描述:
Cisco 發布了安全公告,以應對 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。
受影響的系統:
- Cisco Application Policy Infrastructure Controller
- Cisco Firepower 1000, 2100, and 4100 Series
- Cisco Firepower 9300 Security Appliances
- Cisco MDS 9000 Series Multilayer Switches
- Cisco Nexus 1000 Virtual Edge for VMware vSphere
- Cisco Nexus 1000V Switch for Microsoft Hyper-V, VMware vSphere
- Cisco Nexus 3000, 5500, 5600, 6000, and 7000 Series Switches
- Cisco Nexus 9000 Series Switches in standalone NX-OS mode
- Cisco Secure Firewall 3100 Series
- Cisco UCS 6300 Series Fabric Interconnects
有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。
影響:
成功利用漏洞可以在受影響的系統導致服務被拒絕、泄漏資訊、繞過保安限制或篡改,視乎攻擊者利用哪些漏洞而定。
建議:
適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。
系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。
進一步資訊:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20168 (to CVE-2023-20169)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20200
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20230
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20234