描述:
Cisco 發布了安全公告,以應對 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。
受影響的系統:
- Cisco Duo Device Health Application for Windows
- Cisco Expressway Series
- Cisco Identity Services Engine
- Cisco Integrated Management Controller
- Cisco Intersight Virtual Appliance
- Cisco IP Phone 6800, 7800, and 8800 Series
- Cisco Prime Infrastructure and Evolved Programmable Network Manager
- Cisco Secure Endpoint Connector for Windows, for Linux, for MacOS
- Cisco Secure Endpoint Private Cloud
- Cisco TelePresence Video Communication Server
- Cisco ThousandEyes Enterprise Agent Virtual Appliance
- Cisco Umbrella Virtual Appliance
- Cisco Unified Communications Manager
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager Session Management Edition
- Cisco Unified Contact Center Express Finesse Portal
有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。
影響:
成功利用漏洞可以在受影響的系統導致遠端執行程式碼、插入任意指令碼、服務被拒絕、泄漏資訊、權限提升、繞過保安限制、仿冒詐騙或篡改,視乎攻擊者利用哪些漏洞而定。
建議:
適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。
系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。
進一步資訊:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-FTkhqMWZ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-dha-filewrite-xPMBMZAK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-credentials-tkTO3h3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-BFjSRJP5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-storedxss-tTjO62r
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-va-priv-esc-PUdgrx8E
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-wcp-JJeqDT3S
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6679
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20111
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20201
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20203
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20209
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20211 (to CVE-2023-20212)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20217
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20221 (to CVE-2023-20222)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20228 (to CVE-2023-20229)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20237
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20242