Publicados 20 boletines de seguridad para productos Cisco
Cisco ha publicado 20 boletines de seguridad con gran cantidad de vulnerabilidades en muchos de sus productos, algunas de ellas críticas.
Riesgo: Crítico
Entre la gran cantidad de vulnerabilidades publicada destacan como críticas las siguientes:
La CVE-2018-0121 que afecta el portal web Cisco Elastic Services que permite acceso sin autenticación al servicio, la CVE-2019-5736 y sus 8 vulnerabilidades asociadas, que permiten escalada de privilegios en productos Cisco ASA, y la CVE-2019-1659. que permite acceder a partes no autorizadas del software utilizando un usuario no válido.
También la CVE-2019-1681, que permite recuperar ficheros del servidor TFTP utilizado en Cisco Network Convergence System 1000, así como la CVE-2018-15380 que permite ejecutar comandos como administrador en Cisco HyperFlex.
Sistemas Afectados:
- Cisco ACI Virtual Edge
- Cisco Aironet 1560, 1815, 2800, 3800 Series
- Cisco AMP Virtual Private Cloud Appliance
- Cisco Application Policy Infrastructure Controller
- Cisco Cloud Services Platform 2100
- Cisco CloudCenter
- Cisco Common Services Platform Collector
- Cisco Container Platform
- Cisco Defense Orchestrator
- Cisco DNA Center
- Cisco Elastic Service Controller
- Cisco Elastic Services
- Cisco Emergency Responder
- Cisco Enterprise NFV Infrastructure Software (NFVIS)
- Cisco Enterprise Service Automation
- Cisco Evolved Programmable Network Manager
- Cisco Expressway Series
- Cisco Finesse
- Cisco Firepower 9000 Series
- Cisco Firepower eXtensible Operating System
- Cisco Firepower Management Center
- Cisco Firepower Threat Defense
- Cisco FireSIGHT System Software
- Cisco HyperFlex
- Cisco Identity Services Engine
- Cisco IOS XE Software
- Cisco IoT Field Network Director
- Cisco IOx Fog Director
- Cisco IP Phone 7800, 7832, 8800 Series
- Cisco MDS 9000 Series Multilayer Switches
- Cisco MediaSense
- Cisco Meeting Management
- Cisco Meeting Server
- Cisco Mobility Services Engine
- Cisco Network Analysis Module
- Cisco Network Assurance Engine
- Cisco Network Assurance Engine
- Cisco Network Convergence System 1000 Series
- Cisco Nexus 3000, 7000, 9000 Series
- Cisco Paging Server
- Cisco Policy Suite
- Cisco Prime Collaboration
- Cisco Prime Collaboration Assurance
- Cisco Prime Infrastructure
- Cisco Prime Infrastructure
- Cisco Prime Network Registrar Virtual Appliance
- Cisco Prime Service Catalog Virtual Appliance
- Cisco Secure Access Control System (ACS)
- Cisco SocialMiner
- Cisco SPA112, SPA525, y SPA5x5 Series
- Cisco TelePresence
- Cisco Tetration Analytics
- Cisco Threat Grid Appliance
- Cisco UCS B-Series M5 Blade Servers
- Cisco UCS Standalone C-Series M5 Rack Server
- Cisco Umbrella Virtual Appliance
- Cisco Unified Communications
- Cisco Unified Contact Center
- Cisco Unified Intelligence Center
- Cisco Unity Connection
- Cisco Unity Connection
- Cisco vEdge 100, 1000, 2000, 5000 Series
- Cisco vEdge Cloud Router Platform
- Cisco Video Surveillance 8000 Series IP Cameras
- Cisco Virtual Topology System
- Cisco Virtualized Voice Browser
- Cisco Webex Hybrid Data Security Node
- Cisco Webex Meetings Server
- Cisco Webex Room Kit
- Cisco Webex Video Mesh Node
- Cisco Wireless LAN Controller (WLC 5520, WLC 8540, WLC 3504, Virtual Wireless Controller)
Referencias: CVE-2018-0121, CVE-2019-5736, CVE-2019-1659, CVE-2019-1662, CVE-2019-1681, CVE-2018-15380, CVE-2019-1664, CVE-2018-5391,CVE-2019-1688, CVE-2019-1680, CVE-2019-1689, CVE-2019-1683, CVE-2019-1698, CVE-2019-1691, CVE-2019-1700, CVE-2019-1684, CVE-2019-1665, CVE-2019-1685, CVE-2019-1667, CVE-2019-1666
Solución:Aplicar los últimos parches de seguridad disponibles y las actualizaciones pendientes de todos los sistemas Cisco citados.