首页 -> 安全研究

安全研究

安全漏洞
思科Nexus 9000系列Fabric交换机本地权限提升漏洞(CVE-2019-1803)

发布日期:2019-06-10
更新日期:2019-06-10

受影响系统:
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(5)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(5)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(4)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(4)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(3)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(3)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(2)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(2)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(1)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I7(1)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I6(2)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I6(2)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I6(1)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I6(1)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I4(9)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I4(9)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I4(8)
Cisco Cisco Nexus 9000 Series Switches 7.0(3)I4(8)
Cisco Cisco Nexus 9000 Series Switches 6.2(8)IA(0.2)
Cisco Cisco Nexus 9000 Series Switches 6.2(8)IA(0.2)
Cisco Cisco Nexus 9000 Series Switches 4.2(0.33c)
Cisco Cisco Nexus 9000 Series Switches 4.2(0.33c)
Cisco Cisco Nexus 9000 Series Switches 4.2(0.21c)
Cisco Cisco Nexus 9000 Series Switches 4.2(0.21c)
Cisco Cisco Nexus 9000 Series Switches 4.1(1i)
Cisco Cisco Nexus 9000 Series Switches 4.1(1i)
Cisco Cisco Nexus 9000 Series Switches 14.0(3d)
Cisco Cisco Nexus 9000 Series Switches 14.0(3d)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.89)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.89)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.88)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.88)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.58)
Cisco Cisco Nexus 9000 Series Switches 14.0(0.58)
Cisco Cisco Nexus 9000 Series Switches 13.2(2l)
Cisco Cisco Nexus 9000 Series Switches 13.2(2l)
Cisco Cisco Nexus 9000 Series Switches 13.2(2a)
Cisco Cisco Nexus 9000 Series Switches 13.2(2a)
Cisco Cisco Nexus 9000 Series Switches 13.2(2.149)
Cisco Cisco Nexus 9000 Series Switches 13.2(2.149)
Cisco Cisco Nexus 9000 Series Switches 13.2(1l)
Cisco Cisco Nexus 9000 Series Switches 13.2(1l)
Cisco Cisco Nexus 9000 Series Switches 13.2(1c)
Cisco Cisco Nexus 9000 Series Switches 13.2(1c)
Cisco Cisco Nexus 9000 Series Switches 13.2(1b)
Cisco Cisco Nexus 9000 Series Switches 13.2(1b)
Cisco Cisco Nexus 9000 Series Switches 13.2(1.143)
Cisco Cisco Nexus 9000 Series Switches 13.2(1.143)
Cisco Cisco Nexus 9000 Series Switches 13.2(0.3)
Cisco Cisco Nexus 9000 Series Switches 13.2(0.3)
Cisco Cisco Nexus 9000 Series Switches 12.3(1e)
Cisco Cisco Nexus 9000 Series Switches 12.3(1e)
不受影响系统:
Cisco Cisco Nexus 9000 Series Switches 14.1(1i)
描述:
BUGTRAQ  ID: 108136
CVE(CAN) ID: CVE-2019-1803

思科自适应安全设备(ASA) 软件是为Cisco ASA 系列提供强大功能的核心操作系统。
运行思科自适应安全设备(ASA)软件的思科自适应安全虚拟设备(ASAv)和Firepower 2100系列的软件加密模块中的漏洞可能允许未经身份验证的远程攻击者导致设备意外重新加载,从而导致拒绝服务(DoS)条件。该漏洞是由软件加密模块处理IPsec会话的逻辑错误引起的。攻击者可以通过目标设备在大量IPsec会话中创建和发送流量来利用此漏洞。成功利用可能导致设备重新加载并导致DoS条件。

<*来源:Cisco
  
  链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-do
*>

建议:
厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20190501-asa-ipsec-dos)以及相应补丁:
cisco-sa-20190501-asa-ipsec-dos:Cisco Adaptive Security Appliance Software IPsec Denial of Service Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ipsec-do

补丁下载:

浏览次数:945
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障