Cisco informuje o nowych podatnościach

utworzone przez | sty 12, 2023 | Aktualizacje

W dniach 11-12 stycznia 2023 r. firma Cisco opublikowała alerty bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje następujących elementów::

  • Cisco BroadWorks Application Delivery Platform Device Management – wersja 22.0
  • Cisco BroadWorks Xtended Services Platform – wersje 22.0 I 23.0
  • Cisco Industrial Network Director – wersja 1
  • IP Phone 7800 i 8800 Serie– wersje przed 14.1(1)SR2
  • Wireless IP Phone 8821 – wersje przed 11.0(6)SR4
  • RV016 Multi-WAN VPN Routers
  • RV042 Dual WAN VPN Routers
  • RV042G Dual Gigabit WAN VPN Routers
  • RV082 Dual WAN VPN Routers
Opis/LinkKrytycznośćCVSSCVE Numer
Cisco Prime Data Center Network Manager File Information Disclosure VulnerabilityWysoka7.8/10CVE-2015-0666
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service VulnerabilityŚrednia4.7/10CVE-2023-20007
Cisco Small Business RV016, RV042, RV042G, and RV082 Routers VulnerabilitiesKrytyczna9.0/10CVE-2023-20025 CVE-2023-20026
Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass VulnerabilityWysoka8.6/10CVE-2023-20018
Cisco Industrial Network Director VulnerabilitiesWysoka8.8/10CVE-2023-20037 CVE-2023-20038
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service VulnerabilityWysoka8.6/10CVE-2023-20020
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution VulnerabilityŚrednia4.9/10CVE-2023-20045
Cisco TelePresence Collaboration Endpoint and RoomOS Software VulnerabilitiesŚrednia4.4/10CVE-2023-20002 CVE-2023-20008
Cisco Network Services Orchestrator Path Traversal VulnerabilityŚrednia5.5/10CVE-2023-20040
Cisco Webex Room Phone and Cisco Webex Share Link Layer Discovery Protocol Memory Leak VulnerabilityŚrednia6.5/10CVE-2023-20047
Cisco CX Cloud Agent Privilege Escalation VulnerabilitiesŚrednia6.7/10CVE-2023-20043 CVE-2023-20044
Cisco Unified Intelligence Center Reflected Cross-Site Scripting VulnerabilityŚrednia6.1/10CVE-2023-20058
Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting VulnerabilityŚrednia6.1/10CVE-2023-20019