Kritiske sårbarheter i Cisco-produkter

Publisert: 08.10.2018

Det er oppdaget flere sårbarheter i produkter fra Cisco.

Sårbarhetene åpner blant annet for kjøring av vilkårlig kode på Cisco Prime Infrastructure [1], og åpner for at uautentiserte brukere kan få tilgang til kritiske styringsfunksjoner i Cisco Digital Network Architecture [2][3].

Cisco har i tillegg varslet om mindre kritiske sårbarheter i følgende produkter og teknologier

  • Cisco Adaptive Security Appliance
  • Cisco Adaptive Security Appliance Access Control List
  • Cisco Adaptive Security Appliance IPsec VPN
  • Cisco Adaptive Security Appliance TCP Syslog
  • Cisco Cloud Services Platform 2100
  • Cisco Expressway Series and Cisco TelePresence Video Communication Server
  • Cisco Firepower Management Center
  • Cisco Firepower System Software Detection Engine
  • Cisco Firepower System Software Sourcefire Tunnel Control Channel
  • Cisco Firepower Threat Defense Software FTP Inspection
  • Cisco Hosted Collaboration Mediation Fulfillment
  • Cisco HyperFlex HX Data Platform Software
  • Cisco HyperFlex Software
  • Cisco HyperFlex UI
  • Cisco HyperFlex World-Readable
  • Cisco Identity Services Engine
  • Cisco Industrial Network Director
  • Cisco Integrated Management Controller Supervisor
  • Cisco IOS XR Software Border Gateway Protocol
  • Cisco Remote PHY IPv4
  • Cisco SD-WAN Solution
  • Cisco Small Business 300 Series Managed Switches
  • Cisco UCS Director Authenticated Web Interface
  • Cisco UCS Director Stored
  • Cisco Unified IP Phone 7900 Series
  • Cisco Unity Connection File Upload
  • Cisco Unity Connection Stored
  • Cisco Webex Centers
  • Cisco Webex Network Recording Player
  • Cisco Webex Player Remote Code Execution
  • Cisco Unified Communications Products

Følgende CVE-referanse har blitt utgitt:

CVE-2018-15436, CVE-2018-15434, CVE-2018-15433, CVE-2018-15432,
CVE-2018-15430, CVE-2018-15429, CVE-2018-15428, CVE-2018-15426,
CVE-2018-15425, CVE-2018-15424, CVE-2018-15423, CVE-2018-15410,
CVE-2018-15409, CVE-2018-15408, CVE-2018-15407, CVE-2018-15406,
CVE-2018-15405, CVE-2018-15404, CVE-2018-15403, CVE-2018-15401,
CVE-2018-15400, CVE-2018-15399, CVE-2018-15398, CVE-2018-15397,
CVE-2018-15396, CVE-2018-15392, CVE-2018-15391, CVE-2018-15390,
CVE-2018-15389, CVE-2018-15389, CVE-2018-15387, CVE-2018-15386,
CVE-2018-15382, CVE-2018-15379, CVE-2018-0465, CVE-2018-0455,
CVE-2018-0453, CVE-2018-0448, CVE-2018-0446

Cisco har publisert oppdateringer som retter opp i de alvorlige sårbarhetene.

Vi i NorCERT anbefaler systemansvarlige å oppdatere sine systemer så snart det lar seg gjøre. Vi kjenner ikke til aktiv utnyttelse av sårbarhetene. 

Referanser:

  1. Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
  2. Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability
  3. Cisco Digital Network Architecture Center Authentication Bypass Vulnerability