9VSA22-00626-01 CSIRT alerta de vulnerabilidades en productos Cisco
El CSIRT de Gobierno comparte información sobre dos nuevas vulnerabilidades comunicadas por Cisco para varios de sus productos.
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte información sobre dos nuevas vulnerabilidades comunicadas por Cisco para varios de sus productos.
Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Vulnerabilidades
CVE-2022-20746
CVE-2022-20751
CVE-2022-20757
CVE-2022-20743
CVE-2022-20759
CVE-2022-20742
CVE-2022-20745
CVE-2022-20760
CVE-2022-20737
CVE-2022-20715
CVE-2022-20767
CVE-2022-20681
CVE-2022-20729
CVE-2022-20730
CVE-2022-20748
CVE-2022-20627
CVE-2022-20628
CVE-2022-20629
CVE-2022-20740
CVE-2022-20744
Impacto
Vulnerabilidades de riesgo alto
CVE-2022-20746: Denegación de servicio.
CVE-2022-20751: Denegación de servicio.
CVE-2022-20757: Denegación de servicio.
CVE-2022-20743: Bypass de seguridad.
CVE-2022-20742: Divulgación de información.
CVE-2022-20745: Denegación de servicio.
CVE-2022-20760: Denegación de servicio.
CVE-2022-20737: Desbordamiento de lotes.
CVE-2022-20715: Denegación de servicio.
Productos afectados
Cisco Firepower Threat Defense Software TCP Proxy.
Cisco Firepower Threat Defense Software Snort.
Cisco Firepower Threat Defense Software.
Cisco Firepower Management Center File Upload.
Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense (FTD) Software.
Cisco Adaptive Security Appliance (ASA) Software.
Cisco Firepower Management Center (FMC) Software.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tcp-dos-kM9SHhOu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort-dos-hd2hFgM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-JnnJm4wB
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-mgmt-privesc-BMFMUvye
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ipsec-mitm-CKnLr4
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-nJVAwOeq
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asafdt-webvpn-dos-tzPSYern
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-heap-zLX3FdX
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-dos-tL4uA4AA
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FTD-snort3-DOS-Aq38LVdM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-xmlinj-8GWjGzKe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-sidns-bypass-3PzA5pO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-amp-local-dos-CUfwRJXT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-qXz4uAkM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-SfpEcvGT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infdisc-guJWRwQu
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20681
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20744
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00626-01.