1. 主頁
  2. 保安警報
  3. 保安警報 (A22-09-19)

保安警報 (A22-09-19): Cisco 產品多個漏洞


 

發布日期: 2022年 9月 29日

  
  

描述:

Cisco 發布了安全公告,以應對 Cisco 裝置及軟件中的多個漏洞。有關漏洞及攻擊向量的資料,請參閱供應商網站的相應安全公告。

 

受影響的系統:

  • Cisco Catalyst 9100 Series Access Points
  • Cisco Duo for macOS
  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cisco IOS XE ROM Monitor Software
  • Cisco IOS XE Wireless Controller Software
  • Cisco SD-WAN Software
  • Cisco Software-Defined Application Visibility and Control on Cisco vManage
  • Cisco Wireless LAN Controller AireOS Software

有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。

 

影響:

成功利用漏洞可以在受影響的系統導致執行任意程式碼、插入任意指令碼、服務被拒絕、泄漏資訊、權限提升、繞過保安限制或篡改,視乎攻擊者利用哪些漏洞而定。

 

建議:

現已有適用於受影響系統的軟件更新。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。有關修補程式的詳細資料,請參閱供應商網站的相應安全公告中有關 “Fixed Software”的部分。

系統管理員可聯絡其產品支援供應商,以取得修補程式及有關支援。

 

進一步資訊:

  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-alg-dos-KU9Z8kFX
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-EgVqtON8
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-mob-dos-342YAc6J
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cwlc-snmpidv-rnyyQzUZ
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-macOS-bypass-uKZNpXE6
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cip-dos-9rTbKLt9
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-mpls-dos-Ab4OUL3
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-avc-NddSGB8
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssh-excpt-dos-FzOBQTnk
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dhcp-dos-76pCjPxK
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-mKGRrsCB
  • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-udp-dos-XDyEwhNz
  • https://www.hkcert.org/tc/security-bulletin/cisco-products-multiple-vulnerabilities_20220929
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20662
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20769
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20775
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20810
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20818
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20830
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20837
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20844
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20847 (to CVE-2022-20848)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20850 (to CVE-2022-20851)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20855 (to CVE-2022-20856)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20864
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20870
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20915
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20919 (to CVE-2022-20920)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20930
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20944 (to CVE-2022-20945)


標籤 : Cisco , Cisco Catalyst AP , Cisco Duo , Cisco IOS , Cisco SD-WAN , Cisco SD-AVC , Cisco Wireless LAN Controller
標籤