S2-057（CVE-2018-11776）漏洞影响思科产品

BaCde 2267天前

思科发布了30项安全补丁公告，用于解决其产品中总共32个安全漏洞。其中3个漏洞被评为严重漏洞。其中，修复了最近曝光出来的Apache Struts2的最新远程代码执行漏洞——S2-057,CVE编号为CVE-2018-11776。

其影响的产品如下：

产品	Cisco Bug ID	已修复的可用发布版本
Collaboration and Social Media
Cisco SocialMiner	CSCvk78903	Patch available 11-Sept-2018
Endpoint Clients and Client Software
Cisco Prime Service Catalog	CSCvm13989
Network and Content Security Devices
Cisco Identity Services Engine (ISE)	CSCvm14030	Patch file available 31-Aug-2018
Voice and Unified Communications Devices
Cisco Emergency Responder	CSCvm14044	1151es (14-Sept-2018) Standalone COP (21-Sept-2018)
Cisco Finesse	CSCvk78905	Patch file available 7-Sept-2018
Cisco Hosted Collaboration Solution for Contact Center	CSCvm14052
Cisco MediaSense	CSCvk78906
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)	CSCvm14049	1151es and 1201es (14-Sept-2018) Standalone COP (20-Sept-2018)
Cisco Unified Communications Manager	CSCvm14042	1151es and 1201es (14-Sept-2018) Standalone COP (20-Sept-2018)
Cisco Unified Contact Center Enterprise - Live Data server	CSCvk78902	Patch file available 7-Sept-2018
Cisco Unified Contact Center Enterprise	CSCvm13986
Cisco Unified Contact Center Express	CSCvm21744
Cisco Unified Intelligence Center	CSCvm13984
Cisco Unified Intelligent Contact Management Enterprise	CSCvm13986
Cisco Unified SIP Proxy Software	CSCvm13980	918es (28-Sept-2018)
Cisco Unified Survivable Remote Site Telephony Manager	CSCvm13979
Cisco Unity Connection	CSCvm14043	1151es and 1201su (18-Sept-2018) Standalone COP (21-Sept-2018)
Cisco Virtualized Voice Browser	CSCvm14056
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Video Distribution Suite for Internet Streaming (VDS-IS)	CSCvm14027	2.3.35 (15-Sept-2018)
Cisco Cloud Hosted Services
Cisco Network Performance Analysis	CSCvm14040

目前在网络中还没有出现针对这些设备的攻击。目前不受该漏洞影响的产品如下：

Cable Modems

Cisco 3G Femtocell Wireless

Network Application, Service, and Acceleration

Cisco Data Center Network Manager

Network and Content Security Devices

Cisco Secure Access Control System (ACS)

Network Management and Provisioning

Cisco MXE 3500 Series Media Experience Engines
Cisco Prime Access Registrar
Cisco Prime Central for Service Providers
Cisco Prime Collaboration Assurance
Cisco Prime Collaboration Provisioning
Cisco Prime Infrastructure
Cisco Prime LAN Management Solution - Solaris
Cisco Prime License Manager
Cisco Prime Network Registrar IP Address Manager (IPAM)
Cisco Prime Network
Cisco Prime Order Management
Cisco Prime Provisioning
Cisco Security Manager
Cisco Smart Net Total Care - Local Collector appliance

Routing and Switching - Enterprise and Service Provider

Cisco Broadband Access Center for Telco and Wireless

Voice and Unified Communications Devices

Cisco Enterprise Chat and Email
Cisco Hosted Collaboration Mediation Fulfillment
Cisco Unified Customer Voice Portal
Cisco Unified E-Mail Interaction Manager
Cisco Unified Web Interaction Manager
Cisco Unity Express

Video, Streaming, TelePresence, and Transcoding Devices

Cisco Enterprise Content Delivery System (ECDS)
Cisco Expressway Series
Cisco TelePresence Video Communication Server (VCS)

Cisco Cloud Hosted Services

Cisco Business Video Services Automation Software
Cisco Cloud Web Security
Cisco Deployment Automation Tool
Cisco Network Device Security Assessment Service
Cisco Services Provisioning Platform
Cisco Smart Net Total Care - Contracts Information System Process Controller
Cisco Smart Net Total Care
Cisco Unified Service Delivery Platform
Cisco Webex Meeting Center - Windows
Cisco Webex Meeting Center
Cisco Webex Network-ba sed Recording (NBR) Management
Cisco Webex Teams (formerly Cisco Spark)
Cloud and Managed Services Program (CMSP)

白帽汇会及时跟进该情况，后续可持续关注本链接。

修复建议

建议用户检查是否存在该漏洞，及时更新最新的固件版本，避免遭受到该漏洞的影响。

引用

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts

上一篇：国外著名网盘MEGA Chrome浏览器...... 下一篇：英国航空公司遭到攻击，攻击者窃......

S2-057（CVE-2018-11776）漏洞影响思科产品

最新评论

相关推荐

热门文章