˼¿ÆIOS XEÐé¹¹·þÎñÈÝÆ÷ÑϳÁ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-29

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12643£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1962£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1964£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1963£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1965£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1966£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


CVE-2019-12643

Cisco 4000 Series Integrated Services Routers

Cisco ASR 1000 Series Aggregation Services Routers

Cisco Cloud Services Router 1000V Series

Cisco Integrated Services Virtual Router


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


·ì϶¸ÅÊö


˼¿Æ°ä²¼ÁËÆäIOS XE²Ù×÷ϵͳµÄ¸üУ¬ÒÔ½¨²¹Ò»¸ö¹Ø¼ü·ì϶£¬¸Ã·ì϶¿ÉÄÜÔÊÐíÔ¶³Ì¹¥»÷ÕßÈƹýÔËÐйýÆÚ°æÐé¹¹·þÎñÈÝÆ÷µÄÉ豸ÉϵÄÉí·ÝÑéÖ¤¡£Ðé¹¹·þÎñÈÝÆ÷ÓÃÓÚÔÚ¸ôÀë»·¾³ÖÐÔËÇ°¹ý³Ì¡£ËüÃÇ×÷Ϊʢ¿ªÐé¹¹ÀûÓ÷¨Ê½£¨OVA£©°üÌṩ£¬Äܹ»ÔËÐÐÓÃÓÚ¸÷ÀàÖ÷ÕŵÄÀûÓ÷¨Ê½¡£ÖÎÀíÔ±¿ÉÒÔΪ»úе½¨Éè¹ÊÕÏÅųý¹¤¾ß£¬ÊµÏÖ³£¼ûÍøÂçÖ°ÄÜ»ò·ÖÎöºÍ¼à¿ØµÄ¹¤¾ß¡£³£¼ûµÄÓô¦ÊÇÀ©´óÖ÷»úÍøÂçµÄÖ°ÄÜ¡£


ÈôÊÇͨ¹ýµ¥Ò»µØÏòÖ¸±êÉ豸·¢ËͶñÒâHTTPÒªÇóÀ´Âú×ãÌض¨Ç°ÌᣬÔòÄܹ»½øÐÐÀûÓá£ÈôÊÇÖÎÀíÔ±½øÈëREST API½Ó¿Ú£¬Ôò¹¥»÷ÕßÄܹ»»ñµÃÆä¡°ÁîÅÆID¡±²¢Ê¹ÓÃÌáÉýµÄȨÏÞÔËÐкÅÁî¡£


³ý´Ë´«µÝ±í£¬¸Ã¹«Ë¾»¹Õë¶ÔÓ°ÏìͳһÍÆËãϵͳ£¨UCS£©½á¹¹»¥Á¬£¬FXOS£¬NX-OSºÍNexus 9000ϵÁйâÏË»¥»»»úµÄÆäËû¾Å¸öÖи߼¶±ðÎÊÌâ°ä²¼ÁË°²È«²¼¸æ¡£


ÔÚNX-OSÈí¼þÖз¢ÏÖÁËËĸö¸ßÑϳÁÐÔÎÊÌâ¡£Á½¸öÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßʹÉ豸±ÀÀ££¨CVE-2019-1962£©»òµ¼ÖÂÒâ±í³ÁÆônetstack¹ý³Ì£¨CVE-2019-19624£©¡£Áí±íÁ½¸öÔÊÐí¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß³ÁÐÂÆô¶¯SNMPÀûÓ÷¨Ê½£¨CVE-2019-1963£©»òͨ¹ý×èÖ¹ÔÚÖÕÖ¹Ô¶³ÌÏνÓʱɾ³ýÐé¹¹shell£¨VSH£©¹ý³ÌÀ´ºÄ¾¡ÏµÍ³Äڴ棨CVE-2019-1965£©¡£


˼¿ÆµÄFabric InterconnectÖеĸßÑϳÁÐÔÎÊÌâ±»¸ú×ÙΪCVE-2019-1966£¬²¢µ¼Ö±¾µØȨÏÞÉý¼¶µ½rootȨÏÞ¼¶±ð¡£¹¥»÷ÕßÄܹ»ÀûÓá°local-mgmt¸ßµÍÎÄÖÐΪÌض¨CLIºÅÁîÌṩµÄÎÞ¹Ø×ÓºÅÁîÑ¡Ï¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£º


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bug-in-virtual-service-container-for-ios-xe/