9VSA23-00769-01 CSIRT comparte información de vulnerabilidades parachadas por Cisco para varios de sus productos

Resumen

El CSIRT de Gobierno comparte la información entregada por Cisco sobre nuevas vulnerabilidades que afectan a varios de sus productos, y para las cuales pusieron a disposición actualizaciones de seguridad.

Vulnerabilidades

CVE-2023-20025

CVE-2023-20020

CVE-2023-20026

CVE-2023-20002

CVE-2023-20008

CVE-2023-20045

CVE-2023-20040

CVE-2023-20047

CVE-2023-20043

CVE-2023-20044

CVE-2023-20058

CVE-2023-20019

CVE-2023-20018

CVE-2023-20037

CVE-2023-20038

CVE-2023-20007

Impacto

Vulnerabilidades de riesgo crítico

CVE-2023-20025 y CVE-2023-20026: Vulnerabilidades críticas en routers Cisco Small Business RV016, RV042, RV042G, and RV082. Podrían permitir a un atacante remoto evadir autenticación o ejecutar comandos arbitrarios en el sistema operativo subyacente en un dispositivo afectado.

Productos afectados

Routers Cisco Small Business RV016, RV042, RV042G, and RV082.

Cisco IP Phone 7800 y 8800 series web management interface.

Cisco BroadWorks Application Server.

Cisco BroadWorks Application Delivery Platform.

Cisco BroadWorks Xtended Services Platform.

Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN routers.

Cisco TelePresence Collaboration Endpoint (CE) Software.

Cisco Network Services Orchestrator (NSO)

Cisco RoomOS Software.

Cisco Webex Room Phone y Cisco Webex Share.

Cisco Unified Intelligence Center

 

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

 

Enlaces

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20025

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20026

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20002

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20045

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20040

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20047

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20043

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20044

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20058

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20018

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20037

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20038

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20007

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00769-01.

9VSA23-00769-01 CSIRT comparte información de vulnerabilidades parachadas por Cisco para varios de sus productos