TR-21-0058 (Cisco Ürünlerinde Bulunan Zafiyetler)

Genel Bilgi

Farklı Cisco ürünlerinde; Bilgi İfşası, Siteler arası komut dosyası çalıştırma, XSS, SQL Enjeksiyonu ve Kod Enjeksiyonu gibi zafiyetler bulunmaktadır.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların bu zafiyeti kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir. Mevcut zafiyetlerin CVE kodları şu şekildedir:

CVE-2021-1235, CVE-2021-1280, CVE-2021-1271, CVE-2021-1349, CVE-2021-1225, CVE-2021-1259, CVE-2021-1350, CVE-2021-1233, CVE-2021-1241, CVE-2021-1273, CVE-2021-1274, CVE-2021-1278, CVE-2021-1279, CVE-2021-1260, CVE-2021-1261, CVE-2021-1262, CVE-2021-1263, CVE-2021-1298, CVE-2021-1299, CVE-2021-1300, CVE-2021-1301, CVE-2021-1302, CVE-2021-1304, CVE-2021-1305, CVE-2021-1282, CVE-2021-1355, CVE-2021-1357, CVE-2021-1364, CVE-2021-1312, CVE-2021-1129, CVE-2021-1265, CVE-2021-1303, CVE-2021-1257, CVE-2021-1264, CVE-2021-1249, CVE-2021-1250, CVE-2021-1253, CVE-2021-1286, CVE-2021-1272, CVE-2021-1247, CVE-2021-1248, CVE-2021-1283, CVE-2021-1276, CVE-2021-1277, CVE-2020-1276, CVE-2021-1269, CVE-2021-1270, CVE-2021-1133, CVE-2021-1135, CVE-2021-1255, CVE-2021-1218, CVE-2021-1222, CVE-2021-1219, CVE-2021-1138, CVE-2021-1139, CVE-2021-1140, CVE-2021-1141, CVE-2021-1142, CVE-2021-1353 ve CVE-2020-3482

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Cisco firmasının güvenlik bültenlerini takip etmelerini, güvenlik zafiyetleriyle alakalı yayınlanan güncellemeleri ivedilikle indirmelerini önermektedir.

Kaynaklar

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV?vs_f=Cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-imm-dll-5PAZ3hRV

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL?vs_f=Cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-RuB5WGqL

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-72EhnUc?vs_f=Cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-72EhnUc

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5?vs_f=Cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-sqlinjm-xV8dsjq5

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-pathtrav-Z5mCVsjf?vs_f=Cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vinfdis-MC8L58dj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20vManage%20Information%20Disclosure%20Vulnerability&vs_k=1

2021-01-22