1. 主頁
  2. 保安警報
  3. 保安警報 (A18-10-03)

保安警報 (A18-10-03): Cisco 產品多個漏洞


 

發布日期: 2018年 10月 4日

  
  

描述:

Cisco發布了安全公告以應對發現於Cisco ASA (Adaptive Security Appliance)軟件及FTD (Firepower Threat Defense)軟件中的多個漏洞。攻擊者可以向受影響系統發出特製的指令、封包、傳送流(traffic stream)或檔案從而攻擊這些漏洞。

 

受影響的系統:

運行受影響ASA軟件或FTB軟件的Cisco產品,包括:

  • 3000 Series Industrial Security Appliances (ISAs)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA 5506-X with FirePOWER Services
  • ASA 5506H-X with FirePOWER Services
  • ASA 5506W-X with FirePOWER Services
  • ASA 5508-X with FirePOWER Services
  • ASA 5516-X with FirePOWER Services
  • Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls
  • Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
  • Adaptive Security Appliance (ASA) Software Releases 9.6.4, 9.8.2, and 9.9.1
  • Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances
  • Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances
  • FirePOWER 7000 Series Appliances
  • FirePOWER 8000 Series Appliances
  • FirePOWER Threat Defense for Integrated Services Routers (ISRs)
  • Firepower 2100 Series Security Appliances
  • Firepower 4100 Series Security Appliances
  • Firepower 9300 ASA Security Module
  • Firepower 9300 Series Security Appliances
  • Firepower Management Center
  • Firepower Threat Defense
  • Firepower Threat Defense (FTD) Software Release 6.2.2
  • Firepower Threat Defense Virtual (FTDv)
  • Industrial Ethernet 3000 Series Switches
  • Next-Generation Intrusion Prevention System (NGIPS)
  • Virtual Next-Generation Intrusion Prevention System (NGIPSv)

以上僅為一些受影響系統的例子而並不包括所有受影響的產。有關受影響系統:的詳細資料,請參閱供應商網站的相應安全公告中有關“Affected Products”的部分。

用戶可聯絡其產品支援供應商,以取得修補程式及有關支援。

 

影響:

成功利用這些漏洞可以導致在受影響系統繞過保安措施、權限提升、服務受阻斷或重啓受影響的系統。

 

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software” 的部分。

用戶可聯絡其產品支援供應商,以取得修補程式及有關支援。

 

進一步資訊:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-acl-bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-ipsec-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-syslog-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-cmd-injection
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos
https://www.hkcert.org/my_url/zh/alert/18100401
https://www.us-cert.gov/ncas/current-activity/2018/10/03/Cisco-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15399

 



標籤 : Cisco , Cisco ISA , Cisco ASA , Cisco AMP , Cisco Firepower , Cisco NGIPS , Cisco NGIPSv
標籤