تحديثات Cisco
1661تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
20 مايو, 2021
● متوسط
2021-2939
الكل
الوصف:
أصدرت Cisco عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:
- Cisco Prime Infrastructure releases earlier than Release 3.9
- Cisco EPN Manager releases earlier than Release 5.1
- Cisco Modeling Labs software releases 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, and 2.1.3
- Cisco NX-OS Software
- MDS 9000 Series Multilayer Switches
- Nexus 3000 Series Switches
- Nexus 3500 Platform Switches
- Nexus 3600 Platform Switches
- Nexus 5500 Platform Switches
- Nexus 5600 Platform Switches
- Nexus 6000 Series Switches
- Nexus 7000 Series Switches
- Nexus 7700 Series Switches
- Nexus 9000 Series Switches in standalone NX-OS mode
- Nexus 9500 R-Series Switching Platform
- UCS 6200 Series Fabric Interconnects
- UCS 6300 Series Fabric Interconnects
- UCS 6400 Series Fabric Interconnects
- WAP125 Wireless-AC Dual Band Desktop Access Point with PoE 1.0.3.1 and earlier
- WAP131 Wireless-N Dual Radio Access Point with PoE 1.0.2.17 and earlier
- WAP150 Wireless-AC/N Dual Radio Access Point with PoE 1.1.2.4 and earlier
- WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 1.0.2.17 and earlier
- WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE 1.1.2.4 and earlier
- WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN 1.0.3.1 and earlier
- Cisco Finesse releases earlier than Release 12.6
- Unified Contact Center Express (Unified CCX)
- Unified Contact Center Enterprise (Unified CCE)
- Packaged Contact Center Enterprise (Packaged CCE)
- Cisco DNA Spaces Connector releases earlier than Release 2.3.1
- Cisco DNA Spaces Connector docker software releases earlier than Release 2.0.519
- EPN Manager Earlier than Release 5.0.1
- ISE
- Earlier than Release 2.7 Patch4
- Earlier than Release 3.0 Patch2
- Earlier than Release 3.1
- Prime Infrastructure
- Releases 3.5 and later
- Earlier than Release 3.8.1 Update 2
- Earlier than Release 3.9.0
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- حقن الأوامر
- رفع الصلاحيات لزيادة قدرته على التعديل في النظام
- هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
الإجراءات الوقائية:
يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتCisco توضيحًا لهذه التحديثات:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-prvesc-q6T6BzW
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-opn-rdrct-epDeh7R
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-strd-xss-bUKqffFW
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-cli-bypass
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-cmd-inject-N4VYeQXB
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3