複数の Cisco 製品に脆弱性

最終更新日: 2019/11/13

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2019/11/07/cisco-releases-security-updates

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。
影響度 Critical および High の脆弱性情報の対象となる製品は次のとおりです。

– Cisco Prime Infrastructure (PI) Software
– Cisco Evolved Programmable Network Manager (EPNM)
– Cisco Small Business RV Series の次の製品

・Cisco RV042 Dual WAN VPN Router
・Cisco RV042G Dual Gigabit WAN VPN Router
・Cisco RV320 Dual Gigabit WAN VPN Router
・Cisco RV325 Dual Gigabit WAN VPN Router

– Cisco RoomOS Software
– Cisco TelePresence Collaboration Endpoint (CE) Software
– Cisco TelePresence Codec (TC) Software
– Cisco Webex Network Recording Player for Microsoft Windows
– Cisco Webex Player for Microsoft Windows
– Cisco Wireless LAN Controllers
– Cisco Web Security Appliance (WSA)

※上記以外にも、影響度 Medium や Informational の脆弱性情報、アドバイザリが公開されています。詳細は、Cisco が提供する情報を参照してください。
なお、既にソフトウェアメンテナンスが終了している Cisco RV016 Multi-WAN VPN Router、Cisco RV082 Dual WAN VPN Router も影響を受けるとのことです。
この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書(英語)

Cisco Security Advisory

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex

Cisco Security Advisory

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbr-cominj

Cisco Security Advisory

Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-dos

Cisco Security Advisory

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-telepres-roomos-privesc

Cisco Security Advisory

Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player

Cisco Security Advisory

Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos

Cisco Security Advisory

Cisco Web Security Appliance Unauthorized Device Reset Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wsa-unauth-devreset

Cisco Security

Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x

 

引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-11-13」
https://www.jpcert.or.jp/wr/2019/wr194401.html