弱點通告:Cisco 多個產品存在安全性弱點,建議請管理者儘速評估更新,以降低受駭風險!
2018/06/21
風險等級: 高度威脅
摘  要:

Cisco 多個產品存在多個安全性弱點,可能使遠端攻擊者利用該弱點造成阻斷服務、執行任意代碼,官方已發布更新。

目前已知會受到影響的產品為 Cisco Firepower 4100 Series Next-Generation Firewalls、Cisco Firepower 9300 Security Appliance、Cisco MDS 9000 Series Multilayer Switches with Fibre、Cisco Channel over Ethernet interfaces configured、Cisco Nexus 1000V, 2000, 3000, 4000, 6000, 7000, 7700 Series Switches、Cisco Nexus 1100 Series Cloud Services Platforms、Cisco Nexus 2000 Series Fabric Extenders、Cisco Nexus 3500, 3600, 5500, 5600 Platform Switches、Cisco Nexus 9000 Series Switches in standalone NX-OS mode、Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode、Cisco Nexus 9500 R-Series Line Cards and Fabric Modules、Cisco UCS 6100, 6200, 6300 Series Fabric Interconnects,HiNet SOC 建議管理者儘速評估更新,以降低受駭風險。

影響系統:
  • Cisco Firepower 4100 Series Next-Generation Firewalls
  • Cisco Firepower 9300 Security Appliance
  • Cisco MDS 9000 Series Multilayer Switches with Fibre
  • Cisco Channel over Ethernet interfaces configured
  • Cisco Nexus 1000V, 2000, 3000, 4000, 6000, 7000, 7700 Series Switches
  • Cisco Nexus 1100 Series Cloud Services Platforms
  • Cisco Nexus 2000 Series Fabric Extenders
  • Cisco Nexus 3500, 3600, 5500, 5600 Platform Switches
  • Cisco Nexus 9000 Series Switches in standalone NX-OS mode
  • Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • Cisco Nexus 9500 R-Series Line Cards and Fabric Modules
  • Cisco UCS 6100, 6200, 6300 Series Fabric Interconnects
  • 解決辦法:

    請參考 Cisco 官網下載更新至建議最新版本

  • Cisco Firepower 4100 Series Next-Generation Firewalls
  • Cisco Firepower 9300 Security Appliance
  • Cisco MDS 9000 Series Multilayer Switches with Fibre
  • Cisco Nexus 1100 Cloud Services Platform 5.2(1)SP1(7.3b) 版本
  • Cisco Nexus 1000V, 2000, 3000, 4000, 6000, 7000, 7700 Series Switches
  • Cisco Nexus 2000 Series Fabric Extenders
  • Cisco Nexus 3500, 3600, 5500, 5600 Platform Switches
  • Cisco Nexus 9000 Series Switches in standalone NX-OS mode
  • Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode
  • Cisco Nexus 9500 R-Series Line Cards and Fabric Modules
  • Cisco UCS 6100, 6200, 6300 Series Fabric Interconnects
  • 細節描述:

    近日 Cisco 發布安全更新,可能使遠端攻擊者利用該弱點造成阻斷服務、執行任意代碼。

    1.在 NX-API 子系統之認證模組中存在不正確的輸入驗證,使攻擊者可利用該弱點傳送自製的 HTTP 或 HTTPS 封包,進而執行任意代碼。 2.在 Cisco Fabric Services 封包中的標頭並未完整驗證,使攻擊者可利用該弱點傳送自製封包,進而導致緩衝區溢位、執行任意代碼或阻斷服務攻擊。 3.由於指令參數存在不完整的輸入驗證,使攻擊者可利用該弱點對 CLI command 注入惡意的指令參數,進而執行任意代碼。 4.在 Simple Network Management Protocol (SNMP) 封包中 SNMP protocol data units (PDUs) 存在不正當驗證,使攻擊者可利用該弱點傳送自製的 SNMP 封包,進而使 SNMP 應用程式多次重起導致阻斷服務的情況。另有其他尚未列出之弱點,詳細資訊請參考Cisco官方網站

    HiNet SOC 建議管理者儘速評估更新,以降低受駭風險。

    參考資訊:

    US-CERT(2018/06/20)
    cisco-sa-20180620-nxos-bo(2018/06/20)
    cisco-sa-20180620-fxnxos-fab-ace(2018/06/20)
    cisco-sa-20180620-fxnxos-ace(2018/06/20)
    cisco-sa-20180620-fx-os-fabric-execution(2018/06/20)
    cisco-sa-20180620-fx-os-cli-execution(2018/06/20)
    cisco-sa-20180620-nx-os-cli-injection(2018/06/20)
    cisco-sa-20180620-nxossnmp(2018/06/20)
    cisco-sa-20180620-nxosrbac(2018/06/20)
    cisco-sa-20180620-nxosigmp(2018/06/20)
    cisco-sa-20180620-nxosbgp(2018/06/20)
    cisco-sa-20180620-nxosadmin(2018/06/20)
    cisco-sa-20180620-nxos-nxapi(2018/06/20)
    cisco-sa-20180620-nxos-cdp(2018/06/20)
    cisco-sa-20180620-nx-os-fabric-dos(2018/06/20)
    cisco-sa-20180620-nx-os-fabric-services-dos(2018/06/20)
    cisco-sa-20180620-nx-os-cli-execution(2018/06/20)
    cisco-sa-20180620-nx-os-api-execution(2018/06/20)
    cisco-sa-20180620-n4k-snmp-dos(2018/06/20)
    cisco-sa-20180620-n3k-n9k-clisnmp(2018/06/20)
    cisco-sa-20180620-fxos-dos(2018/06/20)
    cisco-sa-20180620-fxos-ace(2018/06/20)
    cisco-sa-20180620-fxnxos-dos(2018/06/20)
    cisco-sa-20180620-fx-os-fabric-dos(2018/06/20)
    cisco-sa-20180620-firepwr-pt(2018/06/20)