28.09.2017 TR-17-126 (Cisco Güvenlik Güncellemeleri Yayınladı)
TR-17-126 (Cisco Güvenlik Güncellemeleri Yayınladı)
Genel Bilgi
Cisco, birden fazla ürününü etkileyebilecek olan ve kritik önemde zafiyetleri de içeren güvenlik güncellemeleri yayınladı.
Etki
Mevcut güvenlik açıklığı nedeniyle sistemlerin siber saldırganlar tarafından kontrol altına alınması ihtimal dâhilindedir.
Çözüm
Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine mevcut zafiyet hakkında Cisco Güvenlik önerilerini incelemelerini ve gerekli güncellemeleri yapmalarını tavsiye etmektedir:
- IOS and IOS XE Software DHCP Remote Code Execution Zafiyeti cisco-sa-20170927-dhcp
- IOS XE Software Web UI Privilege Escalation Zafiyeti cisco-sa-20170927-privesc
- IOS XE Software Web UI REST API Authentication Bypass Zafiyeti cisco-sa-20170927-restapi
- IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Zafiyeti cisco-sa-20170927-cc
- IOS Software Common Industrial Protocol Request Denial-of-Service Zafiyetleri cisco-sa-20170927-cip
- IOS and IOS XE Software Internet Key Exchange Denial-of-Service Zafiyeti cisco-sa-20170927-ike
- IOS XE Wireless Controller Manager Denial-of-Service Zafiyeti cisco-sa-20170927-ios-xe
- IOS XE Software Locator/ID Separation Protocol Authentication Bypass Zafiyeti cisco-sa-20170927-lisp
- IOS Software Network Address Translation Denial-of-Service Zafiyeti cisco-sa-20170927-nat
- IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Zafiyeti cisco-sa-20170927-ngwc
- IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Zafiyeti cisco-sa-20170927-pnp
- IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Zafiyeti cisco-sa-20170927-profinet
- IOS Software for Cisco Integrated Services Routers Generation 2 Denial-of-Service Zafiyeti cisco-sa-20170927-rbip-dos
- IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Zafiyeti cisco-sa-20170927-vpls
Kaynaklar
https://www.us-cert.gov/ncas/current-activity/2017/09/27/Cisco-Releases-Security-Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls
2017-09-28