複数の Cisco 製品に脆弱性 – 情報教育センター

最終更新日: 2016/10/05

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2016/09/28/Cisco-Releases-Security-Updates

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意の SQL 文を実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。

対象となる製品およびバージョンは以下の通りです。

– Cisco Email Security Appliance (ESA) 9.1.2-023
– Cisco Email Security Appliance (ESA) 9.1.2-028
– Cisco Email Security Appliance (ESA) 9.1.2-036
– Cisco Email Security Appliance (ESA) 9.7.2-046
– Cisco Email Security Appliance (ESA) 9.7.2-047
– Cisco Email Security Appliance (ESA) 9.7-2-054
– Cisco Email Security Appliance (ESA) 10.0.0-124
– Cisco Email Security Appliance (ESA) 10.0.0-125
– Cisco IOS Software
– Cisco IOS XE Software
– Cisco Firepower Management Center

この問題は、該当する製品を、Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書 (英語)

Cisco Security Advisory
Cisco Email Security Appliance Internal Testing Interface Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa

Cisco Security Advisory

Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-smi

Cisco Security Advisory

Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-msdp

Cisco Security Advisory

Cisco IOS and IOS XE Software IP Detail Record Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ipdr

Cisco Security Advisory

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-ios-ikev1

Cisco Security Advisory

Cisco IOS and IOS XE Software H.323 Message Validation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-h323

Cisco Security Advisory

Cisco IOS XE Software IP Fragment Reassembly Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-frag

Cisco Security Advisory

Cisco Firepower Management Center SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fpmc

Cisco Security Advisory

Cisco Firepower Management Center Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-fmc1

Cisco Security Advisory

Cisco IOS XE Software NAT Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-esp-nat

Cisco Security Advisory

Cisco IOS and IOS XE Software DNS Forwarder Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-dns

Cisco Security Advisory

Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-cip

Cisco Security Advisory

Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160928-aaados

引用元：JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2016-10-05」
https://www.jpcert.or.jp/wr/2016/wr163901.htm