CSIRTCV

Está usted visitando una publicación en la hemeroteca de CSIRT-CV.
Para acceder al portal y contenido actual, visite https://www.csirtcv.gva.es

05/06/2020

Vulnerabilitats en productes Cisco

S'han corregit múltiples vulnerabilitats en tota la gamma de productes Cisco.

Risc: Crític
  • Les vulnerabilitats inclouen:Escalada de privilegis,Injecció de comandos
  • Execució de codi arbitrari,
  • Execució remota de codi amb privilegis de root,
  • Generar una condició de denegació de servei (Dos),
  • Instal·lació de programari no autoritzat en el dispositiu,
  • Accedir al sistema mitjançant l'ús de credencials embegudes,
  • Manipulació de fitxers.
Sistemes Afectats: Referències:

CVE-2020-3227, CVE-2020-3205, CVE-2020-3198, CVE-2020-3198

Solució:

Descarregar les actualitzacions des del panell  panell de descàrrega de Software de Cisco

Notes:

Cisco IOx for IOS XE Software Privilege Escalation Vulnerability
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability
Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities
Cisco IOS XE Software Web UI Command Injection Vulnerability
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Cisco IOS XE Software Web UI Command Injection Vulnerability
Cisco IOS XE Software Web UI Command Injection Vulnerability
Cisco IOS XE Software Web UI Command Injection Vulnerability
Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability
Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability
Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability
Cisco IOS XE Software Command Injection Vulnerability
Cisco IOS XE Software Web UI Remote Code Execution Vulnerability
Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability
Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability
Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability
Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities
Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability
Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities
Cisco IOx Application Framework Arbitrary File Creation Vulnerability

Font: Incibe-cert

CSIRT-CV