9VSA21-00503-01 CSIRT alerta de nuevas vulnerabilidades graves en productos de Cisco

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte información de las vulnerabilidades publicadas esta semana por Cisco.

Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.

Vulnerabilidades

CVE-2021-34710

CVE-2021-34735

CVE-2021-34698

CVE-2021-34748

CVE-2021-34775

CVE-2021-34776

CVE-2021-34777

CVE-2021-34778

CVE-2021-34779

CVE-2021-34780

CVE-2021-1594

CVE-2021-34788
CVE-2021-34758

CVE-2021-34766

CVE-2021-34744

CVE-2021-34757

CVE-2021-34706

CVE-2021-34702

CVE-2021-34711

CVE-2021-1534

CVE-2021-34782

CVE-2021-34742
CVE-2021-34772
CVE-2020-24586

CVE-2020-24587

CVE-2020-24588

CVE-2020-26139

CVE-2020-26140

CVE-2020-26141

CVE-2020-26142

CVE-2020-26143

CVE-2020-26144

CVE-2020-26145

CVE-2020-26146

CVE-2020-26147

Impactos

Riesgo alto

CVE-2021-34710 y CVE-2021-34735: Vulnerabilidades que afectan a Cisco ATA 190 Series Analog Telephone Adapter Software, y podrían permitir a un atacante realizar un ataque de inyección de código resultando en ejecución remota de código o una condición de denegación de servicio (DoS) en los equipos afectados.

CVE-2021-34698: Afecta a Cisco AsyncOS for Cisco Web Security Appliance (WSA) y podría permitir a un atacante remoto no autenticado agotar la memoria de sistema y provocar una condición de denegación de servicio (DoS) en el aparato afectado.

CVE-2021-34748: Vulnerabilidad en la interfaz web de administración de Cisco Intersight Virtual Appliance debida a insuficiente validación de inputs y que podría permitir a un atacante remoto autenticado realizar un ataque de inyección de comandos en un equipo afectado.

CVE-2021-34775, CVE-2021-34776, CVE-2021-34777, CVE-2021-34778, CVE-2021-34779 y CVE-2021-34780 son vulnerabilidades en la implementación del Link Layer Discovery Protocol (LLDP) para Cisco Small Business 220 Series Smart Switches. Un atacante adyacente y no autenticado podría ejecutar código, provocar un reinicio inesperado o causar corrupción de databases LLDP en un equipo afectado.

CVE-2021-1594 es una vulnerabilidad en la REST API de Cisco Identity Services Engine (ISE) que podría permitir a un atacante remoto no autenticado realizar un ataque de inyección de comandos y elevar privilegios a root.

CVE-2021-34788 es una vulnerabilidad en el mecanismo de carga de bibliotecas compartidas en Cisco AnyConnect Secure Mobility Client para Linux y Mac OS que podría permitir a un atacante local autenticado realizar un ataque de secuestro de bibliotecas en el equipo afectado si el módulo VPN Posture (HostScan) está instalado en el cliente AnyConnect.

Productos Afectados

Cisco ATA 190 Series Analog Telephone Adapter Software.

Cisco AsyncOS for Cisco Web Security Appliance (WSA).

Cisco Intersight Virtual Appliance.

Cisco Small Business 220 Series Smart Switches.

Cisco Identity Services Engine (ISE).

Cisco TelePresence Collaboration Endpoint (CE) Software y Cisco RoomOS Software.

Cisco Smart Software Manager On-Prem (SSM On-Prem).

Cisco Business 220 Series Smart Switches.

Cisco Identity Services Engine (ISE).

Cisco IP Phone software.

Cisco AsyncOS Software for Cisco Email Security Appliance (ESA).

Cisco DNA Center.

Cisco Vision Dynamic Signage Director.

Cisco Orbital.

Aironet 1532 APs, AP803 Integrated AP on IR829 Industrial Integrated Services Routers.

Aironet 1542 APs, Aironet 1810 APs, Aironet 1815 APs, Aironet 1832 APs, Aironet 1842 APs, Aironet 1852 APs, Aironet 1800i Aps.

Aironet 1552 APs, Aironet 1552H APs, Aironet 1572 APs, Aironet 1702 APs, Aironet 2702 APs, Aironet 3702 APs, IW 3702 Aps.

Aironet 1560 Series APs, Aironet 2800 Series APs, Aironet Series 3800 APs, Aironet Series 4800 APs, Catalyst IW 6300 APs, 6300 Series Embedded Services APs (ESW6300).

Catalyst 9105 APs, Catalyst 9115 APs, Catalyst 9120 APs, Integrated AP on 1100 Integrated Services Routers.

Catalyst 9117 AP.

Catalyst 9124 AP, Catalyst 9130 AP.

Meraki GR10, GR60, MR20, MR30H, MR33, MR36, MR42, MR42E, MR44, MR45, MR46, MR46E, MR52, MR53, MR53E, MR55, MR56, MR70, MR74, MR76, MR84, MR86.

Meraki MR12, MR18, MR26, MR32, MR34, MR62, MR66, MR72.

Meraki MX64W, MX65W, MX67W, MX67CW, MX68W, MX68CW, Z3, Z3C.

IP Phone 8861, IP Phone 8865 y IP Conference Phone 8832.

IP Phone 6861 y IP Phone 8861 Running Third-Party Call Control (3PCC) Software.

Wireless IP Phone 8821.

Webex Desk Series y Webex Room Series.

Webex Board Series.

Webex Wireless Phone 840 y 860.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

Enlaces

https://tools.cisco.com/security/center/publicationListing.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-amp-redirect-rQ2Bu7dU

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-xss-fvdj6HK

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-KyC6YncS

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-sGcfsDrp

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-V4VSjEsX

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-priv-esc-5g35cdDJ

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-UwqPrBM3

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-dos-fmHdKswk

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34710

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34735

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34698

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34748

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34775

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34779

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34780

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1594

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34788

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34766

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34744

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34757

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34706

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34702

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34711

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1534

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34742

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34772

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24586

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24587

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26139

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26140

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26141

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26142

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26143

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26143

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26145

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26146

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00503-01.

9VSA21-00503-01 CSIRT alerta de nuevas vulnerabilidades graves en productos de Cisco