Luka (CVE-2018-11776) w Apache Struts może umożliwić nieuwierzytelnionemu atakującemu zdalne wykonanie kodu w docelowym systemie.
W poniższej tabeli wymieniono produkty Cisco, których dotyczy luka:
| Product | Cisco Bug ID | Fixed Release Availability |
|---|---|---|
| Collaboration and Social Media | ||
| Cisco SocialMiner * | CSCvk78903 | Patch available 11-Sept-2018 |
| Endpoint Clients and Client Software | ||
| Cisco Prime Service Catalog * | CSCvm13989 | |
| Network and Content Security Devices | ||
| Cisco Identity Services Engine (ISE) | CSCvm14030 | Patch file available 31-Aug-2018 |
| Voice and Unified Communications Devices | ||
| Cisco Emergency Responder * | CSCvm14044 | 1151es (14-Sep-2018) Standalone COP (21-Sep-2018) |
| Cisco Finesse * | CSCvk78905 | Patch file available 7-Sept-2018. |
| Cisco Hosted Collaboration Solution for Contact Center * | CSCvm14052 | Patch file available 12-Sep-2018 |
| Cisco MediaSense * | CSCvk78906 | Patch file available 12-Sep-2018 |
| Cisco Unified Communications Manager * | CSCvm14042 | 1151es and 1201es (14-Sep-2018) Standalone COP (20-Sep-2018) |
| Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) * | CSCvm14049 | 1151es and 1201es (14-Sep-2018) Standalone COP (20-Sep-2018) |
| Cisco Unified Contact Center Enterprise * | CSCvm13986 | Patch file available 12-Sept-2018 |
| Cisco Unified Contact Center Enterprise – Live Data server * | CSCvk78902 | Patch file available 7-Sept-2018 |
| Cisco Unified Contact Center Express * | CSCvm21744 | Patch file available 12-Sep-2018 |
| Cisco Unified Intelligence Center * | CSCvm13984 | Patch file available 12-Sep-2018 |
| Cisco Unified Intelligent Contact Management Enterprise * | CSCvm13986 | Patch file available 12-Sept-2018 |
| Cisco Unified SIP Proxy Software * | CSCvm13980 | 918es (28-Sep-2018) |
| Cisco Unified Survivable Remote Site Telephony Manager * | CSCvm13979 | Patch file available 12-Sep-2018 |
| Cisco Unity Connection * | CSCvm14043 | 1151es and 1201su (18-Sep-2018) Standalone COP (21-Sep-2018) |
| Cisco Virtualized Voice Browser * | CSCvm14056 | Patch file available 12-Sep-2018 |
| Video, Streaming, TelePresence, and Transcoding Devices | ||
| Cisco Video Distribution Suite for Internet Streaming (VDS-IS) * | CSCvm14027 | 2.3.35 (15-Sept-2018) |
| Cisco Cloud Hosted Services | ||
| Cisco Network Performance Analysis | CSCvm14040 | |
Produkty oznaczone gwiazdką (*) zawierają zaatakowaną bibliotekę Struts, ale ze względu na sposób użycia biblioteki w produkcie, produkty te nie są narażone na żadne kierunki ataków znane Cisco w momencie publikacji.
Więcej informacji: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts#vulnerable
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny