【概要】
■脆弱性情報
| 日 |
CVE番号 |
NVD |
Vender |
CVSS v3 |
CWE |
脆弱性 |
備考 |
|---|---|---|---|---|---|---|---|
| 2017/09/07 | CVE-2017-6627 | NVD | Vender | 7.5(NVD) |
CWE-404 CWE-399 |
リソースの不適切なシャットダウンおよびリリース リソース管理の問題 |
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12231 | NVD | Vender | 7.5(NVD) |
CWE-399 | リソース管理の問題 | Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12232 | NVD | Vender | 6.5(NVD) | CWE-399 | リソース管理の問題 | Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12233 | NVD | Vender | 7.5(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12234 | NVD | Vender | 7.5(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12235 | NVD | Vender | 7.5(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12237 | NVD | Vender | 7.5(NVD) |
CWE-400 CWE-399 |
リソースの枯渇 リソース管理の問題 |
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability |
| 2017/09/28 | CVE-2017-12240 | NVD | Vender | 9.8(NVD) |
CWE-20 CWE-119 |
不適切な入力確認 バッファエラー |
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability |
| 2018/03/27 | CVE-2017-12319 | NVD | Vender | 5.9(NVD) | CWE-20 | 不適切な入力確認 | Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability |
| 2018/03/08 | CVE-2018-0125 | NVD | Vender | 9.8(NVD) |
CWE-20 | 不適切な入力確認 | Cisco VPN Routers Remote Code Execution Vulnerability |
| 2018/03/08 | CVE-2018-0147 | NVD | Vender | 9.8(NVD) |
CWE-502 CWE-20 |
信頼できないデータのデシリアライゼーション 不適切な入力確認 |
Cisco Secure Access Control System Java Deserialization Vulnerability |
| 2018/03/28 | CVE-2018-0154 | NVD | Vender | 7.5(NVD) |
CWE-399 | リソース管理の問題 | Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability |
| 2018/03/28 | CVE-2018-0155 | NVD | Vender | 8.6(NVD) |
CWE-755 CWE-388 |
例外的な状態における不適切な処理 エラー処理 |
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability |
| 2018/03/28 | CVE-2018-0156 | NVD | Vender | 7.5(NVD) |
CWE-20 CWE-399 |
不適切な入力確認 リソース管理の問題 |
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability |
| 2018/03/28 | CVE-2018-0158 | NVD | Vender | 8.6(NVD) |
CWE-772 CWE-20 |
有効なライフタイム後のリソースの解放の欠如 不適切な入力確認 |
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability |
| 2018/03/28 | CVE-2018-0159 | NVD | Vender | 7.5(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability |
| 2018/03/28 | CVE-2018-0161 | NVD | Vender | 6.3(NVD) | CWE-399 | リソース管理の問題 | Cisco IOS Software Resource Management Errors Vulnerability |
| 2018/03/28 | CVE-2018-0167 | NVD | Vender | 8.6(NVD) |
CWE-119 | バッファエラー | Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability |
| 2018/03/28 | CVE-2018-0171 | NVD | Vender | 9.8(NVD) |
CWE-787 CWE-20 |
境界外書き込み 不適切な入力確認 |
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability |
| 2018/03/28 | CVE-2018-0172 | NVD | Vender | 8.6(NVD) |
CWE-787 CWE-20 |
境界外書き込み 不適切な入力確認 |
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability |
| 2018/03/28 | CVE-2018-0173 | NVD | Vender | 8.6(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS and IOS XE Software Improper Input Validation Vulnerability |
| 2018/03/28 | CVE-2018-0174 | NVD | Vender | 8.6(NVD) |
CWE-20 | 不適切な入力確認 | Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability |
| 2018/03/28 | CVE-2018-0175 | NVD | Vender | 8.0(NVD) |
CWE-134 CWE-119 |
書式文字列の問題 バッファエラー |
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability |
| 2018/03/28 | CVE-2018-0179 | NVD | Vender | 5.9(NVD) | CWE-399 | リソース管理の問題 | Cisco IOS Software Denial-of-Service Vulnerability |
| 2018/03/28 | CVE-2018-0180 | NVD | Vender | 5.9(NVD) | CWE-399 | リソース管理の問題 | Cisco IOS Software Denial-of-Service Vulnerability |
| 2019/11/25 | CVE-2019-15271 | NVD | Vender | 8.8(NVD) 8.8(CISCO) |
CWE-502 | 信頼できないデータのデシリアライゼーション | Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability |
| 2021/05/06 | CVE-2021-1497 | NVD | Vender | 9.8(NVD) 9.8(CISCO) |
CWE-78 | OSコマンドインジェクション | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 2021/05/06 | CVE-2021-1498 | NVD | Vender | 9.8(NVD) 9.8(CISCO) |
CWE-78 | OSコマンドインジェクション | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 2022/08/10 | CVE-2022-20715 | NVD | Vender | 7.5(NVD) 8.6(Cisco) |
CWE-20 CWE-399 |
不適切な入力確認 リソース管理の問題 |
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerability |
| 2022/08/10 | CVE-2022-20866 | NVD | Vender | 7.5(NVD) 7.4(Cisco) |
CWE-203 | 観測可能な不一致 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability |
| 2022/08/10 | CVE-2022-20829 | NVD | Vender | 7.2(NVD) 9.1(Cisco) |
CWE-345 | データの信頼性についての不十分な検証 | Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability |
| 2022/08/10 | CVE-2022-20713 | NVD | Vender | 6.1(NVD) 4.3(Cisco) |
CWE-444 | HTTP リクエストスマグリング | Cisco Adaptive Security Appliance Software Clientless SSL VPN Client-Side Request Smuggling Vulnerability |
| 2022/08/10 | CVE-2021-1585 | NVD | Vender | 8.1(NVD) 7.5(Cisco) |
CWE-94 | コード・インジェクション | Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability |
■Exploit Code情報
【ニュース】
◆シスコ製品に重要な脆弱性、アップデートを (マイナビニュース, 2022/08/12 14:37)
https://news.mynavi.jp/techplus/article/20220812-2423675/
https://vul.hatenadiary.com/entry/2022/08/12/000000_2
◆シスコの複数製品に重要な脆弱性、アップデートを (マイナビニュース, 2022/09/10 09:18)
https://news.mynavi.jp/techplus/article/20220910-2450155/
⇒ https://vul.hatenadiary.com/entry/2022/09/10/000000
◆Cisco、既知の脆弱性28件が「悪用済み」であると公表 (Security NEXT, 2022/12/21)
https://www.security-next.com/142394
⇒ https://vul.hatenadiary.com/entry/2022/12/21/000000
【関連まとめ記事】