Cisco | Security Manager¶à¸öÇå¾²Îó²îͨ¸æ
Ðû²¼Ê±¼ä 2020-11-170x00 Îó²î¸ÅÊö
2020Äê11ÔÂ16ÈÕ£¬£¬£¬£¬CiscoÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬Security ManagerÖб£´æ¶à¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¡£¡£Îó²î×·×ÙΪCVE-2020-27125¡¢CVE-2020-27130ºÍCVE-2020-27131¡£¡£¡£¡£¡£¡£¡£
0x01 Îó²îÏêÇé
Cisco Security ManagerΪCiscoÇå¾²ÖÎÀíÆ÷£¬£¬£¬£¬Ëü¿É½«Õ½ÂÔÉèÖÃʹÃüºÍÕë¶ÔCiscoÇå¾²°²ÅŵĿØÖƲ½·¥¾ÙÐм¯Öд¦Öóͷ££¬£¬£¬£¬´Ó¶ø¸ßЧµØÖÎÀíÆóÒµÇå¾²¡£¡£¡£¡£¡£¡£¡£
±¾´ÎÐû²¼µÄÎó²îÏêÇéÈçÏ£º
²úÆ· | CVE ID | Îó²îÃû³Æ | ÆÀ·Ö | ÑÏÖØË®Æ½ |
Cisco Security Manager | CVE-2020-27125 | Cisco Security Manager¾²Ì¬Ö¤ÊéÎó²î | 7.4 | ¸ßΣ |
CVE-2020-27130 | Cisco Security Manager·¾¶±éÀúÎó²î | 9.1 | ÑÏÖØ | |
CVE-2020-27131 | Cisco Security Manager Java·´ÐòÁл¯Îó²î | 8.1 | ¸ßΣ |
Ó°Ïì¹æÄ££º
Cisco Security Manager 4.21¼°Ö®Ç°°æ±¾¡£¡£¡£¡£¡£¡£¡£
Cisco Security Manager¾²Ì¬Ö¤ÊéÎó²î£¨CVE-2020-27125£©
¸ÃÎó²îÊǾ²Ì¬Æ¾Ö¤Ã»ÓÐÌṩ×ã¹»µÄ±£»£»£»¤Ôì³ÉµÄ£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýÉó²éÔ´´úÂëÀ´Ê¹ÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÉó²é¾²Ì¬Æ¾Ö¤µÈÃô¸ÐÐÅÏ¢£¬£¬£¬£¬²¢Ê¹ÓÃÆ¾Ö¤¾ÙÐй¥»÷¡£¡£¡£¡£¡£¡£¡£
Îó²îÏêÇéÈçÏ£º
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW
Cisco Security Manager·¾¶±éÀúÎó²î£¨CVE-2020-27130£©
¸ÃÎó²îÊÇ×°±¸¶ÔÇëÇóÖеÄĿ¼±éÀú×Ö·ûÐòÁеÄÑéÖ¤²»×¼È·Ôì³ÉµÄ¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýÏòÊÜÓ°ÏìµÄ×°±¸·¢ËͶñÒâÇëÇóÀ´Ê¹ÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄÜʹ¹¥»÷ÕßÔÚÊÜÓ°ÏìµÄ×°±¸ÉÏÏÂÔØí§ÒâÎļþ¡£¡£¡£¡£¡£¡£¡£
Îó²îÏêÇéÈçÏ£º
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR
Cisco Security Manager Java·´ÐòÁл¯Îó²î£¨CVE-2020-27131£©
Cisco Security ManagerʹÓõÄJava·´ÐòÁл¯¹¦Ð§Öб£´æ¶à¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¡£¡£ÕâЩÎó²îʹµÃÓû§ÌṩµÄÄÚÈݱ»²»Çå¾²µØ·´ÐòÁл¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ý½«¶ñÒâµÄÐòÁл¯Java¹¤¾ß·¢Ë͸øÊÜÓ°ÏìµÄϵͳÉϵÄÌØ¶¨ÕìÌýÆ÷À´Ê¹ÓÃÕâЩÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄÜʹ¹¥»÷ÕßÔÚÄ¿µÄWindowsÖ÷»úÉÏʹÓÃNT AUTHORITY\SYSTEM£¨ÄÚÖÃϵͳÖÎÀíÕË»§£©È¨ÏÞÔÚ×°±¸ÉÏÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£¡£¡£
Îó²îÏêÇéÈçÏ£º
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD?
0x02 ´¦Öóͷ£½¨Òé
ÏÖÔÚCiscoÒÑÔÚCisco Security Manager 4.22ÖÐÐÞ¸´ÁËCVE-2020-27125ºÍCVE-2020-27130£¬£¬£¬£¬½¨Òéʵʱ¸üС£¡£¡£¡£¡£¡£¡£
CiscoÍýÏëÔÚCisco Security Manager 4.23ÖÐÐÞ¸´CVE-2020-27131¼°ÆäËüJava·´ÐòÁл¯¹¦Ð§ÖеÄÎó²î¡£¡£¡£¡£¡£¡£¡£
ÏÂÔØµØµã£º
https://software.cisco.com/download/find
0x03 ²Î¿¼Á´½Ó
https://tools.cisco.com/security/center/publicationListing.x
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27131
0x04 ʱ¼äÏß
2020-11-16 CiscoÐû²¼Ç徲ͨ¸æ
2020-11-17 VSRCÐû²¼Ç徲ͨ¸æ
0x05 ¸½Â¼
CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/