Cisco 發布了十個安全公告,以應對發現於 Cisco IOS 及 IOS XE軟件中的漏洞。未通過認證的遠端攻擊者可以利用有關功能或規約來攻擊這些漏洞,包括通用工業協定 (CIP) 功能,以Secure Shell Host (SSH) 遙距登入認證、授權、計帳(AAA)服務,H.323服務協議,互聯網密碼匙交換第一版本(IKEv1)分段碼,網路協定細目紀錄 (IPDR) ,IPv4 組播源發現協議,IPv6協議無關組播(PIM) ,Smart Install client功能和網絡地址轉換 (NAT) 。
關於受影響產品的詳細資料,請參閱供應商網站相關安全公告中 “Affected Products” 的部分:
01. Cisco IOS 軟件通用工業協定請求的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
02. Cisco IOS 與 IOS XE 軟件AAA Login登入的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
03. Cisco IOS 與 IOS XE 軟件 DNS Forwarder 的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
04. Cisco IOS 與 IOS XE 軟件H.323信息核實的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
05. Cisco IOS 與 IOS XE 軟件互聯網密碼匙交換第一版本分段碼的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
06. Cisco IOS 與 IOS XE 軟件中組播源發現協議的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
07. Cisco IOS 與 IOS XE 軟件Multicast Routing的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
08. Cisco IOS 與 IOS XE 軟件 Smart Install 記憶體洩漏漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
09. Cisco IOS XE軟件IP 分段復合的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
10. Cisco IOS XE軟件NAT 的服務受阻斷漏洞
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
成功利用這些漏洞可以導致服務受阻斷,損毀、讀取或泄漏記憶體內容,終止程式執行或重新啓動裝置,視乎攻擊者利用哪個漏洞而定。
適用於受影響系統的修補程式已可獲取。受影響系統的用戶應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Obtaining Fixed Software” 的部分。
用戶可聯絡其產品支援供應商,以取得修補程式及有關支援。
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-56513
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi
https://www.hkcert.org/my_url/zh/alert/16092902
https://www.us-cert.gov/ncas/current-activity/2016/09/28/Cisco-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6378 (to CVE-6386)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6391 (to CVE-6393)