思科產品多個漏洞
發佈日期:
2024年04月22日
510
觀看次數
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行程式碼及權限提升。
注意﹕
已有 CVE-2024-20295和 CVE-2024-20356 的概念驗證碼。CVE-2024-20295漏洞需要至少具閱讀權限的本地用戶才能執行關鍵操作。另外,CVE-2024-20356漏洞需要至少具有資源管理員角色權限的用戶才能執行關鍵操作。因此,整體風險水平為中度風險。
影響
- 遠端執行程式碼
- 權限提升
受影響之系統或技術
- 5000 Series Enterprise Network Compute Systems (ENCS)
- Catalyst 8300 Series Edge uCPE
- UCS C-Series M5, M6, and M7 Rack Servers in standalone mode
- UCS E-Series Servers
- UCS S-Series Storage Servers in standalone mode
- 5520 and 8540 Wireless Controllers
- Application Policy Infrastructure Controller (APIC) Servers
- Business Edition 6000 and 7000 Appliances
- Catalyst Center Appliances, formerly DNA Center
- Cisco Telemetry Broker Appliance
- Cloud Services Platform (CSP) 5000 Series
- Common Services Platform Collector (CSPC) Appliances
- Connected Mobile Experiences (CMX) Appliances
- Connected Safety and Security UCS Platform Series Servers
- Cyber Vision Center Appliances
- Expressway Series Appliances
- HyperFlex Edge Nodes
- HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode
- IEC6400 Edge Compute Appliances
- IOS XRv 9000 Appliances
- Meeting Server 1000 Appliances
- Nexus Dashboard Appliances
- Prime Infrastructure Appliances
- Prime Network Registrar Jumpstart Appliances
- Secure Email Gateways
- Secure Email and Web Manager
- Secure Endpoint Private Cloud Appliances
- Secure Firewall Management Center Appliances, formerly Firepower Management Center
- Secure Malware Analytics Appliances
- Secure Network Analytics Appliances
- Secure Network Server Appliances
- Secure Web Appliances
- Secure Workload Servers
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-bLuPcb%20
漏洞識別碼
資料來源
相關連結
分享至