˼¿ÆIOS XEÐéÄâЧÀÍÈÝÆ÷ÑÏÖØÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-29

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12643£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1962£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1964£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1963£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1965£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1966£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


CVE-2019-12643

Cisco 4000 Series Integrated Services Routers

Cisco ASR 1000 Series Aggregation Services Routers

Cisco Cloud Services Router 1000V Series

Cisco Integrated Services Virtual Router


¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾


Îó²î¸ÅÊö


˼¿ÆÐû²¼ÁËÆäIOS XE²Ù×÷ϵͳµÄ¸üУ¬£¬£¬£¬£¬ÒÔÐÞ²¹Ò»¸öÒªº¦Îó²î£¬£¬£¬£¬£¬¸ÃÎó²î¿ÉÄÜÔÊÐíÔ¶³Ì¹¥»÷ÕßÈƹýÔËÐйýʱ°æÐéÄâЧÀÍÈÝÆ÷µÄÉè±¹ØÁ¬ÄÉí·ÝÑéÖ¤¡£¡£¡£ ¡£¡£ÐéÄâЧÀÍÈÝÆ÷ÓÃÓÚÔÚ¸ôÀëÇéÐÎÖÐÔËÐÐÀú³Ì¡£¡£¡£ ¡£¡£ËüÃÇ×÷Ϊ¿ª·ÅÐéÄâÓ¦ÓóÌÐò£¨OVA£©°üÌṩ£¬£¬£¬£¬£¬¿ÉÒÔÔËÐÐÓÃÓÚÖÖÖÖÄ¿µÄµÄÓ¦ÓóÌÐò¡£¡£¡£ ¡£¡£ÖÎÀíÔ±¿ÉÒÔΪ»úеÅ䱸¹ÊÕÏɨ³ý¹¤¾ß£¬£¬£¬£¬£¬ÊµÏÖ³£¼ûÍøÂ繦Ч»òÆÊÎöºÍ¼à¿ØµÄ¹¤¾ß¡£¡£¡£ ¡£¡£³£¼ûµÄÓÃ;ÊÇÀ©Õ¹Ö÷»úÍøÂçµÄ¹¦Ð§¡£¡£¡£ ¡£¡£


ÈôÊÇͨ¹ý¼òÆÓµØÏòÄ¿µÄ×°±¸·¢ËͶñÒâHTTPÇëÇóÀ´Öª×ãÌض¨Ìõ¼þ£¬£¬£¬£¬£¬Ôò¿ÉÒÔ¾ÙÐÐʹÓᣡ£¡£ ¡£¡£ÈôÊÇÖÎÀíÔ±½øÈëREST API½Ó¿Ú£¬£¬£¬£¬£¬Ôò¹¥»÷Õß¿ÉÒÔ»ñµÃÆä¡°ÁîÅÆID¡±²¢Ê¹ÓÃÌáÉýµÄȨÏÞÔËÐÐÏÂÁî¡£¡£¡£ ¡£¡£


³ý´Ëת´ïÍ⣬£¬£¬£¬£¬¸Ã¹«Ë¾»¹Õë¶ÔÓ°ÏìͳһÅÌËãϵͳ£¨UCS£©½á¹¹»¥Á¬£¬£¬£¬£¬£¬FXOS£¬£¬£¬£¬£¬NX-OSºÍNexus 9000ϵÁйâÏ˽»Á÷»úµÄÆäËû¾ÅÆäÖи߼¶±ðÎÊÌâÐû²¼ÁËÇ徲ͨ¸æ¡£¡£¡£ ¡£¡£


ÔÚNX-OSÈí¼þÖз¢Ã÷ÁËËĸö¸ßÑÏÖØÐÔÎÊÌâ¡£¡£¡£ ¡£¡£Á½¸öÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õßʹװ±¸Í߽⣨CVE-2019-1962£©»òµ¼ÖÂÒâÍâÖØÆônetstackÀú³Ì£¨CVE-2019-19624£©¡£¡£¡£ ¡£¡£ÁíÍâÁ½¸öÔÊÐí¾­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÖØÐÂÆô¶¯SNMPÓ¦ÓóÌÐò£¨CVE-2019-1963£©»òͨ¹ý×èÖ¹ÔÚÖÕÖ¹Ô¶³ÌÅþÁ¬Ê±É¾³ýÐéÄâshell£¨VSH£©Àú³ÌÀ´ºÄ¾¡ÏµÍ³Äڴ棨CVE-2019-1965£©¡£¡£¡£ ¡£¡£


˼¿ÆµÄFabric InterconnectÖеĸßÑÏÖØÐÔÎÊÌâ±»¸ú×ÙΪCVE-2019-1966£¬£¬£¬£¬£¬²¢µ¼ÖÂÍâµØȨÏÞÉý¼¶µ½rootȨÏÞ¼¶±ð¡£¡£¡£ ¡£¡£¹¥»÷Õß¿ÉÒÔʹÓá°local-mgmtÉÏÏÂÎÄÖÐΪÌض¨CLIÏÂÁîÌṩµÄÎÞ¹Ø×ÓÏÂÁîÑ¡Ï¡£¡£¡£ ¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£ ¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bug-in-virtual-service-container-for-ios-xe/