複数の Cisco 製品に脆弱性 – 情報教育センター

最終更新日: 2020/01/29

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2020/01/23/cisco-releases-security-updates

US-CERT Current Activity

Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2020/01/24/cisco-releases-security-updates

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコマンドを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。

影響度 Critical および High の脆弱性情報の対象となる製品は次のとおりです。

– Cisco Firepower Management Center Software
– Cisco TelePresence Collaboration Endpoint Software
– Cisco TelePresence Codec Software
– Cisco RoomOS Software
– Cisco IOS XE SD-WAN Software
– Cisco SD-WAN Solution vManage Software
– Cisco Smart Software Manager On-Prem
– Cisco IOS XR Software
– Cisco Webex Meetings Suite sites
– Cisco Webex Meetings Online sites

※製品によって、影響を受ける条件が異なります。また、上記製品以外にも、影響度 Medium の複数の脆弱性情報が公開されています。詳細は、Cisco が提供する情報を参照してください。

この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書（英語）

Cisco Security Advisory

Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth

Cisco Security Advisory

Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telepresence-path-tr-wdrnYEZZ

Cisco Security Advisory

Cisco IOS XE SD-WAN Software Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-cred-EVGSF259

Cisco Security Advisory

Cisco SD-WAN Solution Local Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc

Cisco Security Advisory

Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos

Cisco Security Advisory

Cisco IOS XR Software BGP EVPN Operational Routes Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes

Cisco Security Advisory

Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn

Cisco Security Advisory

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos

Cisco Security Advisory

Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin

引用元：JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2020-01-29」
https://www.jpcert.or.jp/wr/2020/wr200401.html