Cisco | Security Manager¶à¸öÇå¾²Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-11-17

0x00 Îó²î¸ÅÊö

2020Äê11ÔÂ16ÈÕ£¬£¬£¬£¬CiscoÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬Security ManagerÖб£´æ¶à¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¡£¡£Îó²î×·×ÙΪCVE-2020-27125¡¢CVE-2020-27130ºÍCVE-2020-27131¡£¡£¡£¡£¡£¡£¡£

 

0x01 Îó²îÏêÇé

 

image.png

Cisco Security ManagerΪCiscoÇå¾²ÖÎÀíÆ÷£¬£¬£¬£¬Ëü¿É½«Õ½ÂÔÉèÖÃʹÃüºÍÕë¶ÔCiscoÇå¾²°²ÅŵĿØÖƲ½·¥¾ÙÐм¯Öд¦Öóͷ££¬£¬£¬£¬´Ó¶ø¸ßЧµØÖÎÀíÆóÒµÇå¾²¡£¡£¡£¡£¡£¡£¡£

±¾´ÎÐû²¼µÄÎó²îÏêÇéÈçÏ£º

 

²úÆ·

CVE   ID

Îó²îÃû³Æ

ÆÀ·Ö

ÑÏÖØË®Æ½

Cisco   Security Manager

CVE-2020-27125

Cisco Security   Manager¾²Ì¬Ö¤ÊéÎó²î

7.4

¸ßΣ

CVE-2020-27130

Cisco Security   Manager·¾¶±éÀúÎó²î

9.1

ÑÏÖØ

CVE-2020-27131

Cisco Security   Manager Java·´ÐòÁл¯Îó²î

8.1

¸ßΣ

 

Ó°Ïì¹æÄ££º

Cisco Security Manager 4.21¼°Ö®Ç°°æ±¾¡£¡£¡£¡£¡£¡£¡£

 

Cisco Security Manager¾²Ì¬Ö¤ÊéÎó²î£¨CVE-2020-27125£©

¸ÃÎó²îÊǾ²Ì¬Æ¾Ö¤Ã»ÓÐÌṩ×ã¹»µÄ±£»£»£»¤Ôì³ÉµÄ£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýÉó²éÔ´´úÂëÀ´Ê¹ÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÒÔÉó²é¾²Ì¬Æ¾Ö¤µÈÃô¸ÐÐÅÏ¢£¬£¬£¬£¬²¢Ê¹ÓÃÆ¾Ö¤¾ÙÐй¥»÷¡£¡£¡£¡£¡£¡£¡£

Îó²îÏêÇéÈçÏ£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-rce-8gjUz9fW

 

Cisco Security Manager·¾¶±éÀúÎó²î£¨CVE-2020-27130£©

¸ÃÎó²îÊÇ×°±¸¶ÔÇëÇóÖеÄĿ¼±éÀú×Ö·ûÐòÁеÄÑéÖ¤²»×¼È·Ôì³ÉµÄ¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýÏòÊÜÓ°ÏìµÄ×°±¸·¢ËͶñÒâÇëÇóÀ´Ê¹ÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄÜʹ¹¥»÷ÕßÔÚÊÜÓ°ÏìµÄ×°±¸ÉÏÏÂÔØí§ÒâÎļþ¡£¡£¡£¡£¡£¡£¡£

Îó²îÏêÇéÈçÏ£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-path-trav-NgeRnqgR

 

Cisco Security Manager Java·´ÐòÁл¯Îó²î£¨CVE-2020-27131£©

Cisco Security ManagerʹÓõÄJava·´ÐòÁл¯¹¦Ð§Öб£´æ¶à¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¡£¡£ÕâЩÎó²îʹµÃÓû§ÌṩµÄÄÚÈݱ»²»Çå¾²µØ·´ÐòÁл¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ý½«¶ñÒâµÄÐòÁл¯Java¹¤¾ß·¢Ë͸øÊÜÓ°ÏìµÄϵͳÉϵÄÌØ¶¨ÕìÌýÆ÷À´Ê¹ÓÃÕâЩÎó²î¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄÜʹ¹¥»÷ÕßÔÚÄ¿µÄWindowsÖ÷»úÉÏʹÓÃNT AUTHORITY\SYSTEM£¨ÄÚÖÃϵͳÖÎÀíÕË»§£©È¨ÏÞÔÚ×°±¸ÉÏÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£¡£¡£

Îó²îÏêÇéÈçÏ£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD?

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚCiscoÒÑÔÚCisco Security Manager 4.22ÖÐÐÞ¸´ÁËCVE-2020-27125ºÍCVE-2020-27130£¬£¬£¬£¬½¨Òéʵʱ¸üС£¡£¡£¡£¡£¡£¡£

CiscoÍýÏëÔÚCisco Security Manager 4.23ÖÐÐÞ¸´CVE-2020-27131¼°ÆäËüJava·´ÐòÁл¯¹¦Ð§ÖеÄÎó²î¡£¡£¡£¡£¡£¡£¡£

ÏÂÔØµØµã£º

https://software.cisco.com/download/find

 

0x03 ²Î¿¼Á´½Ó

https://tools.cisco.com/security/center/publicationListing.x

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27131

 

0x04 ʱ¼äÏß

2020-11-16  CiscoÐû²¼Ç徲ͨ¸æ

2020-11-17  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/


 

image.png