內容說明:
Cisco近期公布Cisco 809與Cisco 829工業整合式服務路由器(Industrial Integrated Services Routers),以及Cisco 1000系列Connected Grid路由器產品存在安全漏洞(CVE-2020-3205、CVE-2020-3198及CVE-2020-3258),攻擊者可利用漏洞進行攻擊,進而導致遠端執行任意程式碼。
同時,Cisco亦公布IOS XE所使用之IOx API存在安全漏洞(CVE-2020-3227),攻擊者可利用漏洞進行攻擊,取得管理員的高權限Token,進而導致遠端執行任意API指令。
影響平台:
CVE-2020-3205、CVE-2020-3198及CVE-2020-3258:
Cisco 809 industrial integrated services routers(ISR)
Cisco 829 industrial integrated services routers(ISR)
Cisco Connected Grid Router 1000 series
CVE-2020-3227:
IOS XE使用IOx應用程序進行設定,且版本為16.3.1(含)以後版本
處置建議:
目前Cisco官方已針對此弱點釋出修復版本,請各機關聯絡設備維護廠商進行更新
參考連結:
1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH
2. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt
3. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9
CVE編號:
CVE-2020-3205
CVE-2020-3198
CVE-2020-3258
CVE-2020-3227
參考資料:
1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH
2. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-udp-vds-inj-f2D5Jzrt
3. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxPE-KgGvCAf9
4. https://www.csa.gov.sg/singcert/alerts/al-2020-017