複数の Cisco 製品に脆弱性

最終更新日: 2019/09/04

情報源

US-CERT Current Activity
Cisco Releases Security Updates for Multiple Products
https://www.us-cert.gov/ncas/current-activity/2019/08/29/cisco-releases-security-updates-multiple-products

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、認証を回避したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。
影響度 Critical および High の脆弱性情報の対象となる製品は次のとおりです。

– Cisco 4000 Series Integrated Services Routers
– Cisco ASR 1000 Series Aggregation Services Routers
– Cisco Cloud Services Router 1000V Series
– Cisco Integrated Services Virtual Router
– Firepower 4100 Series
– Firepower 9300 Security Appliances
– MDS 9000 Series Multilayer Switches
– Nexus 1000 Virtual Edge for VMware vSphere
– Nexus 1000V Switch for Microsoft Hyper-V
– Nexus 1000V Switch for VMware vSphere
– Nexus 3000 Series Switches
– Nexus 3500 Platform Switches
– Nexus 3600 Platform Switches
– Nexus 5500 Platform Switches
– Nexus 5600 Platform Switches
– Nexus 6000 Series Switches
– Nexus 7000 Series Switches
– Nexus 7700 Series Switches
– Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
– Nexus 9000 Series Switches in standalone NX-OS mode
– Nexus 9500 R-Series Switching Platform
– UCS 6200 Series Fabric Interconnects
– UCS 6300 Series Fabric Interconnects
– UCS 6400 Series Fabric Interconnects

※上記製品以外にも、影響度 Medium の複数の脆弱性情報が公開されています。これらの対象製品の情報は、Cisco が提供するアドバイザリ情報を参照してください。
この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書(英語)

Cisco Security Advisory

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

Cisco Security Advisory

Cisco NX-OS Software Cisco Fabric Services over IP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

Cisco Security Advisory

Cisco FXOS and NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

Cisco Security Advisory

Cisco NX-OS Software IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos

Cisco Security Advisory

Cisco NX-OS Software Remote Management Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

Cisco Security Advisory

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation

 

引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-09-04」
https://www.jpcert.or.jp/wr/2019/wr193401.html