複数の Cisco 製品に脆弱性 – 情報教育センター

最終更新日: 2017/11/08

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2017/11/01/Cisco-Releases-Security-Updates

US-CERT Current Activity

Cisco Releases Security Update for IOS XE Software
https://www.us-cert.gov/ncas/current-activity/2017/11/03/Cisco-Releases-Security-Update-IOS-XE-Software

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。

対象となる製品およびバージョンは次のとおりです。

– iOS 11.1 より前のバージョン
– Safari 11.0.1 より前のバージョン
– tvOS 11.1 より前のバージョン
– watchOS 4.1 より前のバージョン
– iTunes 12.7.1 for Windows より前のバージョン
– iCloud for Windows 7.1 より前のバージョン
– macOS High Sierra 10.13.1 より前のバージョン
– macOS Sierra
– OS X El Capitan

この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書（英語）

Cisco Security Advisory

Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2

Cisco Security Advisory

Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1

Cisco Security Advisory

Cisco Identity Services Engine Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise

Cisco Security Advisory

Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr

Cisco Security Advisory

Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp

Cisco Security Advisory

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem

Cisco Security Advisory

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2

Cisco Security Advisory

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1

Cisco Security Advisory

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp

引用元：JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2017-11-08」
https://www.jpcert.or.jp/wr/2017/wr174301.html