TR-21-0300 (Cisco Güvenlik Zafiyeti)

Genel Bilgi

Bazı Cisco ürünlerinde Uzaktan Kod Çalıştırma, Bilgi İfşası ve XSS zafiyeti tespit edilmiştir.

Etki

Mevcut güvenlik açıklıkları nedeniyle uzak saldırganın kod çalıştırması ve sistemi kontrol altına alması ihtimal dahilindedir.

CVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409, CVE-2021-1399, CVE-2021-1362, CVE-2021-1406, CVE-2021-1463, CVE-2021-1137, CVE-2021-1251, CVE-2021-1308, CVE-2021-1309, CVE-2021-1386, CVE-2021-1413, CVE-2021-1414, CVE-2021-1415, CVE-2021-1420, CVE-2021-1459, CVE-2021-1467, CVE-2021-1472, CVE-2021-1473, CVE-2021-1474, CVE-2021-1475, CVE-2021-1479, CVE-2021-1480 ve CVE-2021-1485

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Cisco firmasının yayınladığı güncellemeyi indirmelerini tavsiye etmektedir.

Kaynaklar

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Self%20Care%20Portal%20Authorization%20Bypass%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Remote%20Code%20Execution%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Manager%20Information%20Disclosure%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

https://www.cybersecurity-help.cz/vdb/SB2021040721

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Cross-Site%20Scripting%20Vulnerabilities&vs_k=1

2021-04-08