政府电脑保安事故协调中心 - 保安警报(A21-06-10): Cisco 产品多个漏洞

Cisco 发布了安全公告以应对发现於 Cisco 装置及软件中的多个漏洞。有关漏洞及攻击向量的资料，请参阅供应商网站的相应安全公告。

关受影响产品的详细资料，请参阅供应商网站的相应安全公告中有关「Affected Products」的部分。

成功利用这些漏洞可以在受影响的系统导致插入任意指令码、执行任意程式码、跨网站指令码、服务受阻断、泄漏资讯、权限提升、仿冒诈骗或完全控制受影响的系统，视乎攻击者利用哪些漏洞而定。

适用於受影响系统的软件更新已可获取。受影响系统的系统管理员应遵从产品供应商的建议，立即采取行动以降低风险。有关修补程式的详细资料，请参阅供应商网站的相应安全公告中有关「Fixed Software」的部分。

系统管理员可联络其产品支援供应商，以取得修补程式及有关支援。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-certvalid-USEj2CZk
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99
https://www.hkcert.org/security-bulletin/cisco-products-multiple-vulnerabilities_20210617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1242
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1541 (to CVE-2021-1543)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1566 (to CVE-2021-1571)

标签 : Cisco , Cisco AnyConnect Secure , Cisco DNA Center , ESA , Cisco Jabber , Cisco Meeting Server , Cisco Smart Switches , Cisco Unified Communications , Cisco Web Security Appliance , Cisco Webex