发布日期：2020-07-02
更新日期：2020-07-03

受影响系统：

Cisco 550X Series Stackable Managed Switches
Cisco Small Business 500 Series Stackable Managed Switch
Cisco Small Business 300 Series Managed Switches
Cisco Small Business 220 Series Smart Switches
Cisco 250 Series Smart Switches
Cisco 350 Series Managed Switches
Cisco 350X Series Stackable Managed Switches

描述：

---

CVE(CAN) ID: CVE-2020-3297

Cisco 250 Series Smart Switch是思科的250系列小型智能交换机设备。Cisco 350 Series Managed Switch是思科350系列管理型交换机。Cisco 350X Series Stackable Managed Switch是思科350系列可堆叠管理型交换机。Cisco 550X Series Stackable Managed Switch是思科550X系列管理型交换机。Cisco 550X Series Stackable Managed Switch是思科550系列可堆叠管理型交换机。Cisco Small Business 200 Series Smart Switch是思科精睿200系列智能交换机。Cisco Small Business 300 Series Managed Switch是思科精睿300系列管理型交换机。Cisco Small Business 500 Series Stackable Managed Switch是思科精睿500系列可堆叠管理型智能交换机。
思科多款交换机产品的Web界面存在会话管理漏洞。未经验证的远程攻击者可利用该漏洞绕过认证保护，获得被劫持的会话账户权限，访问产品的管理界面。

<*链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-sbswitch-session-JZAS5jnY）以及相应补丁:
cisco-sa-sbswitch-session-JZAS5jnY：Cisco Small Business Smart and Managed Switches Session Management Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS

浏览次数：1119
严重程度：0（网友投票）