Cisco 发布了十个安全公告,以应对发现于 Cisco IOS 及 IOS XE软件中的漏洞。未通过认证的远程攻击者可以利用有关功能或规约来攻击这些漏洞,包括通用工业协议 (CIP) 功能,以Secure Shell Host (SSH) 遥距登入认证、授权、计帐(AAA)服务,H.323服务协议,互联网密码匙交换第一版本(IKEv1)分段码,网络协议细目纪录 (IPDR) ,IPv4 组播源发现协议,IPv6协议无关组播(PIM) ,Smart Install client功能和网络地址转换 (NAT) 。
关于受影响产品的详细数据,请参阅供货商网站相关安全公告中 “Affected Products” 的部分:
01. Cisco IOS 软件通用工业协议请求的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
02. Cisco IOS 与 IOS XE 软件AAA Login登入的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
03. Cisco IOS 与 IOS XE 软件 DNS Forwarder 的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
04. Cisco IOS 与 IOS XE 软件H.323信息核实的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
05. Cisco IOS 与 IOS XE 软件互联网密码匙交换第一版本分段码的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
06. Cisco IOS 与 IOS XE 软件中组播源发现协议的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
07. Cisco IOS 与 IOS XE 软件Multicast Routing的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
08. Cisco IOS 与 IOS XE 软件 Smart Install 内存泄漏漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
09. Cisco IOS XE软件IP 分段复合的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
10. Cisco IOS XE软件NAT 的服务受阻断漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
成功利用这些漏洞可以导致服务受阻断,损毁、读取或泄漏内存内容,终止程序执行或重新启动装置,视乎攻击者利用哪个漏洞而定。
用户可联络其产品支援供应商,以取得修补程式及有关支援。
适用于受影响系统的修补程序已可获取。受影响系统的用户应遵从产品供货商的建议,立即采取行动以降低风险。有关修补程序的详细数据,请参阅供货商网站的相应安全公告中有关 “Obtaining Fixed Software” 的部分。
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56513
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
https://www.hkcert.org/my_url/zh/alert/16092902
https://www.us-cert.gov/ncas/current-activity/2016/09/28/Cisco-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6378 (to CVE-6386)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6391 (to CVE-6393)