˼¿ÆIOS XEÐé¹¹·þÎñÈÝÆ÷ÑϳÁ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-29

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12643£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º10£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1962£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1964£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1963£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1965£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.7£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1966£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


CVE-2019-12643

Cisco 4000 Series Integrated Services Routers

Cisco ASR 1000 Series Aggregation Services Routers

Cisco Cloud Services Router 1000V Series

Cisco Integrated Services Virtual Router


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


·ì϶¸ÅÊö


˼¿Æ°ä²¼ÁËÆäIOS XE²Ù×÷ϵͳµÄ¸üУ¬£¬£¬£¬£¬ÒÔ½¨²¹Ò»¸ö¹Ø¼ü·ì϶£¬£¬£¬£¬£¬¸Ã·ì϶¿ÉÄÜÔÊÐíÔ¶³Ì¹¥»÷ÕßÈƹýÔËÐйýÆÚ°æÐé¹¹·þÎñÈÝÆ÷µÄÉ豸ÉϵÄÉí·ÝÑéÖ¤¡£¡£¡£¡£¡£¡£¡£¡£Ðé¹¹·þÎñÈÝÆ÷ÓÃÓÚÔÚ¸ôÀë»·¾³ÖÐÔËÇ°¹ý³Ì¡£¡£¡£¡£¡£¡£¡£¡£ËüÃÇ×÷Ϊʢ¿ªÐé¹¹ÀûÓ÷¨Ê½£¨OVA£©°üÌṩ£¬£¬£¬£¬£¬Äܹ»ÔËÐÐÓÃÓÚ¸÷ÀàÖ÷ÕŵÄÀûÓ÷¨Ê½¡£¡£¡£¡£¡£¡£¡£¡£ÖÎÀíÔ±¿ÉÒÔΪ»úе½¨Éè¹ÊÕÏÅųý¹¤¾ß£¬£¬£¬£¬£¬ÊµÏÖ³£¼ûÍøÂçÖ°ÄÜ»ò·ÖÎöºÍ¼à¿ØµÄ¹¤¾ß¡£¡£¡£¡£¡£¡£¡£¡£³£¼ûµÄÓô¦ÊÇÀ©´óÖ÷»úÍøÂçµÄÖ°ÄÜ¡£¡£¡£¡£¡£¡£¡£¡£


ÈôÊÇͨ¹ýµ¥Ò»µØÏòÖ¸±êÉ豸·¢ËͶñÒâHTTPÒªÇóÀ´Âú×ãÌض¨Ç°Ìᣬ£¬£¬£¬£¬ÔòÄܹ»½øÐÐÀûÓᣡ£¡£¡£¡£¡£¡£¡£ÈôÊÇÖÎÀíÔ±½øÈëREST API½Ó¿Ú£¬£¬£¬£¬£¬Ôò¹¥»÷ÕßÄܹ»»ñµÃÆä¡°ÁîÅÆID¡±²¢Ê¹ÓÃÌáÉýµÄȨÏÞÔËÐкÅÁî¡£¡£¡£¡£¡£¡£¡£¡£


³ý´Ë´«µÝ±í£¬£¬£¬£¬£¬¸Ã¹«Ë¾»¹Õë¶ÔÓ°ÏìͳһÍÆËãϵͳ£¨UCS£©½á¹¹»¥Á¬£¬£¬£¬£¬£¬FXOS£¬£¬£¬£¬£¬NX-OSºÍNexus 9000ϵÁйâÏË»¥»»»úµÄÆäËû¾Å¸öÖи߼¶±ðÎÊÌâ°ä²¼ÁË°²È«²¼¸æ¡£¡£¡£¡£¡£¡£¡£¡£


ÔÚNX-OSÈí¼þÖз¢ÏÖÁËËĸö¸ßÑϳÁÐÔÎÊÌâ¡£¡£¡£¡£¡£¡£¡£¡£Á½¸öÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßʹÉ豸±ÀÀ££¨CVE-2019-1962£©»òµ¼ÖÂÒâ±í³ÁÆônetstack¹ý³Ì£¨CVE-2019-19624£©¡£¡£¡£¡£¡£¡£¡£¡£Áí±íÁ½¸öÔÊÐí¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß³ÁÐÂÆô¶¯SNMPÀûÓ÷¨Ê½£¨CVE-2019-1963£©»òͨ¹ý×èÖ¹ÔÚÖÕÖ¹Ô¶³ÌÏνÓʱɾ³ýÐé¹¹shell£¨VSH£©¹ý³ÌÀ´ºÄ¾¡ÏµÍ³Äڴ棨CVE-2019-1965£©¡£¡£¡£¡£¡£¡£¡£¡£


˼¿ÆµÄFabric InterconnectÖеĸßÑϳÁÐÔÎÊÌâ±»¸ú×ÙΪCVE-2019-1966£¬£¬£¬£¬£¬²¢µ¼Ö±¾µØȨÏÞÉý¼¶µ½rootȨÏÞ¼¶±ð¡£¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÄܹ»ÀûÓá°local-mgmt¸ßµÍÎÄÖÐΪÌض¨CLIºÅÁîÌṩµÄÎÞ¹Ø×ÓºÅÁîÑ¡Ï¡£¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-fsip-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-ipv6-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-fxnxos-snmp-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-memleak-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-ucs-privescalation


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-bug-in-virtual-service-container-for-ios-xe/