تحديثات Cisco
2942تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
14 يناير, 2021
● متوسط
2021-2327
الكل
الوصف:
أصدرت Cisco عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- AnyConnect Secure Mobility Client for Linux releases earlier than Release 4.9.03047
- AnyConnect Secure Mobility Client for MacOS releases earlier than Release 4.9.03047
- AnyConnect Secure Mobility Client for Windows releases earlier than Release 4.9.03049
- Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2.
- Unified Communications Manager (Unified CM)
- Unified Communications Manager Session Management Edition (Unified CM SME)
- Unified Communications Manager IM & Presence Service (Unified CM IM&P)
- Unity Connection
- Emergency Responder
- Prime License Manager
- Cisco FMC releases earlier than Release 6.7.0
- Cisco FMC Software releases earlier than Release 6.6.1
- Cisco Video Surveillance 8000 Series IP Cameras if they were running a firmware release earlier than Release 1.0.9-8 and they had Cisco Discovery Protocol enabled
- Cisco Finesse releases earlier than Release 12.0 ES05 and Release 12.5 ES05
- Cisco Enterprise NFVIS devices running releases earlier than Release 4.4.1
- Cisco Proximity Desktop for Windows releases earlier than Release 3.1.0
- Cisco Small Business routers
- RV110W Wireless-N VPN Firewall
- RV130 VPN Router
- RV130W Wireless-N Multifunction VPN Router
- RV215W Wireless-N VPN Router
- 1000 Series Integrated Services Routers (ISRs)
- 3000 Series Industrial Security Appliances (ISAs)
- 4000 Series Integrated Services Routers (ISRs)
- Cloud Services Router 1000V
- Firepower Threat Defense (FTD) Software
- Integrated Services Virtual Router (ISRv)
- Meraki MX64
- Meraki MX64W
- Meraki MX67
- Meraki MX67C
- Meraki MX67W
- Meraki MX68
- Meraki MX68CW
- Meraki MX68W
- Meraki MX100
- Meraki MX84
- Meraki MX250
- Meraki MX450
- Cisco StarOS releases 21.19.7 and later
- 3.0MR3 Security Patch 5 and earlier
- 4.0MR3 Security Patch 4 and earlier
- Cisco Webex Meetings sites prior to November 24, 2020
- Cisco Webex Teams releases earlier than Release 40.12.0.17293
- AnyConnect Secure Mobility Client for MacOS
- AnyConnect Secure Mobility Client for Linux
- AnyConnect Secure Mobility Client for mobile device operating systems such as iOS, Android, and Universal Windows Platform
- Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2.
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة عن بعد
- ترقية الصلاحيات
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS))
- حقن البرمجيات (Code Injection)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Cisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-fileread-PbHbgHMj
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxapi-KsKwCmfp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-xss-HfV73cS3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-stored-xss-djKfCzf2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-stored-xss-djKfCzf2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xee-DFzARDcs
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multi-vuln-finesse-qp6gbUO2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-dll-UvW4VHPM
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-LPTQ3EQC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-tfo-bypass-MmzZrtes
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-file-read-L3RDvtey
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-open-redirect-PWvBQ2q
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-injec-pQnryXLf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxpe-75Asy9k
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-command-inject-LBdQ2KRN
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-overflow-WUnUgv4U