保安警報 (A21-05-05): Cisco 產品多個漏洞

描述:

Cisco 發布了安全公告以應對發現於 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料，請參閱供應商網站的相應安全公告。

受影響的系統:

• Cisco AnyConnect Secure Mobility Client for Windows
• Cisco BroadWorks Messaging Server software
• Cisco Content Security Management Appliance
• Cisco Enterprise NFV Infrastructure Software
• Cisco HyperFlex HX
• Cisco HyperFlex HX Data Platform
• Cisco Integrated Management Controller
• Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers
• Cisco SD-WAN Software
• Cisco SD-WAN vEdge
• Cisco SD-WAN vManage
• Cisco Small Business 100, 300, and 500 Series Wireless Access Points
• Cisco TelePresence Collaboration Endpoint
• Cisco Unified Communications Manager IM & Presence Service
• Cisco Video Surveillance 8000 Series IP Cameras
• Cisco Web Security Appliance
• Cisco Webex Meetings Desktop App for Windows
• Cisco Wide Area Application Services

有關受影響產品的詳細資料，請參閱供應商網站的相應安全公告中有關“Affected Products”的部分。

影響:

成功利用這些漏洞可以在受影響的系統導致插入任意指令碼、執行任意程式碼、跨網站指令碼、緩衝區滿溢、服務受阻斷、泄漏資訊、繞過保安限制、插入SQL、數據篡改、權限提升或完全控制受影響的系統，視乎攻擊者利用哪些漏洞而定。

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議，立即採取行動以降低風險。有關修補程式的詳細資料，請參閱供應商網站的相應安全公告中有關 “Fixed Software” 的部分。

系統管理員可聯絡其產品支援供應商，以取得修補程式及有關支援。

進一步資訊:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-AggMUCDg
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bwms-xxe-uSLrZgKs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imc-openred-zAYrU6d2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-fc3F6LzT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-9VZO4gfU
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-QVszVUPy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-priv-esc-JJ8zxQsC
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tp-rmos-fileread-pE9sL3g
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-eN75jxtW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-infdisc-Twb4EypK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-client-NBmqM9vt
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3347
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1234
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1284
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1363
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1365
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1397
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1400
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1401
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1421
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1426 (to CVE-2021-1430)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1438
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1447
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1468
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1478
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1486
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1490
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1496 (to CVE-2021-1499)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1505 (to CVE-2021-1516)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1519 (to CVE-2021-1521)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1530
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1532
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1535