複数の Cisco 製品に脆弱性

最終更新日: 2019/10/09

情報源

US-CERT Current Activity
Cisco Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2019/10/03/cisco-releases-security-updates

概要

複数の Cisco 製品には、脆弱性があります。結果として、遠隔の第三者が、任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりするなどの可能性があります。
影響度 High の脆弱性情報の対象となる製品は次のとおりです。

– Cisco ASA Software
– Cisco FTD Software
– Cisco FMC Software
– Cisco FXOS Software
– Cisco Unified Communications Manager
– Cisco Unified Communications Manager SME
– Cisco Unified CM IM&P Service
– Cisco Unity Connection

※製品によって、影響を受ける条件が異なります。また、上記製品以外にも、影響度 Medium や Informational の脆弱性情報、アドバイザリが公開されています。詳細は、Cisco が提供する情報を参照してください。
この問題は、該当する製品を Cisco が提供する修正済みのバージョンに更新するか、パッチを適用することで解決します。詳細は、Cisco が提供する情報を参照してください。

関連文書(英語)

Cisco Event Response Page

Cisco Event Response: October 2019 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72541

Cisco Security Advisory

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-dos

Cisco Security Advisory

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-ikev1-dos

Cisco Security Advisory

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF LSA Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ospf-lsa-dos

Cisco Security Advisory

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SIP Inspection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ftd-sip-dos

Cisco Security Advisory

Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos

Cisco Security Advisory

Cisco Firepower Management Center Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-com-inj

Cisco Security Advisory

Cisco Firepower Management Center Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce

Cisco Security Advisory

Cisco Firepower Management Center Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-rce-12689

Cisco Security Advisory

Cisco Firepower Management Center SQL Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fmc-sql-inj

Cisco Security Advisory

Cisco Firepower Threat Defense Software Multi-instance Container Escape Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-container-esc

Cisco Security Advisory

Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-fxos-cmd-inject

Cisco Security Advisory

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ftd-fpmc-dos

Cisco Security Advisory

Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf

 

引用元:JPCERTコーディネーションセンター
「JPCERT/CC WEEKLY REPORT 2019-10-09」
https://www.jpcert.or.jp/wr/2019/wr193901.html