الوصف:

أصدرت Cisco عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:

• Cisco Small Business
  • 100, 300, and 500 Series
  • Wireless Access Points and firmware releases:
    • WAP121 Wireless-N Access Point with Single Point Setup11.0.6.8 and earlier
    • WAP125 Wireless-AC Dual Band Desktop Access Point with PoE1.0.3.1 and earlier
    • WAP131 Wireless-N Dual Radio Access Point with PoE 11.0.2.17 and earlier
    • WAP150 Wireless-AC/N Dual Radio Access Point with PoE1.1.2.4 and earlier
    • WAP321 Wireless-N Access Point with Single Point Setup11.0.6.7 and earlier
    • WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch11.0.2.17 and earlier
    • WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE1.1.2.4 and earlier
    • WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN1.0.3.1 and earlier
• Cisco CMX releases 10.6.0, 10.6.1, 10.6.2, and 10.6.3.
• Cisco EPNM releases 5.0 and earlier.
• Cisco Small Business RV Series Routers if they are running a vulnerable firmware release and have LLDP enabled:
  • RV132W ADSL2+ Wireless-N VPN Router
  • RV134W VDSL2 Wireless-AC VPN Router
  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with PoE
  • RV260W Wireless-AC VPN Router
  • RV320 Dual Gigabit WAN VPN Router
  • RV325 Dual Gigabit WAN VPN Router
  • RV340 Dual WAN Gigabit VPN Router
  • RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • RV345 Dual WAN Gigabit VPN Router
  • RV345P Dual WAN Gigabit PoE VPN Router
• ConfD if the built-in SSH server for CLI is enabled:
  • Releases 7.4 through 7.4.3
  • Releases 7.5 through 7.5.2
• 32-bit and 64-bit Cisco Packet Tracer for Windows Releases 7.3.1 and 8.0.0.
• Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.03.22:
  • RV340 Dual WAN Gigabit VPN Router
  • RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • RV345 Dual WAN Gigabit VPN Router
  • RV345P Dual WAN Gigabit POE VPN Router

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• حجب الخدمة (DoS)
• الكشف والإفصاح عن المعلومات
• ترقية ورفع الصلاحيات
• تنفيذ برمجيات خبيثة

الإجراءات الوقائية:

يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Cisco توضيحًا لهذه التحديثات:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-packettracer-dll-inj-Qv8Mk5Jx
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy