複数の Cisco 製品に脆弱性 – 情報教育センター

最終更新日: 2016/09/23

●情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2016/09/15/Cisco-Releases-Security-Updates
US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2016/09/16/Cisco-Releases-Security-Updates

●概要

　複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったり、ユーザのブラウザ上で任意のスクリプトを実行したりするなどの可能性があります。

対象となる製品およびバージョンは以下の通りです。

– Cisco Web Security Appliance

– Cisco WebEx Meetings Server 2.6

– Cisco Unified Computing System (UCS) Manager

– Cisco Fog Director for IOx

– Cisco UCS 6200 Series Fabric Interconnects

– Cisco NCS 6000 Series の Cisco IOS XR Software (64 ビット版)

– IOx feature set が有効な Cisco IOS

– IOx feature set が有効な IOS XE Software

– CRS-1 の Cisco CRS Carrier Grade Service

– CRS-3 の Cisco CRS Carrier Grade Service

– Cisco IOS XR 4.3.x

– Cisco IOS XR 5.0.x

– Cisco IOS XR 5.1.x

– Cisco IOS XR 5.2.x

この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

●関連文書（英語）

Cisco Security Advisory
Cisco Web Security Appliance HTTP Load Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wsa
Cisco Security Advisory
Cisco WebEx Meetings Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wms
Cisco Security Advisory
Cisco WebEx Meetings Server Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Cisco Security Advisory
Cisco Unified Computing System Command Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs
Cisco Security Advisory
Cisco Fog Director for IOx Arbitrary File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ioxfd
Cisco Security Advisory
Cisco IOS XR Software for NCS 6000 Series Devices OSPF Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-iosxr
Cisco Security Advisory
Cisco IOS and IOS XE Software Data in Motion Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios-xe
Cisco Security Advisory
Cisco IOS and IOS XE Software IOx Local Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ios
Cisco Security Advisory
Cisco Carrier Routing System IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-crs
Cisco Security Advisory
IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

引用元：JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2016-09-23」
https://www.jpcert.or.jp/wr/2016/wr163701.html