S2-057(CVE-2018-11776)漏洞影响思科产品

BaCde  2298天前

timg.jpg

思科发布了30项安全补丁公告,用于解决其产品中总共32个安全漏洞。其中3个漏洞被评为严重漏洞。其中,修复了最近曝光出来的Apache Struts2的最新远程代码执行漏洞——S2-057,CVE编号为CVE-2018-11776。

其影响的产品如下:

产品
Cisco Bug ID
已修复的可用发布版本
Collaboration and Social Media
Cisco SocialMinerCSCvk78903Patch available 11-Sept-2018
Endpoint Clients and Client Software
Cisco Prime Service CatalogCSCvm13989
Network and Content Security Devices
Cisco Identity Services Engine (ISE)CSCvm14030Patch file available 31-Aug-2018
Voice and Unified Communications Devices
Cisco Emergency ResponderCSCvm140441151es (14-Sept-2018)
Standalone COP (21-Sept-2018)
Cisco FinesseCSCvk78905Patch file available 7-Sept-2018
Cisco Hosted Collaboration Solution for Contact CenterCSCvm14052
Cisco MediaSenseCSCvk78906
Cisco Unified Communications Manager IM & Presence Service (formerly CUPS)CSCvm140491151es and 1201es (14-Sept-2018)
Standalone COP (20-Sept-2018)
Cisco Unified Communications ManagerCSCvm140421151es and 1201es (14-Sept-2018)
Standalone COP (20-Sept-2018)
Cisco Unified Contact Center Enterprise - Live Data serverCSCvk78902Patch file available 7-Sept-2018
Cisco Unified Contact Center EnterpriseCSCvm13986
Cisco Unified Contact Center ExpressCSCvm21744
Cisco Unified Intelligence CenterCSCvm13984
Cisco Unified Intelligent Contact Management EnterpriseCSCvm13986
Cisco Unified SIP Proxy SoftwareCSCvm13980918es (28-Sept-2018)
Cisco Unified Survivable Remote Site Telephony ManagerCSCvm13979
Cisco Unity ConnectionCSCvm140431151es and 1201su (18-Sept-2018)
Standalone COP (21-Sept-2018)
Cisco Virtualized Voice BrowserCSCvm14056
Video, Streaming, TelePresence, and Transcoding Devices
Cisco Video Distribution Suite for Internet Streaming (VDS-IS)CSCvm140272.3.35 (15-Sept-2018)
Cisco Cloud Hosted Services
Cisco Network Performance AnalysisCSCvm14040


目前在网络中还没有出现针对这些设备的攻击。目前不受该漏洞影响的产品如下:

Cable Modems

  • Cisco 3G Femtocell Wireless

Network Application, Service, and Acceleration

  • Cisco Data Center Network Manager

Network and Content Security Devices

  • Cisco Secure Access Control System (ACS)

Network Management and Provisioning

  • Cisco MXE 3500 Series Media Experience Engines
  • Cisco Prime Access Registrar
  • Cisco Prime Central for Service Providers
  • Cisco Prime Collaboration Assurance
  • Cisco Prime Collaboration Provisioning
  • Cisco Prime Infrastructure
  • Cisco Prime LAN Management Solution - Solaris
  • Cisco Prime License Manager
  • Cisco Prime Network Registrar IP Address Manager (IPAM)
  • Cisco Prime Network
  • Cisco Prime Order Management
  • Cisco Prime Provisioning
  • Cisco Security Manager
  • Cisco Smart Net Total Care - Local Collector appliance

Routing and Switching - Enterprise and Service Provider

  • Cisco Broadband Access Center for Telco and Wireless

Voice and Unified Communications Devices

  • Cisco Enterprise Chat and Email
  • Cisco Hosted Collaboration Mediation Fulfillment
  • Cisco Unified Customer Voice Portal
  • Cisco Unified E-Mail Interaction Manager
  • Cisco Unified Web Interaction Manager
  • Cisco Unity Express

Video, Streaming, TelePresence, and Transcoding Devices

  • Cisco Enterprise Content Delivery System (ECDS)
  • Cisco Expressway Series
  • Cisco TelePresence Video Communication Server (VCS)

Cisco Cloud Hosted Services

  • Cisco Business Video Services Automation Software
  • Cisco Cloud Web Security
  • Cisco Deployment Automation Tool
  • Cisco Network Device Security Assessment Service
  • Cisco Services Provisioning Platform
  • Cisco Smart Net Total Care - Contracts Information System Process Controller
  • Cisco Smart Net Total Care
  • Cisco Unified Service Delivery Platform
  • Cisco Webex Meeting Center - Windows
  • Cisco Webex Meeting Center
  • Cisco Webex Network-ba sed Recording (NBR) Management
  • Cisco Webex Teams (formerly Cisco Spark)
  • Cloud and Managed Services Program (CMSP)


白帽汇会及时跟进该情况,后续可持续关注本链接。

修复建议

建议用户检查是否存在该漏洞,及时更新最新的固件版本,避免遭受到该漏洞的影响。

引用

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts

最新评论

昵称
邮箱
提交评论