Genel Bilgi
Farklı Cisco ürünlerinde; Bilgi İfşası, Siteler arası komut dosyası çalıştırma, XSS, SQL Enjeksiyonu ve Kod Enjeksiyonu gibi zafiyetler bulunmaktadır.
Etki
Mevcut güvenlik açıklıkları nedeniyle siber saldırganların bu zafiyeti kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Mevcut zafiyetlerin CVE kodları şu şekildedir:
CVE-2021-1235, CVE-2021-1280, CVE-2021-1271, CVE-2021-1349, CVE-2021-1225, CVE-2021-1259, CVE-2021-1350, CVE-2021-1233, CVE-2021-1241, CVE-2021-1273, CVE-2021-1274, CVE-2021-1278, CVE-2021-1279, CVE-2021-1260, CVE-2021-1261, CVE-2021-1262, CVE-2021-1263, CVE-2021-1298, CVE-2021-1299, CVE-2021-1300, CVE-2021-1301, CVE-2021-1302, CVE-2021-1304, CVE-2021-1305, CVE-2021-1282, CVE-2021-1355, CVE-2021-1357, CVE-2021-1364, CVE-2021-1312, CVE-2021-1129, CVE-2021-1265, CVE-2021-1303, CVE-2021-1257, CVE-2021-1264, CVE-2021-1249, CVE-2021-1250, CVE-2021-1253, CVE-2021-1286, CVE-2021-1272, CVE-2021-1247, CVE-2021-1248, CVE-2021-1283, CVE-2021-1276, CVE-2021-1277, CVE-2020-1276, CVE-2021-1269, CVE-2021-1270, CVE-2021-1133, CVE-2021-1135, CVE-2021-1255, CVE-2021-1218, CVE-2021-1222, CVE-2021-1219, CVE-2021-1138, CVE-2021-1139, CVE-2021-1140, CVE-2021-1141, CVE-2021-1142, CVE-2021-1353 ve CVE-2020-3482
Çözüm
Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Cisco firmasının güvenlik bültenlerini takip etmelerini, güvenlik zafiyetleriyle alakalı yayınlanan güncellemeleri ivedilikle indirmelerini önermektedir.
Kaynaklar
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5
2021-01-22