1. 主頁
  2. 保安警報
  3. 保安警報 (A22-04-21)

保安警報 (A22-04-21): Cisco 產品多個漏洞


 

發布日期: 2022年 4月 21日

  
  

描述:

Cisco 發布了安全公告,以應對發現於 Cisco 裝置及軟件的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。

 

受影響的系統:

  • Cisco Adaptive Security Appliance Software
  • Cisco Firepower Threat Defense Software
  • Cisco RoomOS Software
  • Cisco TelePresence Collaboration Endpoint Software
  • Cisco Umbrella Secure Web Gateway
  • Cisco Umbrella Virtual Appliance
  • Cisco Unified Communications Products
  • Cisco Virtualized Infrastructure Manager
  • Cisco Webex Meetings

有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。

 

影響:

成功利用這些漏洞可以在受影響的系統導致插入任意指令碼、跨網站程式編程、跨網站請求偽造、服務被拒絕、泄漏資訊、權限提升、繞過保安限制或篡改,視乎攻擊者利用哪些漏洞而定。

 

建議:

現已有適用於受影響系統的軟件更新。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中“Fixed Software” 的部分。

系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。

 

進一步資訊:

  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ce-roomos-dos-c65x2Qf2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uswg-fdbps-xtTRKpp6
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vim-privesc-T2tsFUf
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vpndtls-dos-TunzLEV
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-w47AMqAk
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20732
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20773
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20778
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20783
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20786 (to CVE-2022-20790)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20804
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20805


標籤 : Cisco , Cisco ASA , Cisco FTD , Cisco RoomOS , Cisco TelePresence Collaboration Endpoint , Cisco Umbrella , Cisco Unified Communications , Cisco Virtualized Infrastructure Manager , Cisco Webex
標籤