9VSA23-00769-01 CSIRT comparte información de vulnerabilidades parchadas por Cisco para varios de sus productos
El CSIRT de Gobierno comparte la información entregada por Cisco sobre nuevas vulnerabilidades que afectan a varios de sus productos, y para las cuales pusieron a disposición actualizaciones de seguridad.
Vulnerabilidades
CVE-2023-20025
CVE-2023-20020
CVE-2023-20026
CVE-2023-20002
CVE-2023-20008
CVE-2023-20045
CVE-2023-20040
CVE-2023-20047
CVE-2023-20043
CVE-2023-20044
CVE-2023-20058
CVE-2023-20019
CVE-2023-20018
CVE-2023-20037
CVE-2023-20038
CVE-2023-20007
Impacto
Vulnerabilidades de riesgo crítico
CVE-2023-20025 y CVE-2023-20026: Vulnerabilidades críticas en routers Cisco Small Business RV016, RV042, RV042G, and RV082. Podrían permitir a un atacante remoto evadir autenticación o ejecutar comandos arbitrarios en el sistema operativo subyacente en un dispositivo afectado.
Productos afectados
Routers Cisco Small Business RV016, RV042, RV042G, and RV082.
Cisco IP Phone 7800 y 8800 series web management interface.
Cisco BroadWorks Application Server.
Cisco BroadWorks Application Delivery Platform.
Cisco BroadWorks Xtended Services Platform.
Cisco RV340, RV340W, RV345 y RV345P Dual WAN Gigabit VPN routers.
Cisco TelePresence Collaboration Endpoint (CE) Software.
Cisco Network Services Orchestrator (NSO)
Cisco RoomOS Software.
Cisco Webex Room Phone y Cisco Webex Share.
Cisco Unified Intelligence Center
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20007
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00769-01.