複数の Cisco 製品に脆弱性

最終更新日: 2019/06/14

情報源

US-CERT Current Activity
Cisco Releases Security Updates for Multiple Products
https://www.us-cert.gov/ncas/current-activity/2019/06/05/Cisco-Releases-Security-Updates-Multiple-Products

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。
対象となる製品は次のとおりです。

– Cisco Industrial Network Director
– Cisco Unified Communications Manager IM&P Service
– Cisco TelePresence Video Communication Server
– Cisco Expressway Series software
– Cisco Webex Meetings Server
– UCS C125 M5 Rack Server Node
– UCS C220 M4 Rack Server
– UCS C220 M5 Rack Server
– UCS C240 M4 Rack Server
– UCS C240 M5 Rack Server
– UCS C460 M4 Rack Server
– UCS C480 M5 Rack Server
– SSH server 機能が有効になっている Cisco IOS XR Software
– Cisco Enterprise Chat and Email (ECE) Center

この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書 (英語)

Cisco
Cisco Industrial Network Director Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce

Cisco

Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos

Cisco

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs

Cisco

Cisco Webex Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-webexmeetings-id

Cisco

Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-vcs

Cisco

Cisco Webex Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-webexmeetings-id

Cisco

Cisco Unified Computing System BIOS Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ucs-biossig-bypass

Cisco

Cisco IOS XR Software Secure Shell Authentication Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-iosxr-ssh

Cisco

Cisco Industrial Network Director Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-xss

Cisco

Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-csrf

Cisco

Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss

 

引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-06-12」
https://www.jpcert.or.jp/wr/2019/wr192201.html