情報源
Cisco Releases Security Updates for Multiple Products
https://www.us-cert.gov/ncas/current-activity/2019/05/15/Cisco-Releases-Multiple-Security-Updates
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2019/05/13/Cisco-Releases-Security-Updates
Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input
https://www.kb.cert.org/vuls/id/400865/
Cisco トラストアンカーモジュール (TAm) におけるコード検証不備および Cisco IOS XE Web UI におけるユーザ入力検証不備の脆弱性
https://jvn.jp/vu/JVNVU97735735/
概要
す。 (cisco-sa-20190513-securebootを除く)
– Nexus 1000V Switch for Microsoft Hyper-V
– Nexus 1000V Switch for VMware vSphere
– Nexus 3000 Series Switches
– Nexus 3500 Platform Switches
– Nexus 5500 Platform Switches
– Nexus 5600 Platform Switches
– Nexus 6000 Series Switches
– Nexus 7000 Series Switches
– Nexus 7700 Series Switches
– Nexus 9000 Series Switches in standalone NX-OS mode
– Nexus 9500 R-Series Switching Platform
– Cisco Prime Infrastructure
– Cisco Evolved Programmable Network Manager
– Cisco Aggregation Services Router (ASR) 9000 Series
– Cisco Webex Business Suite sites
– Cisco Webex Meetings Online
– Cisco Webex Meetings Server
– Small Business Sx200 Series Managed Switches
– Small Business Sx300 Series Managed Switches
– Small Business Sx500 Series Managed Switches
– Small Business ESW2 Series Managed Switches
– Small Business Sx250 Series Switches
– Small Business Sx350 Series Switches
– Small Business Sx550 Series Switches
– BGP MPLS-based EVI を使用している Cisco IOS XR Software
– HTTPサーバ機能を有効にしている Cisco IOS XE Software
– Cisco Video Surveillance Manager
また、上記製品以外にも、影響度 Medium および Informational の複数の脆弱性情報が公開されています。これらの対象製品の情報は、Cisco が提供するアドバイザリ情報を参照してください。
関連文書 (英語)
Cisco Security Advisory
Cisco Secure Boot Hardware Tampering Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-snmp-dos
Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-mpls-dos
Cisco Webex Network Recording Player Arbitrary Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-webex-player
Cisco Small Business Series Switches Simple Network Management Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-sb-snmpdos
Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject
Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-iosxr-evpn-dos
Cisco Video Surveillance Manager Web-Based Management Interface Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cvsm
Cisco IOS XE Software Web UI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui
引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-05-22」
https://www.jpcert.or.jp/wr/2019/wr191901.html