複数の Cisco 製品に脆弱性 – 情報教育センター

最終更新日: 2016/09/08

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2016/08/31/Cisco-Releases-Security-Updates

概要

　複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったり、ユーザのブラウザ上で任意のスクリプトを実行したりするなどの可能性があります。

　対象となる製品およびバージョンは以下の通りです。

– Cisco Wireless LAN Controller 8.0.140.0 より前のバージョン

– Cisco Wireless LAN Controller 8.2.121.0 より前のバージョン
– Cisco Wireless LAN Controller 8.3.102.0 より前のバージョン
– Cisco WebEx Meetings Player T29.10 for WRF files
– Media Origination System Suite Software 2.6 およびそれ以前が稼働している Cisco Virtual Media Packager (VMP)
– Cisco Small Business 220 Series Smart Plus (Sx220) Switch ファームウェアバージョン 1.0.0.17
– Cisco Small Business 220 Series Smart Plus (Sx220) Switch ファームウェアバージョン 1.0.0.18
– Cisco Small Business 220 Series Smart Plus (Sx220) Switch ファームウェアバージョン 1.0.0.19
– Cisco Small Business SPA300 Series IP Phone ファームウェアバージョン 7.5.7(6) およびそれ以前
– Cisco Small Business SPA500 Series IP Phone ファームウェアバージョン 7.5.7(6) およびそれ以前
– Cisco Small Business SPA51x IP Phone ファームウェアバージョン 7.5.7(6) およびそれ以前
– Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) およびそれ以前

　この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書（英語）

Cisco Security Advisory
Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2
Cisco Security Advisory
Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1
Cisco Security Advisory
Cisco WebEx Meetings Player Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-webex
Cisco Security Advisory
Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-vmp
Cisco Security Advisory
Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps3
Cisco Security Advisory
Cisco Small Business 220 Series Smart Plus Switches Web Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps2
Cisco Security Advisory
Cisco Small Business 220 Series Smart Plus Switches Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps1
Cisco Security Advisory
Cisco Small Business 220 Series Smart Plus Switches Web Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-sps
Cisco Security Advisory
Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa
Cisco Security Advisory
Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player
Cisco Security Advisory
Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf
Cisco Security Advisory
Cisco Hosted Collaboration Mediation Fulfillment Authenticated Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcm

引用元：JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2016-09-07」
https://www.jpcert.or.jp/wr/2016/wr163501.html