Af Torben B. Sørensen, 03/11/17
Cisco har lukket flere sikkerhedshuller i trådløst netværksudstyr og andet udstyr.
Aironet 1560, 2800 og 3800 har to sårbarheder, der gør det muligt at sætte systemet ud af drift. Angriberen skal være inden for radiorækkevidde for at udnytte sårbarheden.
Den er en af flere sårbarheder, som Cisco har rettet. Der er også lukket to huller i Wireless LAN Controller.
Foruden det trådløse udstyr har Cisco rettet sårbarheder i Identity Services Engine, Firepower 4100 og 9300, Prime Collaboration Provisioning og Application Policy Infrastructure Controller Enterprise Module.
Anbefaling
Installer sikkerhedsopdateringerne.
Links
- Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
- Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
- Identity Services Engine Privilege Escalation Vulnerability
- Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
- Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
- Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
- Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
- Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
- Cisco Patches Serious DoS, Injection Flaws in Several Products, artikel fra SecurityWeek