Publicats 20 butlletins de seguretat per a productes Cisco
Cisco ha publicat 20 butlletins de seguretat amb gran quantitat de vulnerabilitats en molts dels seus productes, algunes d'elles crítiques.
Risc: Crític
Entre la gran quantitat de vulnerabilitats publicada destaquen com a crítiques les següents:
La CVE-2018-0121 que afecta el portal web Cisco Elastic Services que permet accés sense autenticació al servei, la CVE-2019-5736 i les seues 8 vulnerabilitats associades, que permeten escalada de privilegis en productes Cisco ANSA, i la CVE-2019-1659. que permet accedir a parts no autoritzades del programari utilitzant un usuari no vàlid.
També la CVE-2019-1681, que permet recuperar fitxers del servidor TFTP utilitzat en Cisco Network Convergence System 1000, així com la CVE-2018-15380 que permet executar comandaments com a administrador en Cisco HyperFlex.
Sistemes Afectats:
- Cisco ACI Virtual Edge
- Cisco Aironet 1560, 1815, 2800, 3800 Series
- Cisco AMP Virtual Private Cloud Appliance
- Cisco Application Policy Infrastructure Controller
- Cisco Cloud Services Platform 2100
- Cisco CloudCenter
- Cisco Common Services Platform Collector
- Cisco Container Platform
- Cisco Defense Orchestrator
- Cisco DNA Center
- Cisco Elastic Service Controller
- Cisco Elastic Services
- Cisco Emergency Responder
- Cisco Enterprise NFV Infrastructure Software (NFVIS)
- Cisco Enterprise Service Automation
- Cisco Evolved Programmable Network Manager
- Cisco Expressway Series
- Cisco Finesse
- Cisco Firepower 9000 Series
- Cisco Firepower eXtensible Operating System
- Cisco Firepower Management Center
- Cisco Firepower Threat Defense
- Cisco FireSIGHT System Software
- Cisco HyperFlex
- Cisco Identity Services Engine
- Cisco IOS XE Software
- Cisco IoT Field Network Director
- Cisco IOx Fog Director
- Cisco IP Phone 7800, 7832, 8800 Series
- Cisco MDS 9000 Series Multilayer Switches
- Cisco MediaSense
- Cisco Meeting Management
- Cisco Meeting Server
- Cisco Mobility Services Engine
- Cisco Network Analysis Module
- Cisco Network Assurance Engine
- Cisco Network Assurance Engine
- Cisco Network Convergence System 1000 Series
- Cisco Nexus 3000, 7000, 9000 Series
- Cisco Paging Server
- Cisco Policy Suite
- Cisco Prime Collaboration
- Cisco Prime Collaboration Assurance
- Cisco Prime Infrastructure
- Cisco Prime Infrastructure
- Cisco Prime Network Registrar Virtual Appliance
- Cisco Prime Service Catalog Virtual Appliance
- Cisco Secure Access Control System (ACS)
- Cisco SocialMiner
- Cisco SPA112, SPA525, y SPA5x5 Series
- Cisco TelePresence
- Cisco Tetration Analytics
- Cisco Threat Grid Appliance
- Cisco UCS B-Series M5 Blade Servers
- Cisco UCS Standalone C-Series M5 Rack Server
- Cisco Umbrella Virtual Appliance
- Cisco Unified Communications
- Cisco Unified Contact Center
- Cisco Unified Intelligence Center
- Cisco Unity Connection
- Cisco Unity Connection
- Cisco vEdge 100, 1000, 2000, 5000 Series
- Cisco vEdge Cloud Router Platform
- Cisco Video Surveillance 8000 Series IP Cameras
- Cisco Virtual Topology System
- Cisco Virtualized Voice Browser
- Cisco Webex Hybrid Data Security Node
- Cisco Webex Meetings Server
- Cisco Webex Room Kit
- Cisco Webex Video Mesh Node
- Cisco Wireless LAN Controller (WLC 5520, WLC 8540, WLC 3504, Virtual Wireless Controller)
Referències: CVE-2018-0121, CVE-2019-5736, CVE-2019-1659, CVE-2019-1662, CVE-2019-1681, CVE-2018-15380, CVE-2019-1664, CVE-2018-5391,CVE-2019-1688, CVE-2019-1680, CVE-2019-1689, CVE-2019-1683, CVE-2019-1698, CVE-2019-1691, CVE-2019-1700, CVE-2019-1684, CVE-2019-1665, CVE-2019-1685, CVE-2019-1667, CVE-2019-1666
Solució:Aplicar els últims pegats de seguretat disponibles i les actualitzacions pendents de tots els sistemes Cisco esmentats.
Notes: None