跳至主內容

思科產品多個漏洞

發佈日期: 2023年09月29日 470 觀看次數

風險: 高度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

類型: 保安軟件及應用設備

於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、繞過保安限制、敏感資料泄露及篡改資料。

 

注意:

對於 CVE-2023-20109,此漏洞是由於 GET VPN 功能的 Group Domain of Interpretation (GDOI) 和 G-IKEv2 協定中的屬性驗證不充分造成的。 思科知悉 CVE-2023-20109 已被廣泛利用。


影響

  • 阻斷服務
  • 遠端執行程式碼
  • 繞過保安限制
  • 資料洩露
  • 篡改

受影響之系統或技術

  • 1000 Series Integrated Services Routers (ISRs)
  • 1100 Integrated Services Routers
  • 4000 Series Integrated Services Routers
  • 4200 Series Integrated Services Routers
  • 4300 Series Integrated Services Routers
  • 6300 Series Embedded Services APs
  • Aironet 1540 Series APs
  • Aironet 1560 Series APs
  • Aironet 1800 Series APs
  • Aironet 2800 Series APs
  • Aironet 3800 Series APs
  • Aironet 4800 APs
  • Business 150 and 151 APs and Mesh Extenders
  • Catalyst 3650 Series Switches
  • Catalyst 3850 Series Switches
  • Catalyst 8000V Edge Software
  • Catalyst 8200 Series Edge Platforms
  • Catalyst 8300 Edge Platforms
  • Catalyst 8300 Series Edge Platforms
  • Catalyst 8500L Edge Platforms
  • Catalyst 9100 APs
  • Catalyst 9124 APs
  • Catalyst 9130 APs
  • Catalyst 9136 APs
  • Catalyst 9164 APs
  • Catalyst 9166 APs
  • Catalyst 9300 Series Switches
  • Catalyst 9400 Series Switches
  • Catalyst 9500 Series Switches
  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Catalyst IR8300 Rugged Series Routers
  • Catalyst IW6300 Heavy Duty Series APs
  • Cisco ASA Software
  • Cisco Catalyst SD-WAN Manager
  • Cisco FTD Software
  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cloud Services Routers 1000V Series
  • Embedded Wireless Controller on Catalyst 9100X Series Access Points
  • Embedded Wireless Controllers on Catalyst Access Points
  • ISR1100 Series Routers
  • Integrated APs on 1100 Integrated Services Routers (ISRs)
  • Integrated Services Virtual Routers
  • Mobility Express
  • VG400 Analog Voice Gateways
  • VG420 Analog Voice Gateways
  • VG450 Analog Voice Gateways
  • Virtual Wireless LAN Controller (vWLC)

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:


漏洞識別碼


資料來源


相關連結