思科產品多個漏洞
發佈日期:
2023年09月29日
473
觀看次數
風險: 高度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、繞過保安限制、敏感資料泄露及篡改資料。
注意:
對於 CVE-2023-20109,此漏洞是由於 GET VPN 功能的 Group Domain of Interpretation (GDOI) 和 G-IKEv2 協定中的屬性驗證不充分造成的。 思科知悉 CVE-2023-20109 已被廣泛利用。
影響
- 阻斷服務
- 遠端執行程式碼
- 繞過保安限制
- 資料洩露
- 篡改
受影響之系統或技術
- 1000 Series Integrated Services Routers (ISRs)
- 1100 Integrated Services Routers
- 4000 Series Integrated Services Routers
- 4200 Series Integrated Services Routers
- 4300 Series Integrated Services Routers
- 6300 Series Embedded Services APs
- Aironet 1540 Series APs
- Aironet 1560 Series APs
- Aironet 1800 Series APs
- Aironet 2800 Series APs
- Aironet 3800 Series APs
- Aironet 4800 APs
- Business 150 and 151 APs and Mesh Extenders
- Catalyst 3650 Series Switches
- Catalyst 3850 Series Switches
- Catalyst 8000V Edge Software
- Catalyst 8200 Series Edge Platforms
- Catalyst 8300 Edge Platforms
- Catalyst 8300 Series Edge Platforms
- Catalyst 8500L Edge Platforms
- Catalyst 9100 APs
- Catalyst 9124 APs
- Catalyst 9130 APs
- Catalyst 9136 APs
- Catalyst 9164 APs
- Catalyst 9166 APs
- Catalyst 9300 Series Switches
- Catalyst 9400 Series Switches
- Catalyst 9500 Series Switches
- Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
- Catalyst 9800 Series Wireless Controllers
- Catalyst 9800-CL Wireless Controllers for Cloud
- Catalyst IR8300 Rugged Series Routers
- Catalyst IW6300 Heavy Duty Series APs
- Cisco ASA Software
- Cisco Catalyst SD-WAN Manager
- Cisco FTD Software
- Cisco IOS Software
- Cisco IOS XE Software
- Cloud Services Routers 1000V Series
- Embedded Wireless Controller on Catalyst 9100X Series Access Points
- Embedded Wireless Controllers on Catalyst Access Points
- ISR1100 Series Routers
- Integrated APs on 1100 Integrated Services Routers (ISRs)
- Integrated Services Virtual Routers
- Mobility Express
- VG400 Analog Voice Gateways
- VG420 Analog Voice Gateways
- VG450 Analog Voice Gateways
- Virtual Wireless LAN Controller (vWLC)
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-l2tp-dos-eB5tuFmV
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z
漏洞識別碼
- CVE-2023-20033
- CVE-2023-20034
- CVE-2023-20109
- CVE-2023-20176
- CVE-2023-20179
- CVE-2023-20186
- CVE-2023-20187
- CVE-2023-20202
- CVE-2023-20223
- CVE-2023-20226
- CVE-2023-20227
- CVE-2023-20231
- CVE-2023-20251
- CVE-2023-20252
- CVE-2023-20253
- CVE-2023-20254
- CVE-2023-20262
- CVE-2023-20268
- CVE-2023-20269
資料來源
相關連結
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-l2tp-dos-eB5tuFmV
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z
分享至