保安警报 (A21-05-05): Cisco 产品多个漏洞

描述:

Cisco 发布了安全公告以应对发现於 Cisco 装置及软件中的多个漏洞。有关漏洞及攻击向量的资料，请参阅供应商网站的相应安全公告。

受影响的系统:

• Cisco AnyConnect Secure Mobility Client for Windows
• Cisco BroadWorks Messaging Server software
• Cisco Content Security Management Appliance
• Cisco Enterprise NFV Infrastructure Software
• Cisco HyperFlex HX
• Cisco HyperFlex HX Data Platform
• Cisco Integrated Management Controller
• Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers
• Cisco SD-WAN Software
• Cisco SD-WAN vEdge
• Cisco SD-WAN vManage
• Cisco Small Business 100, 300, and 500 Series Wireless Access Points
• Cisco TelePresence Collaboration Endpoint
• Cisco Unified Communications Manager IM & Presence Service
• Cisco Video Surveillance 8000 Series IP Cameras
• Cisco Web Security Appliance
• Cisco Webex Meetings Desktop App for Windows
• Cisco Wide Area Application Services

有关受影响产品的详细资料，请参阅供应商网站的相应安全公告中有关“Affected Products”的部分。

影响:

成功利用这些漏洞可以在受影响的系统导致插入任意指令码、执行任意程式码、跨网站指令码、缓衝区满溢、服务受阻断、泄漏资讯、绕过保安限制、插入SQL、数据篡改、权限提升或完全控制受影响的系统，视乎攻击者利用哪些漏洞而定。

建议:

适用於受影响系统的软件更新已可获取。受影响系统的系统管理员应遵从产品供应商的建议，立即采取行动以降低风险。有关修补程式的详细资料，请参阅供应商网站的相应安全公告中有关 “Fixed Software” 的部分。

系统管理员可联络其产品支援供应商，以取得修补程式及有关支援。

进一步信息:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-AggMUCDg
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bwms-xxe-uSLrZgKs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-fc3F6LzT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-9VZO4gfU
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-rmos-fileread-pE9sL3g
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3347
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1234
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1284
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1363
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1365
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1397
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1400
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1401
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1421
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1426 (to CVE-2021-1430)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1438
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1447
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1468
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1478
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1486
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1490
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1496 (to CVE-2021-1499)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1505 (to CVE-2021-1516)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1519 (to CVE-2021-1521)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1532
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1535