˼¿Æ½¨¸´¶à¿îÈí¼þ¸ßΣ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-06-06

·ì϶±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-1861 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º7.2

CVE±àºÅ£ºCVE-2019-1845 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º8.6



ÊÜÓ°ÏìµÄ°æ±¾



CVE-2019-1861


Cisco Industrial Network Director software releases prior to 1.6.0


CVE-2019-1845


Expressway Series configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
TelePresence VCS configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)

Unified Communications Manager IM&P Service (multiple releases)



·ì϶¸ÅÊö



˼¿Æ½¨¸´ÁËÈçÏÂÁ½¸ö¸ßΣ·ì϶£º


CVE-2019-1861


Cisco Industrial Network DirectorÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»Ì×¹¤Òµ×Ô¶¯»¯ÖÎÀíϵͳ ¡£¸Ãϵͳͨ¹ý¶Ô¹¤ÒµÒÔÌ«Íø»ù´¡ÉèÊ©µÄ¿ÉÊÓ»¯²Ù×÷À´ÊµÏÖ×Ô¶¯»¯ÖÎÀí ¡£


Cisco Industrial Network DirectorÈí¼þ¸üÐÂÖ°ÄÜÖеķì϶¿ÉÄÜÔÊÐí¾­¹ýÉí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÖ´ÐÐËÁÒâ´úÂë ¡£¸Ã·ì϶ÊÇÓÉÓÚ¶ÔÉÏÔص½ÊÜÓ°ÏìµÄÀûÓ÷¨Ê½µÄÎļþ½øÐÐÁ˲»ÕýÈ·µÄÑéÖ¤ ¡£ ¹¥»÷ÕßÄܹ»Í¨¹ýʹÓÃÖÎÀíԱȨÏÞÑéÖ¤ÊÜÓ°ÏìµÄϵͳ²¢ÉÏÔØËÁÒâÎļþÀ´ÀûÓô˷ì϶ ¡£³É¹¦ÀûÓÿÉÄÜÔÊÐí¹¥»÷ÕßʹÓÃÌáÉýµÄȨÏÞÖ´ÐÐËÁÒâ´úÂë ¡£


CVE-2019-1845


Cisco Unified Communications Manager IM & Presence Service£¨CUCM IM&P£©ºÍTelePresence Video Communication Server (VCS) and Expressway¶¼ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄ²úÆ· ¡£Cisco Unified Communications Manager IM and Presence Service£¨CUCM IM&P£©ÊÇÒ»¸öʹÓÃÔÚºô½Ð´¦ÖÃ×é¼þÖеĻùÓÚCUCMµÄ¼´Ê±ÐÂÎÅ£¨IM£©ºÍ״̬ÏÔʾƽ̨ ¡£TelePresence Video Communication Server£¨VCS£©and ExpresswayÊÇÒ»¿îÍøÕæÊÓƵͨÕÛ·þÎñÆ÷ ¡£


Cisco Unified Communications Manager IM & Presence Service£¨CUCM IM&P£©ºÍTelePresence Video Communication Server (VCS) and ExpresswayϵÁеÄÉí·ÝÑéÖ¤·þÎñÖеķì϶¿ÉÄÜÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õßµ¼Ö³¢ÊÔÓû§µÄ·þÎñÖжϽøÐÐÉí·ÝÑéÖ¤ £¬µ¼Ö»ؾø·þÎñ£¨DoS£©Ç°Ìá ¡£¸Ã·ì϶ÊÇÓÉÓÚ¶ÔÌض¨ÄÚ´æ²Ù×÷µÄ½ÚÔì²»¼°Ôì³ÉµÄ ¡£¹¥»÷ÕßÄܹ»Í¨¹ýÏòÊÜÓ°ÏìµÄϵͳ·¢ËÍÌåʽÃýÎóµÄ¿ÉÀ©´óÐÂÎźÍ״̬ºÍ̸£¨XMPP£©Éí·ÝÑéÖ¤ÒªÇóÀ´ÀûÓô˷ì϶ ¡£³É¹¦ÀûÓÿÉÄÜÔÊÐí¹¥»÷ÕßÒâ±í³ÁÆôÉí·ÝÑéÖ¤·þÎñ £¬´Ó¶ø×èÖ¹Óû§³É¹¦½øÐÐÉí·ÝÑéÖ¤ ¡£ÀûÓô˷ì϶²»»áÓ°ÏìÔÚ¹¥»÷֮ǰ½øÐÐÉí·ÝÑéÖ¤µÄÓû§ ¡£



·ì϶ÑéÖ¤



ÔÝÎÞPOC/EXP ¡£



½¨¸´½¨Òé



Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬²¹¶¡»ñÈ¡Á´½Ó¼û²Î¿¼Á´½Ó ¡£



²Î¿¼Á´½Ó



https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ind-rce
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-cucm-imp-dos