发布日期:2011-09-14
更新日期:2011-09-14
受影响系统:
Cisco Cisco Unified Operations Manager (CUOM) 8.5
Cisco Cisco Unified Operations Manager (CUOM) 8.0
Cisco Cisco Unified Operations Manager (CUOM) 2.3
Cisco Cisco Unified Operations Manager (CUOM) 2.2
Cisco Cisco Unified Operations Manager (CUOM) 2.1 SP1
Cisco Cisco Unified Operations Manager (CUOM) 2.0.3
Cisco Cisco Unified Operations Manager (CUOM) 2.0.2
Cisco Cisco Unified Operations Manager (CUOM) 2.0.1
Cisco Cisco Unified Operations Manager (CUOM) 2.1
Cisco CiscoWorks Lan Management Solution 4.0
Cisco CiscoWorks Lan Management Solution 3.2
Cisco CiscoWorks Lan Management Solution 3.1
Cisco Cisco Unified Service Monitor 2.1
Cisco Cisco Unified Service Monitor 2.0.1
Cisco Cisco Unified Service Monitor 2.0
Cisco Cisco Unified Service Monitor 1.1
Cisco Cisco Unified Service Monitor 1.0
Cisco Unified Service Manager (CUSM) 2.0.1
Cisco Unified Service Manager (CUSM) 2.0
Cisco Unified Service Manager (CUSM) 1.1
不受影响系统:
Cisco Cisco Unified Operations Manager (CUOM) 8.6
Cisco CiscoWorks Lan Management Solution 4.1
Cisco Unified Service Manager (CUSM) 8.6
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 49627
CVE ID: CVE-2011-2738
Cisco Unified Service Monitor和Cisco Unified Operations Manager是Cisco Unified Communications Management Suite中的产品,可持续监督Cisco Unified Communications System支持的活动呼叫。CiscoWorks LAN Management Solution是简化网络配置、管理、监督和维护的管理套装。
多个思科产品在实现上存在远程代码执行漏洞,远程攻击者可利用这些漏洞在受影响设备上执行任意代码,可能造成拒绝服务。
这些漏洞可通过TCP端口9002发送特制报文到受影响系统触发。
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20110914-cusm)以及相应补丁:
cisco-sa-20110914-cusm:Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities