保安警報 (A21-10-06): Cisco 產品多個漏洞

描述:

Cisco 發布了安全公告以應對發現於 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料，請參閱供應商網站的相應安全公告。

受影響的系統:

• Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module
• Cisco ATA 190 Series Analog Telephone Adapter Software
• Cisco Business 220 Series Smart Switches
• Cisco DNA Center
• Cisco Email Security Appliance
• Cisco Identity Services Engine
• Cisco Intersight Virtual Appliance
• Cisco IP Phone Software
• Cisco Orbital
• Cisco RoomOS Software
• Cisco Small Business 220 Series Smart Switches
• Cisco Smart Software Manager On-Prem
• Cisco TelePresence Collaboration Endpoint Software
• Cisco Vision Dynamic Signage Director
• Cisco Web Security Appliance

有關受影響產品的詳細資料，請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。 

影響:

成功利用這些漏洞可以在受影響的系統導致遠端執行程式碼、插入任意指令碼、跨網址程式編程、服務受阻斷、泄漏資訊、權限提升、繞過保安限制或仿冒詐騙，視乎攻擊者利用哪些漏洞而定。

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議，立即採取行動以降低風險。有關修補程式的詳細資料，請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。

系統管理員可聯絡其產品支援供應商，以取得修補程式及有關支援。

進一步資訊:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-redirect-rQ2Bu7dU
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-xss-fvdj6HK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-KyC6YncS
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-sGcfsDrp
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-V4VSjEsX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk
• https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20211007
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1534
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1594
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34698
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34702
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34706
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34710
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34711
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34735
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34742
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34744
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34748
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34757
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34758
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34766
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34772
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34775 (to CVE-2021-34777)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34782
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34788