1. 主页
  2. 保安警报
  3. 保安警报 (A21-02-02)

保安警报 (A21-02-02): Cisco产品多个漏洞


 

发布日期: 2021年 2月 8日

  
  

描述:

Cisco 发布了安全公告以应对发现于 Cisco 产品中运行 Cisco IOS XR、NX-OS、UCS Central software 及 Cisco Small Business RV 系列路由器的多个漏洞。有关漏洞及攻击向量的资料,请参阅供应商网站的相应安全公告。

受影响的系统:

  • Cisco 运行 Cisco FXOS Software 的产品
  • Cisco 运行 Cisco Adaptive Security Appliance (ASA) Software 的产品
  • Cisco 运行 Firepower Threat Defense (FTD) Software 的产品
  • Cisco 运行 Cisco Firepower Management Center (FMC) Software 的产品

有关受影响产品的详细资料,请参阅供应商网站的相应安全公告中有关“Affected Products”的部分。

影响:

成功利用这些漏洞可以在受影响的系统导致执行任意程式码、任意插入指令码、服务受阻断、泄漏资讯、权限提升及绕过保安限制。

建议:

适用于受影响系统的软件更新已可获取。受影响系统的系统管理员应遵从产品供应商的建议,立即采取行动以降低风险。有关修补程式的详细资料,请参阅供应商网站的相应安全公告中有关 “Fixed Software” 的部分。

系统管理员可联络其产品支援供应商,以取得修补程式及有关支援。

进一步信息:

  • https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20210205
  • https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pe-QpzCAePe
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-msx-dos-4j7sytvU
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1128
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1136
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1243
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1244
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1268
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1288 (to CVE-2021-1297)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1313 (to CVE-2021-1348)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1354
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1370
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1389


标签 : Cisco , Cisco IOS , Cisco NX-OS , Cisco UCS , Cisco Router
标签