安全研究
安全漏洞
Cisco IOS XR Software访问控制错误漏洞(CVE-2024-20343)
发布日期:2024-09-11
更新日期:2024-11-14
受影响系统:
Cisco IOS XR Software 7.9.21描述:
Cisco IOS XR Software 7.9.2
Cisco IOS XR Software 7.9.1
Cisco IOS XR Software 7.8.22
Cisco IOS XR Software 7.8.2
Cisco IOS XR Software 7.8.12
Cisco IOS XR Software 7.8.1
Cisco IOS XR Software 7.7.21
Cisco IOS XR Software 7.7.2
Cisco IOS XR Software 7.7.1
Cisco IOS XR Software 7.6.2
Cisco IOS XR Software 7.6.15
Cisco IOS XR Software 7.6.1
Cisco IOS XR Software 7.5.52
Cisco IOS XR Software 7.5.5
Cisco IOS XR Software 7.5.4
Cisco IOS XR Software 7.5.3
Cisco IOS XR Software 7.5.2
Cisco IOS XR Software 7.5.12
Cisco IOS XR Software 7.5.1
Cisco IOS XR Software 7.4.2
Cisco IOS XR Software 7.4.16
Cisco IOS XR Software 7.4.15
Cisco IOS XR Software 7.4.1
Cisco IOS XR Software 7.3.6
Cisco IOS XR Software 7.3.5
Cisco IOS XR Software 7.3.4
Cisco IOS XR Software 7.3.3
Cisco IOS XR Software 7.3.27
Cisco IOS XR Software 7.3.2
Cisco IOS XR Software 7.3.16
Cisco IOS XR Software 7.3.15
Cisco IOS XR Software 7.3.1
Cisco IOS XR Software 7.2.2
Cisco IOS XR Software 7.2.12
Cisco IOS XR Software 7.2.1
Cisco IOS XR Software 7.2.0
Cisco IOS XR Software 7.11.2
Cisco IOS XR Software 7.11.1
Cisco IOS XR Software 7.10.2
Cisco IOS XR Software 7.10.1
Cisco IOS XR Software 7.1.3
Cisco IOS XR Software 7.1.2
Cisco IOS XR Software 7.1.15
Cisco IOS XR Software 7.1.1
Cisco IOS XR Software 7.0.90
Cisco IOS XR Software 7.0.2
Cisco IOS XR Software 7.0.14
Cisco IOS XR Software 7.0.12
Cisco IOS XR Software 7.0.11
Cisco IOS XR Software 7.0.1
Cisco IOS XR Software 7.0.0
Cisco IOS XR Software 6.6.4
Cisco IOS XR Software 6.6.3
Cisco IOS XR Software 6.6.25
Cisco IOS XR Software 6.6.2
Cisco IOS XR Software 6.6.12
Cisco IOS XR Software 6.6.11
Cisco IOS XR Software 6.6.1
Cisco IOS XR Software 6.5.93
Cisco IOS XR Software 6.5.92
Cisco IOS XR Software 6.5.3
Cisco IOS XR Software 6.5.2
Cisco IOS XR Software 6.5.15
Cisco IOS XR Software 6.5.1
Cisco IOS XR Software 24.1.1
CVE(CAN) ID: CVE-2024-20343
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。
Cisco IOS XR Software多个版本的CLI存在访问控制错误漏洞,该漏洞源于程序未正确验证发送到CLI命令的参数,攻击者可利用该漏洞读取文件系统上的任意文件。
<*链接:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellut
*>
建议:
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-shellutil-HCb278wD
浏览次数:152
严重程度:0(网友投票)
绿盟科技给您安全的保障