Multiples vulnérabilités dans les produits Cisco

Avis et alertes de sécurité au jour le jour (aucune question posée dans ce sous-forum)

Modérateur: Modérateurs et Modératrices

Multiples vulnérabilités dans les produits Cisco

Messagede pierre » 23 Déc 2014, 21:18

Multiples vulnérabilités dans les produits Cisco corrigées

Appliquez les correctifs

1 - Risque(s)
exécution de code arbitraire à distance

2 - Systèmes affectés
De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Les produits CISCO suivants sont en cours d'investigation pour savoir s'ils sont vulnérables

Cable Modems

Cisco 3G Femtocell Wireless
Cisco Universal Small Cell RAN Management System Wireless
Digital Life RMS 1.8.1.1 Cisco Broadband Access Center Telco Wireless 3.8.1

Collaboration and Social Media

Cisco MeetingPlace
Cisco WebEx Meetings Server versions 2.x
Cisco WebEx Social

Endpoint Clients and Client Software

Cisco IP Communicator
Cisco Jabber Guest 10.0(2)
Cisco NAC Agent for Mac
Cisco NAC Agent for Web
Cisco UC Integration for Microsoft Lync
Cisco Unified Personal Communicator
Cisco Unified Video Advantage

Network Application, Service, and Acceleration

Cisco ASA CX and Cisco Prime Security Manager
Cisco Adaptive Security Appliance (ASA) Software
Cisco Application Control Engine (ACE10 and ACE20)
Cisco Application Control Engine (ACE30/ ACE 4710)
Cisco Application and Content Networking System (ACNS)
Cisco Clean Access Manager
Cisco DC Health Check
Cisco Extensible Network Controller (XNC)
Cisco GSS 4492R Global Site Selector
Cisco NAC Appliance
Cisco NAC Server
Cisco Smart Call Home
Cisco Smart Care
Cisco Visual Quality Experience Server
Cisco Visual Quality Experience Tools Server
Cisco Wide Area Application Services (WAAS)
Content Services Switch
NetAuthenticate
Openflow Agent
Smart Net Total Care

Network and Content Security Devices

Cisco Adaptive Security Device Manager
Cisco Content Security Appliance Updater Servers
Cisco FireSIGHT
Cisco Intrusion Prevention System Solutions (IPS)
Cisco Encryption Appliance (IEA)
Cisco NAC Guest Server
Cisco Physical Access Gateway
Cisco Physical Access Manager
Cisco Registered Envelope Service (CRES)
Cisco Secure Access Control Server (ACS)

Network Management and Provisioning

Business Video Services Automation Software (BV)
Cisco Prime Access Registrar Appliance
Cisco Application Networking Manager
Cisco Digital Media Manager (DMM)
Cisco Discovery Service
Cisco Insight Reporter
Cisco MATE Design
Cisco MATE Live
Cisco MATE collector
Cisco MXE Series
Cisco Media Experience Engines (MXE)
Cisco NetFlow Collection Agent
Cisco Network Analysis Module
Cisco Network Collector
Cisco Prime Analytics
Cisco Prime Cable Provisioning
Cisco Prime Central for SPs
Cisco Prime Data Center Network Manager
Cisco Prime IP Express
Cisco Prime Infrastructure
Cisco Prime LAN Management Solution
Cisco Prime License Manager
Cisco Prime Network Registrar (CPNR)
Cisco Prime Network Services Controller
Cisco Prime Network
Cisco Prime Optical for SPs
Cisco Prime Service Catalog Virtual Appliance
Cisco Quantum Policy Suite (QPS)
Cisco Quantum SON Suite
Cisco Quantum Virtualized Packet Core
Cisco Security Manager
Cisco UCS Central
Cisco Unified Intelligence Center (CUIC)
Cisco Unified Provisioning Manager (CUPM)
CiscoWorks Network Compliance Manager
Data Center Analytics Framework (DCAF)
Enterprise Content Delivery Service
Feature Analytics Service
Local Collector Appliance (LCA)
Network Device Security Assessment
Network Health Framework (NHF)
Network Performance Analytics (NPA)
Network Profiler
Prime Collaboration Provisioning
Security Module for Cisco Network Registrar
Unified Communication Audit Tool (UCAT)
Unified Communications Deployment Tools
Virtual Systems Operations Center for vPE project

Routing and Switching - Enterprise and Service Provider

CRS-CGSE-PLIM CRS-CGSE-PLUS
Cisco ASR 5000 Series
Cisco ASR 9000 Series Integrated Service Module
Cisco Application Policy Infrastructure Controller
Cisco Broadband Access Center Telco Wireless
Cisco Connected Grid Device Manager
Cisco Connected Grid Network Management System
Cisco Connected Grid Router
Cisco Connected Grid Routers (CGR)
Cisco IOS Software
Cisco IOS XR Software
Cisco IOS-XE for ASR1k, ASR903, ISR4400, CSR1000v
Cisco IOS-XE for Catalyst 3k, 4k, AIR-CT5760, and Cisco RF Gateway 10 (RFGW-10)
Cisco MDS
Cisco Metro Ethernet 1200 Series Access Devices
Cisco Nexus 1000V Series Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 4000 Series Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 7000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco OnePK All-in-One VM
Cisco Service Control Application for Broadband
Cisco Service Control Collection Manager
Cisco Service Control Engine 1010
Cisco Service Control Engine 2020
Cisco Service Control Engine 8000
Cisco Service Control Subscriber Manager
Cisco VPN Acceleration Engine
Cisco Virtual Security Gateway for Microsoft Hyper-V
IOS-XR for Cisco Network Convergence System (NCS) 6000

Routing and Switching - Small Business

Cisco DPH150 Series MicroCell Solution
Cisco Small Business AP500 Series Wireless Access Points
Cisco Small Business RV Series Routers RV110W
Cisco Small Business RV Series Routers RV220W
Cisco WAG310G Residential Gateway

Unified Computing

Cisco Common Services Platform Collector
Cisco UCS ADA
Cisco UCS Director
Cisco UCS Manager
Cisco USC Invicta Series Autosupport Portal
Cisco USC Invicta Series
Cisco Unified Computing System B-Series (Blade) Servers

Voice and Unified Communications Devices

Cisco 190 ATA Series Analog Terminal Adaptor
Cisco 7937 IP Phone
Cisco ATA 187 Analog Telephone Adaptor
Cisco Broadband Access Center for Cable Tools Suite
Cisco Business Edition 3000 (BE3k)
Cisco Computer Telephony Integration Object Server (CTIOS)
Cisco Desktop Collaboration Experience DX650
Cisco Desktop Collaboration Experience DX70 and DX80
Cisco Emergency Responder
Cisco Finesse
Cisco Hosted Collaboration Mediation Fulfillment
Cisco IM and Presence Service (CUPS)
Cisco IP Interoperability and Collaboration System (IPICS)
Cisco IP Phone 8800 Series
Cisco Jabber for Windows
Cisco MediaSense
Cisco Packaged Contact Center Enterprise
Cisco Paging Server (Informacast)
Cisco Paging Server
Cisco RV180W Wireless-N Multifunction VPN Router
Cisco Remote Silent Monitoring
Cisco SPA112 2-Port Phone Adapter
Cisco SPA122 ATA with Router
Cisco SPA232D Multi-Line DECT ATA
Cisco SPA30X Series IP Phones
Cisco SPA50X Series IP Phones
Cisco SPA51X Series IP Phones
Cisco SPA525G
Cisco SPA8000 8-port IP Telephony Gateway
Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
Cisco Small Business ISA500 Series Integrated Security Appliances
Cisco SocialMiner
Cisco Sx220 switches
Cisco Sx300 switches
Cisco TAPI Service Provider (TSP)
Cisco Unified Communications Domain Manager
Cisco Unified 3900 series IP Phones
Cisco Unified 6900 series IP Phones
Cisco Unified 6911 IP Phones
Cisco Unified 6945 IP Phones
Cisco Unified 7800 series IP Phones
Cisco Unified 7900 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco Unified Attendant Console Advanced
Cisco Unified Attendant Console Business Edition
Cisco Unified Attendant Console Department Edition
Cisco Unified Attendant Console Enterprise Edition
Cisco Unified Attendant Console Premium Edition
Cisco Unified Attendant Console Standard
Cisco Unified Client Services Framework
Cisco Unified Communications Domain Manager
Cisco Unified Communications Manager (CUCM)
Cisco Unified Communications Sizing Tool
Cisco Unified Communications Widgets Click To Call
Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Express (UCCX)
Cisco Unified Contact Center Express
Cisco Unified E-Mail Interaction Manager
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Phone 7900 Series
Cisco Unified Integration for IBM Sametime
Cisco Unified Intelligence Center
Cisco Unified Intelligent Contact Management Enterprise
Cisco Unified Operations Manager (CUOM)
Cisco Unified Quick Connect
Cisco Unified Service Monitor
Cisco Unified Service Statistics Manager
Cisco Unified SIP Proxy
Cisco Unified Web Interaction Manager
Cisco Unified Wireless IP Phone
Cisco Unified Workforce Optimization
Cisco Unity Connection (UC)
Cisco Unity Express
Cisco WAP371 wireless access point
xony VIM/CCDM/CCMP

Video, Streaming, TelePresence, and Transcoding Devices

Cisco AnyRes Live (CAL)
Cisco AnyRes VOD (CAV)
Cisco AutoBackup Server
Cisco Command 2000 Server (cmd2k) (RH Based)
Cisco Common Download Server (CDLS)
Cisco D9034-S Encoder
Cisco D9036 Modular Encoding Platform
Cisco D9054 HDTV Encoder
Cisco D9804 Multiple Transport Receiver
Cisco D9865 Satellite Receiver
Cisco DCM Series 9900-Digital Content Manager
Cisco DNCS Application Server (AppServer)
Cisco Digital Media Players
Cisco Digital Network Control System (DNCS)
Cisco Digital Transport Adapter Control System (DTACS)
Cisco Download Server (DLS) (RH Based)
Cisco Edge 300 Digital Media Player
Cisco Edge 340 Digital Media Player
Cisco IPTV Service Delivery System (ISDS)
Cisco IPTV
Cisco International Digital Network Control System (iDNCS)
Cisco Jabber Video for TelePresence (Movi)
Cisco Jabber for TelePresence (Movi)
Cisco Linear Stream Manager
Cisco Model D9485 DAVIC QPSK
Cisco PowerVu D9190 Conditional Access Manager (PCAM)
Cisco Powerkey CAS Gateway (PCG)
Cisco Powerkey Encryption Server (PKES)
Cisco Remote Conditional Access System (RCAS)
Cisco Remote Network Control System (RNCS)
Cisco Show and Share
Cisco TelePresence 1310
Cisco TelePresence Content Server (TCS)
Cisco TelePresence Exchange System (CTX)
Cisco TelePresence ISDN Link
Cisco TelePresence MX Series
Cisco TelePresence Management Suite (TMS)
Cisco TelePresence Management Suite Analytics Extension (TMSAE)
Cisco TelePresence Management Suite Extension (TMSXE)
Cisco TelePresence Management Suite Extension for IBM
Cisco TelePresence Management Suite Provisioning Extension
Cisco TelePresence Manager (CTSMan)
Cisco TelePresence Multipoint Switch (CTMS)
Cisco TelePresence Profile Series
Cisco TelePresence Recording Server (CTRS)
Cisco TelePresence System 1000
Cisco TelePresence System 1100
Cisco TelePresence System 1300
Cisco TelePresence System 3000 Series
Cisco TelePresence System 500-32
Cisco TelePresence System 500-37
Cisco TelePresence TE Software (for E20 - EoL)
Cisco TelePresence TX 9000 Series
Cisco Transaction Encryption Device (TED)
Cisco VDS Service Broker
Cisco Video Distribution Suite for Internet Streaming VDS-IS
Cisco Video Surveillance 3000 Series IP Cameras
Cisco Video Surveillance 4000 Series High-Definition IP Cameras
Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
Cisco Video Surveillance 6000 Series IP Cameras
Cisco Video Surveillance 7000 Series IP Cameras
Cisco Video Surveillance Media Server
Cisco Video Surveillance PTZ IP Cameras
Cisco Videoscape Back Office (VBO)
Cisco Videoscape Conductor
Cisco Videoscape Distribution Suite Transparent Caching
Cisco Virtual PGW 2200 Softswitch
Cloud Object Store (COS)
Digital Media Player(DMP) 4400 Digital Media Player(DMP) 4310
Media Services Interface

Wireless

Cisco Mobility Services Engine (MSE)
Cisco RF Gateway 1 (RFGW-1)
Cisco Wireless Control System (WCS)
Cisco Wireless Location Appliance (WLA)
Cisco Wireless Security Gateway Application (WSG)

Cisco Hosted Services

Cisco Install Base Management
Cisco Cloud Email Security
Cisco Cloud Services
Cisco Cloud and Systems Management
Cisco Connected Analytics For Collaboration
Cisco IC Distribution - internal
Cisco Intelligent Automation for Cloud
Cisco Partner Supporting Service
Cisco Proactive Network Operations Center
Cisco SMB Market Place
Cisco Services Platform Collector (CSPC)
Cisco Services Provisioning Platform (SPP)
Cisco SmartConnection
Cisco SmartReports
Cisco Unified Services Delivery Platform (CUSDP)
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Cisco Universal Small Cell CloudBase
Cisco WebEx Connect client (Windows)
Cisco WebEx Meetings for Android
Cisco WebEx Meetings for BlackBerry
Cisco WebEx Meetings for WP8
Cisco WebEx Messenger Service
Cisco WebEx Node for MCS
Cisco WebEx Node
Cisco WebEx WebOffice & Workspace
Connected Analytics for Network Deployment (CAND)
Connectivity
Core Services - SubComponent of SNTC
Femto Provisioning Gateway
Install Base Management (IBM)
MACD Process Controller (MPC)
On Going Support Automation (OGSA)
One View
Partner Supporting Service (PSS) 1.x
Partner Supporting Service (PSS) 2.x
SI component of Partner Supporting Service
Serial Number Assessment Service (SNAS)
Small Cell factory recovery root filesystem V2.99.4 or later
Smart Net Total Care (SNTC)
Support Central
Web Element Manager
WebEx PCNow
WebEx QuickBooks
WebEx Meeting Center


Les produits CISCO suivants ne sont pas affectés

Network and Content Security Devices

Cisco Email Security Appliance (ESA)
Cisco Firewall Services Module (FWSM)
Cisco Identity Services Engine (ISE)
Cisco Security Management Appliance (SMA)
Cisco Web Security Appliance (WSA)

Network Management and Provisioning

Cisco Multicast Manager
Cisco Prime Collaboration Assurance
Cisco Prime Home
Cisco Prime Performance Manager
Cisco Prime Provisioning

Unified Computing

Cisco Standalone rack server CIMC

Video, Streaming, TelePresence, and Transcoding Devices

Cisco D9824 Advanced Multi Decryption Receiver
Cisco D9854/D9854-I Advanced Program Receiver
Cisco D9858 Advanced Receiver Transcoder
Cisco D9859 Advanced Receiver Transcoder
Cisco TelePresence Advanced Media Gateway Series
Cisco TelePresence Conductor
Cisco TelePresence IP Gateway Series
Cisco TelePresence IP VCR Series
Cisco TelePresence ISDN GW 3241
Cisco TelePresence ISDN GW MSE 8321
Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
Cisco TelePresence MPS Series
Cisco TelePresence MXP Software
Cisco TelePresence Serial Gateway Series
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
Cisco TelePresence Supervisor MSE 8050
Cisco TelePresence Video Communications Server (VCS)
Tandberg Codian ISDN GW 3210/3220/3240
Tandberg Codian MSE 8320 model

Voice and Unified Communications Devices

Cisco Agent Desktop
Cisco MS200X Ethernet Access Switch
Cisco Unified Wireless IP Phones
Cisco Virtualization Experience Media Engine

Wireless

Cisco Wireless LAN Controller (WLC)

Cisco Hosted Services

Cisco Cloud Web Security (CWS)



3 - Résumé
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettaient à un attaquant de provoquer une exécution de code arbitraire à distance.

4 - Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

5 - Documentation
Bulletin de sécurité Cisco cisco-sa-20141222-ntpd du 22 décembre 2014
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd


[url]http://www.cert.ssi.gouv.fr/site/CERTFR-2014-AVI-538/index.html[/url]
Image
__________________
Pierre (aka Terdef)
Appel à donation - Le site a besoin de votre aide

Comment je me fais avoir/infecter ? - Protéger navigateur, navigation et vie privée - Bloquer publicité et surveillance sur le Web
Accélérer Windows - Accélérer Internet - Décontamination - Installer Malwarebytes - Forums d'entraide

Il ne sera répondu à aucune demande de dépannage posée en MP (Messagerie Privée). Les demandes doivent être publiques et les réponses doivent profiter au public.
Image
Avatar de l’utilisateur
pierre
 
Messages: 28401
Inscription: 20 Mai 2002, 23:01
Localisation: Ici et maintenant

Retourner vers Alertes

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 55 invités