TR-20-649 (Cisco Güvenlik Güncellemesi Yayınladı)
Genel Bilgi
Cisco, Cisco ürünlerinde bulunan Hizmet Reddi, Komut Enjeksiyonu, Uzak Kod Çalıştırma, ACE ve Yetki Yükseltme zafiyetlerine yönelik güvenlik güncellemesi yayınladı.
Etki
Kritik önem düzeyindeki mevcut güvenlik açıklıkları nedeniyle etkilenen sistemlerin siber saldırganlar tarafından kontrol altına alınması ihtimal dâhilindedir. Mevcut güncelleme ile kapatılan zafiyetlerin CVE kodları şu şekildedir CVE-2020-3517, CVE-2019-1896, CVE-2020-3454, CVE-2020-3504, CVE-2020-3397, CVE-2020-3398, CVE-2020-3338, CVE-2020-3415 ve CVE-2020-3394 .
Çözüm
Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine yüksek önem derecesindeki zafiyet için Cisco tarafından yayınlanan güvenlik öneri sayfasını incelemelerini ve ilgili güvenlik tedbirlerini almalarını tavsiye etmektedir.
Kaynaklar
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Integrated%20Management%20Controller%20CSR%20Generation%20Command%20Injection%20Vulnerability&vs_k=1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1896
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-callhome-cmdinj-zkxzSCY?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Call%20Home%20Command%20Injection%20Vulnerability&vs_k=1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-callhome-cmdinj-zkxzSCY
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20UCS%20Manager%20Software%20Local%20Management%20CLI%20Denial%20of%20Service%20Vulnerability&vs_k=1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-cli-dos-GQUxCnTe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Multicast%20VPN%20Denial%20of%20Service%20Vulnerability&vs_k=1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-nlri-dos-458rG2OQ
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxosbgp-mvpn-dos-K8kbCrJp?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20NX-OS%20Software%20Border%20Gateway%20Protocol%20Multicast%20VPN%20Session%20Denial%20of%20Service%20Vulnerability&vs_k=1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-cfs-dos-dAmnymbd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20FXOS%20and%20NX-OS%20Software%20Cisco%20Fabric%20Services%20Denial%20of%20Service%20Vulnerability&vs_k=1
2020-08-27