1. 主頁
  2. 保安警報
  3. 保安警報 (A21-02-02)

保安警報 (A21-02-02): Cisco產品多個漏洞


 

發布日期: 2021年 2月 8日

  
  

描述:

Cisco 發布了安全公告以應對發現於 Cisco 產品中運行 Cisco IOS XR、NX-OS、UCS Central software 及 Cisco Small Business RV 系列路由器的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。

受影響的系統:

  • Cisco 運行 Cisco FXOS Software 的產品
  • Cisco 運行 Cisco Adaptive Security Appliance (ASA) Software 的產品
  • Cisco 運行 Firepower Threat Defense (FTD) Software 的產品
  • Cisco 運行 Cisco Firepower Management Center (FMC) Software 的產品

有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關“Affected Products”的部分。

影響:

成功利用這些漏洞可以在受影響的系統導致執行任意程式碼、任意插入指令碼、服務受阻斷、泄漏資訊、權限提升及繞過保安限制。

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software” 的部分。

系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。

進一步資訊:

  • https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20210205
  • https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-filewrite-7x9mnKjn
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-ghZP68yj
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-BY4c5zd
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pe-QpzCAePe
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-msx-dos-4j7sytvU
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1128
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1136
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1243
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1244
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1268
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1288 (to CVE-2021-1297)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1313 (to CVE-2021-1348)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1354
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1370
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1389


標籤 : Cisco , Cisco IOS , Cisco NX-OS , Cisco UCS , Cisco Router
標籤