保安警報 (A21-11-05): Cisco 產品多個漏洞

描述:

Cisco 發布了安全公告以應對發現於 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料，請參閱供應商網站的相應安全公告。

受影響的系統:

• Cisco AnyConnect Secure Mobility Client for Windows
• Cisco Catalyst PON Series Switches Optical Network Terminal
• Cisco Common Services Platform Collector
• Cisco Email Security Appliance
• Cisco Policy Suite
• Cisco Prime Access Registrar
• Cisco Prime Infrastructure and Evolved Programmable Network Manager
• Cisco Small Business RV Series Routers
• Cisco Small Business Series Switches
• Cisco Webex Video Mesh Software
• Cisco Unified Communications

有關受影響產品的詳細資料，請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。

影響:

成功利用這些漏洞可以在受影響的系統導致遠端執行程式碼、插入任意指令碼、跨網址程式編程、跨網址請求偽造、服務受阻斷、泄漏資訊、權限提升、繞過保安限制、篡改、仿冒詐騙或完全控制受影響的系統，視乎攻擊者利用哪些漏洞而定。

建議:

適用於受影響系統的軟件更新已可獲取。受影響系統的系統管理員應遵從產品供應商的建議，立即採取行動以降低風險。有關修補程式的詳細資料，請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。

系統管理員可聯絡其產品支援供應商，以取得修補程式及有關支援。

進一步資訊:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT
• https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20211104
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1500
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34701
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34731
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34739
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34741
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34773
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34774
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34784
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34795
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40112
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40113
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40115
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40120
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40124
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40126 (to CVE-2021-40128)