SK-CERT Bezpečnostné varovanie V20190424-01

Dôležitosť Kritická
Klasifikácia Neutajované/TLP WHITE
CVSS Skóre
 9.8
Identifikátor
Cisco zariadenia viacero zraniteľností
Popis
Spoločnosť Cisco vydala aktualizácie na viacero svojich produktov ktoré opravuju bezpečnostné zraniteľnosti.
Najzávažnejšie z týchto zraniteľností umožňujú vzdialenému neautentifikovanému útočníkovi vykonať škodlivý kód s následkom úplného narušenia dôvernosti, integrity a dostupnosti systému.
Dátum prvého zverejnenia varovania
19.04.2019
CVE
CVE-2017-3881, CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744, CVE-2018-0248, CVE-2018-0382, CVE-2019-1654, CVE-2019-1686, CVE-2019-1710, CVE-2019-1711, CVE-2019-1712, CVE-2019-1718, CVE-2019-1719, CVE-2019-1720, CVE-2019-1721, CVE-2019-1722, CVE-2019-1725, CVE-2019-1777, CVE-2019-1792, CVE-2019-1794, CVE-2019-1796, CVE-2019-1797, CVE-2019-1799, CVE-2019-1800, CVE-2019-1802, CVE-2019-1805, CVE-2019-1826, CVE-2019-1829, CVE-2019-1830, CVE-2019-1831, CVE-2019-1834, CVE-2019-1835, CVE-2019-1837, CVE-2019-1840, CVE-2019-1841
CVE
Zasiahnuté systémy
Cisco Catalyst Switches
Cisco Embedded Service
Cisco Enhanced Layer 2/3
Cisco Gigabit Ethernet Switch Module (CGESM) for HP
Cisco IE
Cisco ME 4924-10GE Switch
Cisco RF Gateway 10
Cisco SM-X Layer 2/3 EtherSwitch Service Module
Cisco Aironet Series Access Points
Cisco Wireless Controllers
Cisco Wireless LAN Controllers (WLCs)
Cisco Firepower Management Center
Cisco Email Security Appliance
Cisco ASR 9000 Series Aggregation Services routers
Cisco Identity Services Engine
Cisco Prime Network Registrar
Cisco Registered Envelope Service
Cisco DNA Center
Cisco Unified Communications Manager (Unified CM)
Cisco UCS B-Series Blade Servers
Cisco Umbrella
Cisco TelePresence Video communication Server (VCS)
Následky
Vykonanie škodlivého kódu a úplné narušenie dôvernosti, integrity a dostupnosti systému
Odporúčania
Administrátorom odporúčame bezodkladne vykonať aktualizáciu zasiahnutých systémov.
Po odstránení zraniteľností, ktoré mohli spôsobiť vzdialené vykonanie kódu, je dobrou praxou kontrola systému a zmena všetkých hesiel a kľúčov na dotknutom systéme a aj na iných systémoch, kde sa používalo rovnaké heslo či kľúč.
Zdroje
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-asr9k-exr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-iapp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-gui
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-csrf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-es-tvcs-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aironet-shell
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-ssh
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlc-cert-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-wlan-hijack
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-umbrella-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucs-cli-inj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-swim-proxy
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-res-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-pnr-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ise-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ise-ssl-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxracl
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-iosxr-pim-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ios-xr-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-esa-filter-bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cfmc-xss
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ces-tvcs-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-cdc-hijack
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-traversal
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-air-ap-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-aap-dos
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-cisco-products-could-allow-for-remote-code-execution_2019-046/

« Späť na zoznam
Aktuálne hrozby
všetky oznámenia
Odkazy