تحديثات Cisco
2782تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
4 نوفمبر, 2021
● عالي
2021-3805
الكل
الوصف:
أصدرت Cisco عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:
- Cisco Policy Suite
- Catalyst PON Switch
- CGP-ONT-1P
- CGP-ONT-4P
- CGP-ONT-4PV
- CGP-ONT-4PVC
- CGP-ONT-4TVCW
- 250 Series Smart Switches
- 350 Series Managed Switches
- 350X Series Stackable Managed Switches
- 550X Series Stackable Managed Switches
- Business 250 Series Smart Switches
- Business 350 Series Managed Switches
- ESW2 Series Advanced Switches
- Small Business 200 Series Smart Switches
- Small Business 300 Series Managed Switches
- Small Business 500 Series Stackable Managed Switches
- Cisco ESA if it is running a vulnerable release of Cisco AsyncOS software
- Cisco Webex Meetings
- Cisco Webex Video Mesh Software
- Cisco Meeting Server
- Cisco Umbrella
- Unified CM
- Unified CM SME
- Unified CM IM&P
- Unity Connection
- Cisco Small Business RV Series Routers
- RV016 Multi-WAN VPN Routers
- RV042 Dual WAN VPN Routers
- RV042G Dual Gigabit WAN VPN Routers
- RV082 Dual WAN VPN Routers
- RV320 Dual Gigabit WAN VPN Routers
- RV325 Dual Gigabit WAN VPN Routers
- Cisco PI
- Cisco EPNM
- Cisco CSPC Software
- Cisco Prime Access Registrar
- Cisco AnyConnect Secure Mobility Client - Windows
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
- هجمة حجب الخدمة (DoS)
- تنفيذ برمجيات خبيثة مع صلاحيات المستخدم الجذر "Root User"
- تسجيل الدخول في النظام المتأثر مع صلاحيات المستخدم الجذر (Root User)
- هجمة الوسيط (MitM)
- حقن الأوامر والمحتوى
- إعادة توجيه المستخدم لمواقع خبيثة عن بُعد
- تزوير الطلب عبر المواقع Cross-site request forgery (CSRF)
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت Cisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-activation-3sdNFxcy
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-videomesh-xss-qjm2BDQf
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-web-dos-xMyFFkt8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpar-strd-xss-A4DCVETG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT