الموقع الرسمي للمركز الوطني الإرشادي للأمن السيبراني
تحديثات Cisco
4116
تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
5 نوفمبر, 2020
● عالي
2020-2017
الكل
الوصف:
أصدرت Cisco عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Cisco IOS XR 64-bit
- Cisco IOS XE Software
- الإصدار 17.2.1 وما سبق
- Webex Meetings
- Webex Teams web-based interface
- Webex Board في حالة تشغيلهم لـ Cisco TelePresence CE Software
- الإصدارات السابقة لـ 9.14.3
- Webex Desk Pro في حالة تشغيلهم لـ Cisco TelePresence CE Software
- الإصدارات السابقة لـ 9.14.3
- Webex Room Series في حالة تشغيلهم لـ Cisco TelePresence CE Software
- الإصدارات السابقة لـ 9.14.3
- SD-WAN Software
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Cloud Routers
- SD-WAN vEdge Routers
- SD-WAN vManage Software
- SD-WAN vSmart Controller Software
- IOS XE SD-WAN Software
- الإصدار 16.12.2r وما سبق
- Cisco IP Phones
- IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware
- IP DECT 6825 with Multiplatform Firmware
- IP Phone 8811 Series with Multiplatform Firmware
- IP Phone 8841 Series with Multiplatform Firmware
- IP Phone 8851 Series with Multiplatform Firmware
- IP Phone 8861 Series with Multiplatform Firmware
- Unified IP Conference Phone 8831 for Third-Party Call Control
- Webex Room Phone
- Cisco AnyConnect Secure Mobility Client Software
- Linux
- MacOS
- Windows
- Cisco ISE
- Cisco Unified CM IM&P
- إصدار 12.5(1)SU3
- Cisco ESA
- الإصدارات السابقة لـ 13.5.2.
- Cisco Edge Fog Fabric
- الإصدارات السابقة لـ 1.7.4.
- Cisco UCS C-Series Servers that were running Cisco Integrated Management Controller
- إصدار 4.0(4h)C وما سبق.
- Cisco AnyConnect Secure Mobility Client for Windows
- الإصدارات السابقة لـ 4.9.03047.
- Cisco IMC
- الإصدارات السابقة لـ 3.0(3e).
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تنفيذ برمجيات خبيثة عن بعد
- ترقية الصلاحيات
- تجاوز آلية حماية عن بعد
- هجمة حجب الخدمة (DoS attack)
- هجمة البرمجة عبر المواقع (Cross-site scripting (XSS))
- حقن البرمجيات (Code Injection)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت Cisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-vdi-qQrpBwuJ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepestd-8C3J9Vc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepeshlg-tJghOQcA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepescm-BjgQm4vJ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmxss2-NL4KSSVR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxsshi-9KHEqRpM
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxss2-ugJyqxWF
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanxss1-XhJCymBt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx2-KpFVSUc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanuafw-ZHkdGGEy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanpt2-FqLuefsS
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-privilege-zPmMf73k
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-file-Y2JSRNRb
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-pkjCmq9d
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-euRCwX9
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-fNZX8hHj
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-zip-bypass-gbU4gtTg
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cedge-filt-bypass-Y6wZMqm4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-file-read-LsvDD6Uh
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CIMC-CIV-pKDBe9x5
قيم المحتوى
شارك الصفحة
