تنبيه Cisco
2285تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
13 يناير, 2022
● متوسط
2022-4212
الكل
أصدرت Cisco عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Cisco Tetration
- Cisco Secure Network Analytics
- Cisco Prime Access Registrar Appliance
- Cisco PI
- IP Conference Phone 7832
- IP Conference Phone 8832
- IP Phones 7811, 7821, 7841, and 7861
- IP Phones 8811, 8841, 8845, 8851, 8861, and 8865
- Unified IP Conference Phone 8831
- Unified IP Conference Phone 8831 for Third-Party Call Control
- Unified IP Phones 7945G, 7965G, and 7975G
- Unified SIP Phone 3905
- Wireless IP Phones 8821 and 8821-EX
- Cisco ECE
- Cisco Security Manager
- Cisco ASDM
- Cisco EPNM
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
- الكشف والفصاح عن المعلومات
- حقن الأوامر
يوصي المركز بتحديث النسخ المتأثرة، حيث أصدرت Cisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-mult-xss-7hmOKQTt
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asdm-logging-jnLOY422