Ciscoプロダクトに多数の脆弱性、アップデート推奨

United States Computer Emergency Readiness Team (US-CERT)は6月20日(米国時間)、「Cisco Releases Security Updates for Multiple Products｜US-CERT」において、Ciscoの複数のプロダクトに脆弱性が存在すると伝えた。これら脆弱性を悪用されると、遠隔から攻撃者によって影響を受けたシステムの制御権が乗っ取られる危険性があるとされており注意が必要。

Cisco Systemsが公開している脆弱性は次のとおり。

• Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability
• Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability
• Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability
• Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability
• Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability
• Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
• Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability
• Cisco NX-OS Software NX-API Privilege Escalation Vulnerability
• Cisco FXOS, NX-OS, and UCS Manager Software Cisco Discovery Protocol Denial of Service Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
• Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability
• Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability
• Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability
• Cisco Nexus 3000 and 9000 Series CLI and Simple Network Management Protocol Polling Denial of Service Vulnerability
• Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability
• Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability
• Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability
• Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance Path Traversal Vulnerability

• Cisco Releases Security Updates for Multiple Products｜United States Computer Emergency Readiness Team

National Cybersecurity and Communications Integration Center (NCCIC)は、ユーザーや管理者に対して上記のセキュリティ情報をチェックするとともに、必要に応じてアップデートを適用することを推奨している。