思科產品多個漏洞

影響

• 遠端執行程式碼
• 跨網站指令碼
• 繞過保安限制
• 資料洩露
• 阻斷服務
• 篡改

受影響之系統或技術

• Cisco BroadWorks Application Delivery Platform Device Management Software
• Cisco BroadWorks Application Server
• Cisco BroadWorks Xtended Services Platform
• Cisco CX Cloud Agent
• Cisco IND
• Cisco NSO
• IP Phone 7800 Series
• IP Phone 8800 Series
• Packaged Contact Center Enterprise (CCE)
• RoomOS Software in cloud-aware on-premises operation, which is cloud based
• RV160 VPN Routers
• RV160W Wireless-AC VPN Routers
• RV260 VPN Routers
• RV260P VPN Routers with PoE
• RV260W Wireless-AC VPN Routers
• RV340 Dual WAN Gigabit VPN Routers
• RV340W Dual WAN Gigabit Wireless-AC VPN Routers
• RV345 Dual WAN Gigabit VPN Routers
• RV345P Dual WAN Gigabit POE VPN Routers
• TelePresence CE Software
• Unified CCE
• Unified Contact Center Express (CCX)
• Webex Room Phone
• Webex Share

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式：

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-cmd-exe-n47kJQLE
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

漏洞識別碼

• CVE-2023-20002
• CVE-2023-20007
• CVE-2023-20008
• CVE-2023-20018
• CVE-2023-20019
• CVE-2023-20020
• CVE-2023-20037
• CVE-2023-20038
• CVE-2023-20040
• CVE-2023-20043
• CVE-2023-20044
• CVE-2023-20045
• CVE-2023-20047
• CVE-2023-20058

資料來源

• AusCERT
• Cisco

相關連結

• https://www.auscert.org.au/bulletins/ESB-2023.0180
• https://www.auscert.org.au/bulletins/ESB-2023.0179
• https://www.auscert.org.au/bulletins/ESB-2023.0178
• https://www.auscert.org.au/bulletins/ESB-2023.0177
• https://www.auscert.org.au/bulletins/ESB-2023.0176
• https://www.auscert.org.au/bulletins/ESB-2023.0175
• https://www.auscert.org.au/bulletins/ESB-2023.0174
• https://www.auscert.org.au/bulletins/ESB-2023.0173
• https://www.auscert.org.au/bulletins/ESB-2023.0172
• https://www.auscert.org.au/bulletins/ESB-2023.0170
• https://www.auscert.org.au/bulletins/ESB-2023.0169
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-cmd-exe-n47kJQLE
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg