点石成金打一生肖
首頁 -> 安全研究

安全研究

安全漏洞
Cisco多個產品拒絕服務漏洞(CVE-2019-1697)

發布日期:2019-06-06
更新日期:2019-06-06

受影響系統:
Cisco Firepower Threat Defense Software
Cisco Cisco Firepower Threat Defense Virtual (FTDv)
Cisco Cisco Firepower Threat Defense Software 6.3
Cisco Cisco Firepower Threat Defense Software 6.2.3
Cisco Cisco Firepower Threat Defense Software 6.2.2
Cisco Cisco Firepower Threat Defense Software 6.2.1
Cisco Cisco Firepower 9300 Security Appliance
Cisco Cisco Firepower 4100 Series
Cisco Cisco Firepower 2100 Series
Cisco Cisco ASA Services Module for Cisco Catalyst 6500
Cisco Cisco ASA Services Module for Cisco 7600 Series Ro
Cisco Cisco ASA 5500-X Series Firewalls
Cisco Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.9
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.9
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.8
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.8
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.7
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.7
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.6
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.6
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.10
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.10
Cisco Cisco 3000 Series Industrial Security Appliance (I
不受影響系統:
Cisco Firepower Threat Defense Software 6.3.0.3
Cisco Firepower Threat Defense Software 6.2.3.12
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.9.2.50
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.8.4
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.6.4.25
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.10.1.17
描述:
BUGTRAQ  ID: 108182
CVE(CAN) ID: CVE-2019-1697

思科自適應安全設備 (ASA) 軟件是為 Cisco ASA 系列提供強大功能的核心操作系統。它擁有多種外觀,為 ASA 設備提供企業級防火墻功能 - 獨立式設備(US)、刀片(US)和虛擬。ASA 軟件還與其他關鍵安全技術集成,以提供功能全面的解決方案,滿足不斷發展的安全需要。
思科的FirePower Threat Defense(FTD)軟件整合了ASA特性以及FirePower特性的軟性。
思科自適應安全設備(ASA)軟件和Firepower威脅防御(FTD)軟件中輕量級目錄訪問協議(LDAP)功能實施中的漏洞可能允許未經身份驗證的遠程攻擊者導致受影響的設備重新加載,從而導致拒絕服務(DoS)條件。這些漏洞是由于對發送到受影響設備的LDAP數據包的解析不當造成的。攻擊者可以通過使用基本編碼規則(BER)發送精心設計的LDAP數據包來利用這些漏洞,以便受影響的設備進行處理。成功利用可能允許攻擊者重新加載受影響的設備,從而導致DoS狀況。

<*來源:Marcelo Coelho
  
  鏈接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftds-lda
*>

建議:
廠商補丁:

Cisco
-----
Cisco已經為此發布了一個安全公告(cisco-sa-20190501-asa-ftds-ldapdos)以及相應補丁:
cisco-sa-20190501-asa-ftds-ldapdos:Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Lightweight Directory Access Protocol Denial of Service Vulnerability
鏈接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-asa-ftds-lda

補丁下載:

瀏覽次數:2433
嚴重程度:0(網友投票)
本安全漏洞由綠盟科技翻譯整理,版權所有,未經許可,不得轉載
綠盟科技給您安全的保障
点石成金打一生肖