Vulnerabilità Prodotti Cisco

04/10/2018

Cisco Vulnerabilità

Cisco nella giornata di ieri 3 Ottobre 2018 ha rilasciato diversi aggiornamenti di sicurezza che vanno a risolvere vulnerabilità multiple presenti in diversi loro prodotti.

In particolare gli aggiornamenti di sicurezza rilasciati vanno a risolvere 3 vulnerabilità di livello critico, 7 di livello alto e 26 di livello medio.

I dettagli sulle vulnerabilità, sui prodotti interessati e le contromisure da intraprendere sono riportati nei bollettini di sicurezza di seguito riportati:

Impatto

Vulnerabilità

CVE

Critico

Cisco
Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability

CVE-2018-15379

Critico

Cisco
Digital Network Architecture Center Unauthenticated Access Vulnerability

CVE-2018-15386

Critico

Cisco
Digital Network Architecture Center Authentication Bypass Vulnerability

CVE-2018-0448

Alto

Cisco
Webex Network Recording Player and Cisco Webex Player Remote Code Execution
Vulnerabilities

CVE-2018-15408
CVE-2018-15409
CVE-2018-15410

Alto

Cisco
SD-WAN Solution Certificate Validation Bypass Vulnerability

CVE-2018-15387

Alto

Cisco
HyperFlex Software Static Signing Key Vulnerability

CVE-2018-15382

Alto

Cisco
Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability

CVE-2018-15390

Alto

Cisco
Firepower System Software Detection Engine Denial of Service Vulnerability

CVE-2018-0455

Alto

Cisco
Prime Collaboration Provisioning Intermittent Hard-Coded Password
Vulnerability

CVE-2018-15389

Alto

Cisco
Adaptive Security Appliance Direct Memory Access Denial of Service
Vulnerability

CVE-2018-15383

Medio

Cisco
Remote PHY IPv4 Fragment Denial of Service Vulnerability

CVE-2018-15391

Medio

Cisco
Webex Centers Cross-Site Scripting Vulnerability

CVE-2018-15436

Medio

Cisco
Unity Connection File Upload Denial of Service Vulnerability

CVE-2018-15396

Medio

Cisco
Unified IP Phone 7900 Series Cross-Site Scripting Vulnerability

CVE-2018-15434

Medio

Cisco UCS
Director Stored Cross-Site Scripting Vulnerability

CVE-2018-15406

Medio

Cisco
Unity Connection Stored Cross-Site Scripting Vulnerability

CVE-2018-15426

Medio

Cisco
Prime Infrastructure Information Disclosure Vulnerability

CVE-2018-15433

Medio

Cisco
Prime Infrastructure Information Disclosure Vulnerability

CVE-2018-15432

Medio

Multiple
Vulnerabilities in Cisco Identity Services Engine

CVE-2018-15424
CVE-2018-15425

Medio

Cisco IOS
XR Software Border Gateway Protocol Denial of Service Vulnerability

CVE-2018-15428

Medio

Cisco
Industrial Network Director DHCP Request Processing Denial of Service
Vulnerability

CVE-2018-15392

Medio

Cisco
Industrial Network Director Cross-Site Request Forgery Vulnerability

CVE-2018-0446

Medio

Cisco Integrated
Management Controller Supervisor and Cisco UCS Director Authenticated Web
Interface Information Disclosure Vulnerability

CVE-2018-15405

Medio

Cisco
Integrated Management Controller Supervisor and Cisco UCS Director System
Resources Denial of Service Vulnerability

CVE-2018-15404

Medio

Cisco
HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

CVE-2018-15429

Medio

Cisco
HyperFlex World-Readable Sensitive Information Vulnerability

CVE-2018-15407

Medio

Cisco
HyperFlex UI Clickjacking Vulnerability

CVE-2018-15423

Medio

Cisco
Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery
Vulnerability

CVE-2018-15401

Medio

Cisco
Firepower Management Center and Firepower System Software Sourcefire Tunnel
Control Channel Command Execution Vulnerability

CVE-2018-0453

Medio

Cisco
Expressway Series and Cisco TelePresence Video Communication Server Remote
Code Execution Vulnerability

CVE-2018-15430

Medio

Multiple
Cisco Unified Communications Products Open Redirect Vulnerability

CVE-2018-15403

Medio

Cisco
Cloud Services Platform 2100 Cross-Site Scripting Vulnerability

CVE-2018-15400

 

Cisco
Adaptive Security Appliance TCP Syslog Denial of Service Vulnerability

CVE-2018-15399

Medio

Cisco
Adaptive Security Appliance IPsec VPN Denial of Service Vulnerability

CVE-2018-15397

Medio

Cisco
Adaptive Security Appliance Access Control List Bypass Vulnerability

CVE-2018-15398

Medio

Cisco
Small Business 300 Series Managed Switches Cross-Site Scripting Vulnerability

CVE-2018-0465

Il CERT-PA raccomanda agli utenti e agli amministratori di sistema, che utilizzano apparati e versioni Cisco impattate, di consultare i bollettini di sicurezza provvedendo ad applicare le azioni di contrasto consigliate dal vendor.