複数の Cisco 製品に脆弱性

最終更新日: 2019/06/27

情報源

US-CERT Current Activity
Cisco Releases Security Updates for Multiple Products
https://www.us-cert.gov/ncas/current-activity/2019/06/19/Cisco-Releases-Security-Updates-Multiple-Products

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、root 権限でコマンドを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。
影響度 Critical および High の脆弱性情報の対象となる製品は次のとおりです。

– Cisco vBond Orchestrator Software
– Cisco vEdge 100 Series Routers
– Cisco vEdge 1000 Series Routers
– Cisco vEdge 2000 Series Routers
– Cisco vEdge 5000 Series Routers
– Cisco vEdge Cloud Router Platform
– Cisco vManage Network Management Software
– Cisco vSmart Controller Software
– Cisco DNA Center Software
– Cisco TelePresence Integrator C Series
– Cisco TelePresence EX Series
– Cisco TelePresence MX Series
– Cisco TelePresence SX Series
– Cisco Webex Room Series
– Cisco Virtualized Packet Core-Single Instance
– Cisco Virtualized Packet Core-Distributed Instance
– Cisco RV110W Wireless-N VPN Firewall
– Cisco RV130W Wireless-N Multifunction VPN Router
– Cisco RV215W Wireless-N VPN Router
– Cisco Prime Service Catalog Software
– Cisco Meeting Server

※上記製品以外にも、影響度 Medium の複数の脆弱性情報が公開されています。これらの対象製品の情報は、Cisco が提供するアドバイザリ情報を参照してください。
この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新したり、回避策を適用したりすることで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書(英語)

Cisco Security Advisory
Cisco SD-WAN Solution Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privesca

Cisco Security Advisory

Cisco DNA Center Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-dnac-bypass

Cisco Security Advisory

Cisco TelePresence Endpoint Command Shell Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-tele-shell-inj

Cisco Security Advisory

Cisco StarOS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-staros-asr-dos

Cisco Security Advisory

Cisco SD-WAN Solution Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-privilescal

Cisco Security Advisory

Cisco SD-WAN Solution Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-sdwan-cmdinj

Cisco Security Advisory

Cisco RV110W, RV130W, and RV215W Routers Management Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rvrouters-dos

Cisco Security Advisory

Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-psc-csrf

Cisco Security Advisory

Cisco Meeting Server CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-cms-codex

 

引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-06-26」
https://www.jpcert.or.jp/wr/2019/wr192401.html