الوصف:

أصدرت Cisco تحذيرًا بخصوص ثغرة Apache Log4j في المنتجات التالية:

• Cisco Webex Meetings Server
• Cisco Advanced Web Security Reporting Application
• Cisco Identity Services Engine (ISE)
• Cisco Registered Envelope Service
• Cisco CloudCenter Suite Admin
• Cisco Crosswork Change Automation
• Cisco Evolved Programmable Network Manager
• Cisco Integrated Management Controller (IMC) Supervisor
• Cisco Intersight Virtual
• Cisco Network Services Orchestrator (NSO)
• Cisco Nexus Dashboard (formerly Cisco Application Services Engine)
• Cisco WAN Automation Engine (WAE)
• Cisco SD-WAN vManage
• Cisco UCS Director
• Cisco BroadCloud
• Cisco Computer Telephony Integration Object Server (CTIOS)
• Cisco Enterprise Chat and Email
• Cisco Packaged Contact Center Enterprise
• Cisco Unified Contact Center Enterprise - Live Data server
• Cisco Unified Contact Center Enterprise
• Cisco Unified Intelligent Contact Management Enterprise
• Cisco Unified SIP Proxy Software
• Cisco Video Surveillance Operations Manager
• Cisco DNA Spaces
• Cisco Kinetic for Cities
• Cisco Umbrella
• Cisco Unified Communications Manager Cloud
• Cisco Webex Cloud-Connected UC (CCUC)
• Managed Services Accelerator (MSX) Network Access Control Service
• CloudLock
• Duo
• ThousandEyes
• Webex Meetings

التهديدات:

يمكن للمهاجم استغلال الثغرة وتنفيذ ما يلي:

• تنفيذ برمجيات خبيثة عن بعد

الإجراءات الوقائية:

يوصي المركز بمراجعة موقع الشركة وتطبيق الإجراءات الوقائية، كما ينصح بتحديث النسخ المتأثرة حال توفرها:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd