1. 主頁
  2. 保安警報
  3. 保安警報 (A23-05-09)

高危保安警報 (A23-05-09): Cisco 產品多個漏洞


 

發布日期: 2023年 5月 18日

  
  

描述:

Cisco 發布了安全公告,以應對 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。

有報告指針對 Cisco Small Business Series Switches 的遠端執行程式碼漏洞 (CVE-2023-20159、CVE-2023-20160、CVE-2023-20161 及 CVE-2023-20189) 的概念驗證 (PoC) 程式碼已被公開。系統管理員應立即為受影響的系統安裝修補程式,以減低受到網絡攻擊的風險。

 

受影響的系統:

  • Cisco Business Wireless Access Points
  • Cisco DNA Center Software
  • Cisco Identity Services Engine
  • Cisco Small Business Series Switches
  • Cisco Smart Software Manager On-Prem

有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。

Cisco Small Business 200 Series Smart Switches、300 Series Managed Switches 及 500 Series Stackable Managed Switches 已結束,再不會獲提供安全更新。用戶應安排升級產品至受支援的版本,或轉至其他受支援的技術。

 

影響:

成功利用漏洞可以在受影響的系統導致遠端執行程式碼、插入任意指令碼、服務被拒絕、泄漏資訊、繞過保安限制或篡改,視乎攻擊者利用哪些漏洞而定。

 

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。

系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。

 

進一步資訊:

  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-multiple-kTQkGU3
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-delete-read-PK5ghDDd
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-dwnld-Srcdnkd2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-sRQnsEU9
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-696OZTCm
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-sql-X9MmjSYh
  • https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20230518
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20003
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20024
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20077
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20087
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20106
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20110
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20156 (to CVE-2023-20164)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20166 (to CVE-2023-20167)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20171 (to CVE-2023-20174)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20182 (to CVE-2023-20184)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20189


標籤 : Cisco , Cisco Access Point , Cisco DNA Center , Cisco Identity Services Engine , Cisco Small Business Switches , Cisco Smart Software Manager
標籤