发布日期: 2018年 3月 29日
Cisco 发布了20个安全公告,以应对发现于 Cisco IOS及IOS XE软件中的多个漏洞,当中有3个公告被评级为严重,17个公告被评级为高级。未经授权的远端攻击者可以使用没有记载的管理帐户及预设的凭证资料登入受影响的装置。攻击者也可向受影响装置传送特制的封包求来攻击这些漏洞。
成功利用这些漏洞可以导致执行任意程式码、系统重启、服务受阻断、权限提升或控制受影响的系统,视乎攻击者利用哪个漏洞而定。
适用于受影响系统的修补程式已可获取。受影响系统的用户应遵从产品供应商的建议,立即采取行动以降低风险。有关修补程式的详细资料,请参阅供应商网站的相应安全公告中有关 “Fixed Software” 的部分。
用户可联络其产品支援供应商,以取得修补程式及有关支援。
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc
https://www.us-cert.gov/ncas/current-activity/2018/03/28/Cisco-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0150 (to CVE-2018-0152)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0154 (to CVE-2018-0161)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0169 (to CVE-2018-0177)