.us-cert.gov/ncas/current-activity/2018/03/28/Cisco-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0150 (to CVE-2018-0152)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0154 (to CVE-2018-0161)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0169 (to CVE-2018-0177)