[English]Cisco hat kritische Sicherheitsupdates für seine Netzwerkbetriebssysteme IOS und IOS XE freigegeben. Die Updates schließen insgesamt 24 als kritisch eingestufte Sicherheitslücken in den Produkten. Es sollte also zeitnah gepatcht werden.
Anzeige
Die Informationen hat Cisco am 24. Sept. 2020 im halbjährlichen Sicherheits-Bulletin Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication veröffentlicht. Cisco veröffentlicht am vierten Mittwoch des Monats im März und September eines jeden Kalenderjahres Cisco gebündelte IOS- und IOS XE-Software-Sicherheitshinweise.
34 Schwachstellen geschlossen
Die am 24. September 2020 veröffentlichte Cisco IOS und IOS XE Software Security Advisory Bundled Publication enthält 25 Cisco Security Advisories, die 34 Schwachstellen in Cisco IOS Software und Cisco IOS XE Software beschreiben. Von diesen Schwachstellen haben 25 ein als Hoch eingestuftes Security Impact Rating (SIR).
Cisco hat Software-Updates veröffentlicht, die diese Schwachstellen beheben. Um schnell festzustellen, ob eine bestimmte Version der Cisco IOS- oder IOS XE-Software von einer oder mehreren Schwachstellen betroffen ist, können Kunden den Cisco Software Checker verwenden.
- cisco-sa-iosxe-isdn-q931-dos-67eUZBTf, Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability, CVE-2020-3511, High 7.4
- cisco-sa-profinet-J9QMCHPB, Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability, CVE-2020-3409, High 7.4
- cisco-sa-ios-profinet-dos-65qYG3W5, Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability, CVE-2020-3512 , High 7.4
- cisco-sa-splitdns-SPWqpdGW, Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability, CVE-2020-3408, High 8.6
- cisco-sa-ios-lpwa-access-cXsD7PRA, Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability, CVE-2020-3426, High 7.5
- cisco-sa-xbace-OnCEbyS, Cisco IOS XE Software Arbitrary Code Execution Vulnerability, CVE-2020-3417, High 6.8
- cisco-sa-COPS-VLD-MpbTvGEW, Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability, CVE-2020-3526, High 8.6
- cisco-sa-le-drTOB625, Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability, CVE-2020-3465, High 7.4
- cisco-sa-iosxe-umbrella-dos-t2QMUX37, Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability, CVE-2020-3510, High 8.6
- cisco-sa-iosxe-wlc-fnfv9-EvrAQpNX, Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability, CVE-2020-3492, High 8.6
- cisco-sa-mdns-dos-3tH6cA9J, Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability, CVE-2020-3359, High 8.6
- cisco-sa-ISR4461-gKKUROhx, Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability, CVE-2020-3414, High 8.6
- cisco-sa-esp20-arp-dos-GvHVggqJ, Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability, CVE-2020-3508, High 7.4
- cisco-sa-iosxe-rsp3-rce-jVHg8Z7c, Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities, CVE-2020-3416, CVE-2020-3513, High 6.7
- cisco-sa-iosxe-dhcp-dos-JSCKX43h, Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability, CVE-2020-3509, High 8.6
- cisco-sa-ipsla-jw2DJmSv, Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability, CVE-2020-3422, High 8.6
- cisco-sa-ios-webui-priv-esc-K8zvEWM, Cisco IOS XE Software Privilege Escalation Vulnerabilities, CVE-2020-3141, CVE-2020-3425, High 8.8
- cisco-sa-confacl-HbPtfSuO, Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability, CVE-2020-3407, High 8.6
- cisco-sa-webui-auth-bypass-6j2BYUc7, Cisco IOS XE Software Web UI Authorization Bypass Vulnerability. CVE-2020-3400, High 8.8
- cisco-sa-zbfw-94ckG4G, Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities, CVE-2020-3421, CVE-2020-3480, High 8.6
- cisco-sa-capwap-dos-TPdNTdyq, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities, CVE-2020-3486, CVE-2020-3487, CVE-2020-3488, CVE-2020-3489, CVE-2020-3493, CVE-2020-3494, CVE-2020-3497, High 7.4
- cisco-sa-capwap-dos-ShFzXf, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability, CVE-2020-3399, High 8.6
- cisco-sa-iosxe-ewlc-snmp-dos-wNkedg9K, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability, CVE-2020-3390, High 7.4
- cisco-sa-dclass-dos-VKh9D8k3, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability, CVE-2020-3428, High 7.4
- cisco-sa-wpa-dos-cXshjerc, Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability, CVE-2020-3429, High 7.4
Details sind den jeweils verlinkten Dokumenten mit den Sicherheitshinweisen zu entnehmen. Die Wochenend-Schicht für Administratoren von Cisco-Systemen ist also gerettet. (via)
2015
