تحديثات Cisco
2080تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
5 أغسطس, 2021
● عالي
2021-3305
الكل
الوصف:
أصدرت Cisco عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Cisco Small Business
- 100, 300, and 500 Series
- Wireless Access Points and firmware releases:
- WAP121 Wireless-N Access Point with Single Point Setup11.0.6.8 and earlier
- WAP125 Wireless-AC Dual Band Desktop Access Point with PoE1.0.3.1 and earlier
- WAP131 Wireless-N Dual Radio Access Point with PoE 11.0.2.17 and earlier
- WAP150 Wireless-AC/N Dual Radio Access Point with PoE1.1.2.4 and earlier
- WAP321 Wireless-N Access Point with Single Point Setup11.0.6.7 and earlier
- WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch11.0.2.17 and earlier
- WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE1.1.2.4 and earlier
- WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN1.0.3.1 and earlier
- Cisco CMX releases 10.6.0, 10.6.1, 10.6.2, and 10.6.3.
- Cisco EPNM releases 5.0 and earlier.
- Cisco Small Business RV Series Routers if they are running a vulnerable firmware release and have LLDP enabled:
- RV132W ADSL2+ Wireless-N VPN Router
- RV134W VDSL2 Wireless-AC VPN Router
- RV160 VPN Router
- RV160W Wireless-AC VPN Router
- RV260 VPN Router
- RV260P VPN Router with PoE
- RV260W Wireless-AC VPN Router
- RV320 Dual Gigabit WAN VPN Router
- RV325 Dual Gigabit WAN VPN Router
- RV340 Dual WAN Gigabit VPN Router
- RV340W Dual WAN Gigabit Wireless-AC VPN Router
- RV345 Dual WAN Gigabit VPN Router
- RV345P Dual WAN Gigabit PoE VPN Router
- ConfD if the built-in SSH server for CLI is enabled:
- Releases 7.4 through 7.4.3
- Releases 7.5 through 7.5.2
- 32-bit and 64-bit Cisco Packet Tracer for Windows Releases 7.3.1 and 8.0.0.
- Cisco Small Business Routers if they are running a firmware release earlier than Release 1.0.03.22:
- RV340 Dual WAN Gigabit VPN Router
- RV340W Dual WAN Gigabit Wireless-AC VPN Router
- RV345 Dual WAN Gigabit VPN Router
- RV345P Dual WAN Gigabit POE VPN Router
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حجب الخدمة (DoS)
- الكشف والإفصاح عن المعلومات
- ترقية ورفع الصلاحيات
- تنفيذ برمجيات خبيثة
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Cisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-info-disc-PjTZ5r6C
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-packettracer-dll-inj-Qv8Mk5Jx
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy