思科产品两个不明细节漏洞
发布日期:2011-09-15
更新日期:2011-09-15
受影响系统:
Cisco Unified Operations Manager (CUOM) 8.x
Cisco Unified Service Monitor (CUSM) 8.x
Cisco CiscoWorks Prime LAN Management Solution (LMS) 4.x
描述:
--------------------------------------------------------------------------------
CVE ID: CVE-2011-2738
cisco思科系统公司(Cisco Systems, Inc.)是互联网解决方案的领先提供者,其设备和软件产品主要用于连接计算机网络系统。
多个思科产品在实现上存在两个不明细节漏洞,恶意用户可利用这些漏洞控制受影响系统。
通过发送到TCP端口9002的特制报文可触发此漏洞。
<*来源:AbdulAziz Hariri
链接:http://secunia.com/advisories/45979/
http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20110914-cusm)以及相应补丁:
cisco-sa-20110914-cusm:Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities
链接:http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml