米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は4月14日(米国時間)、「Cisco Releases Security Updates for Multiple Products|CISA」において、シスコシステムズの複数の製品に複数の脆弱性が存在すると伝えた。これら脆弱性を悪用されると、攻撃者によって影響を受けたシステムの制御権が乗っ取られる危険性がある。
脆弱性に関する情報は次のページにまとまっている。
-
Security Advisories
2022年4月13日から14日にかけて発行されたセキュリティアドバイザリは次のとおり。
- Vulnerability in Spring Framework Affecting Cisco Products: March 2022
- Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
- Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
- Cisco SD-WAN Solution Improper Access Control Vulnerability
- Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
- Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
- Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
- Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
- Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
- Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
- Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability
- Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
- Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
- Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
- Cisco IOS XE Software Web UI API Injection Vulnerability
- Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
- Cisco SD-WAN vManage Software Information Disclosure Vulnerability
- Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
- Cisco IOS XE Software IPSec Denial of Service Vulnerability
- Cisco IOx Application Hosting Environment Vulnerabilities
- Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
- Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
- Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
脆弱性の一部は深刻度が緊急(Critical)に分類されており注意が必要。CISAは、上記のセキュリティ情報をチェックするとともに、必要に応じてアップデートを適用することを推奨している。
