TR-21-0359 (Cisco Güvenlik Zafiyeti)

Genel Bilgi

Cisco farklı ürünlerinde bulunan zafiyetler için güvenlik bildirimi yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle saldırganın hedef aldığı sistemde saldırı gerçekleştirmesi ihtimal dahilindedir. CVE kodları şöyledir:

CVE-2021-1445, CVE-2021-1504, CVE-2021-1488, CVE-2021-1493, CVE-2021-1495, CVE-2021-1402, CVE-2021-1256, CVE-2021-1448, CVE-2021-1455, CVE-2021-1456, CVE-2021-1457, CVE-2021-1458, CVE-2021-1477, CVE-2021-1369, CVE-2021-1489, CVE-2021-1501 ve CVE-2021-1476

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), sistem yöneticilerine; Cisco firmasının yayınladığı güncellemeyi indirmelerini tavsiye etmektedir.

Kaynaklar

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20and%20Firepower%20Threat%20Defense%20Software%20for%20Firepower%201000%20and%202100%20Series%20Appliances%20Command%20Injection%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20and%20Firepower%20Threat%20Defense%20Software%20Web%20Services%20Buffer%20Overflow%20Denial%20of%20Service%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20Snort%20HTTP%20Detection%20Engine%20File%20Policy%20Bypass%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-fp-bp-KfDdcQhc

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20Software%20SSL%20Decryption%20Policy%20Denial%20of%20Service%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ssl-decrypt-dos-DdyLuK6c

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-file-overwrite-XknRjGdB?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%20Threat%20Defense%20Software%20Command%20File%20Overwrite%20Vulnerability&vs_k=1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Adaptive%20Security%20Appliance%20Software%20and%20Firepower%20Threat%20Defense%20Software%20Web%20Services%20VPN%20Denial%20of%20Service%20Vulnerabilities&vs_k=1

2021-04-29