政府電腦保安事故協調中心 - 保安警報 (A19-05-01): Cisco 產品多個漏洞

描述:

Cisco發布了安全公告以應對發現於Cisco ASA軟件及Cisco FTD軟件中的多個漏洞。一些漏洞由處理VPN連接的安全斷言標記語言(SAML)2.0單一登入(SSO)中的加密碰撞(cryptographic collision)和執行錯誤所引起。攻擊者可以向受影響系統發出特製的查詢、封包、傳送流(traffic stream)或對話建立，或誘使用戶開啟惡意網頁，從而攻擊這些漏洞。

受影響的系統:

運行受影響ASA軟件或FTB軟件的Cisco產品，包括:

3000 Series Industrial Security Appliances (ISAs)
Adaptive Security Appliance (ASA) 1000V Cloud Firewall
Adaptive Security Appliance (ASA) 5500-X Series Firewalls
Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
Adaptive Security Virtual Appliance (ASAv)
ASA 1000V Cloud Firewall
ASA 5500 Series Adaptive Security Appliances
ASA 5500-X Series Firewalls
ASA 5505 Adaptive Security Appliance
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Firepower 2100 Series
Firepower 4100 Series
Firepower 9300 ASA Security Module
Firepower 9300 Security Appliances
Firepower Threat Defense Virtual

以上僅為一些受影響系統的例子而並不包括所有受影響的產品。有關受影響系統的詳細資料，請參閱供應商網站的相應安全公告中有關“Affected Products”的部分。

影響:

成功利用這些漏洞的攻擊者可以在受影響的系統引致繞過VPN認證、跨網址請求偽造攻擊、跨網址程式編程攻擊、權限提升、阻斷服務或系統重啓。

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。有關修補程式的詳細資料，請參閱供應商網站的相應安全公告中有關 “Fixed Software” 的部分。

用戶可聯絡其產品支援供應商，以取得修補程式及有關支援。

進一步資訊:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-csrf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-frpwrtd-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-entropy
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-ike-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftd-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftds-ldapdos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftdtcp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-vpn-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asaftd-saml-vpn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-firepower-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-cmd-inj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-ftd-cmd-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-sd-cpu-dos
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1687
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1693
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1694 (to CVE-2019-1697)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1703 (to CVE-2019-1706)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1713 (to CVE-2019-1715)

標籤 : Cisco , Cisco ISA , Cisco ASA , Cisco ASAv , Cisco Firepower , Cisco FTDv , Cisco FTD