シスコの複数製品に緊急の脆弱性、ただちにアップデートを
米国土安全保障省サイバーセキュリティ・インフラストラクチャセキュリティ庁(CISA: Cybersecurity and Infrastructure Security Agency)は4月14日(米国時間)、「Cisco Releases Security Updates for Multiple Products|CISA」において、シスコシステムズの複数の製品に複数の脆弱性が存在すると伝えた。これら脆弱性を悪用されると、攻撃者によって影響を受けたシステムの制御権が乗っ取られる危険性がある。
脆弱性に関する情報は次のページにまとまっている。
Security Advisories
![](https://image.news.livedoor.com/newsimage/stf/5/1/51b7e_1223_19356218fb96a45e13b54b67e6e66c8b.jpg)
Security Advisories
2022年4月13日から14日にかけて発行されたセキュリティアドバイザリは次のとおり。
Vulnerability in Spring Framework Affecting Cisco Products: March 2022
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
Cisco SD-WAN Solution Improper Access Control Vulnerability
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
Cisco IOS XE Software Web UI API Injection Vulnerability
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Cisco IOS XE Software IPSec Denial of Service Vulnerability
Cisco IOx Application Hosting Environment Vulnerabilities
Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
脆弱性の一部は深刻度が緊急(Critical)に分類されており注意が必要。CISAは、上記のセキュリティ情報をチェックするとともに、必要に応じてアップデートを適用することを推奨している。
Security Advisories
![](https://image.news.livedoor.com/newsimage/stf/5/1/51b7e_1223_19356218fb96a45e13b54b67e6e66c8b.jpg)
2022年4月13日から14日にかけて発行されたセキュリティアドバイザリは次のとおり。
Vulnerability in Spring Framework Affecting Cisco Products: March 2022
Cisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
Cisco SD-WAN Solution Improper Access Control Vulnerability
Cisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability
Cisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability
Cisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service Vulnerability
Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility and Control Denial of Service Vulnerability
Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability
Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
Cisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service Vulnerability
Cisco IOS XE Software Web UI API Injection Vulnerability
Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
Cisco SD-WAN vEdge Routers Denial of Service Vulnerability
Cisco IOS XE Software IPSec Denial of Service Vulnerability
Cisco IOx Application Hosting Environment Vulnerabilities
Cisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of Service Vulnerability
Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
Cisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
脆弱性の一部は深刻度が緊急(Critical)に分類されており注意が必要。CISAは、上記のセキュリティ情報をチェックするとともに、必要に応じてアップデートを適用することを推奨している。