Cisco製品の脆弱性について

2023-08-18 2023-08-18

esune

2023年8月16日、2023年8月17日にかけてCisco製品での脆弱性情報が公開されております。
該当される場合は対応についてご検討ください。
リスクが高いとされているのは以下の通りです。

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability (High, CVE-2023-20224)
Cisco Duo Device Health Application for Windows Arbitrary File Write Vulnerability (High, CVE-2023-20229)
Cisco Unified Communications Manager SQL Injection Vulnerability (High, CVE-2023-20211)
ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability (High, CVE-2023-20197)
ClamAV AutoIt Module Denial of Service Vulnerability (High, CVE-2023-20212)

リスクが中程度とされるのは下記の通りです。

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability (Medium, CVE-2023-20217)
Cisco Integrated Management Controller Cross-Site Scripting Vulnerability (Medium, CVE-2023-20228)
Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability (Medium, CVE-2017-6679)
Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability (Medium, CVE-2023-20232)
Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability (Medium, CVE-2023-20222)
Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerabilities (Medium, CVE-2023-20201, CVE-2023-20203)
Cisco Intersight Private Virtual Appliance Command Injection Vulnerabilities (Medium, CVE-2023-20013, CVE-2023-20017)
Cisco Identity Services Engine Device Credential Information Disclosure Vulnerability (Medium, CVE-2023-20111)
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability (Medium, CVE-2023-20221)
Cisco Intersight Virtual Appliance Unauthenticated Port Forwarding Vulnerability (Medium, CVE-2023-20237)
Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability (Medium, CVE-2023-20209)
Cisco Unified Communications Products Cross-Site Scripting Vulnerability (Medium, CVE-2023-20242)