{"id":273414,"date":"2022-10-01T02:51:49","date_gmt":"2022-10-01T00:51:49","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=273414"},"modified":"2022-10-01T04:07:48","modified_gmt":"2022-10-01T02:07:48","slug":"gravierende-schwachstellen-in-cisco-netzwerk-hardware-sept-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2022\/10\/01\/gravierende-schwachstellen-in-cisco-netzwerk-hardware-sept-2022\/","title":{"rendered":"Gravierende Schwachstellen in Cisco Netzwerk-Hardware (Sept. 2022)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/borncity.com\/win\/2022\/10\/01\/gravierende-schwachstellen-in-cisco-netzwerk-hardware-sept-2022\/\" target=\"_blank\" rel=\"noopener\">English<\/a>]Kurzer Nachtrag von dieser Woche. Der Hersteller Cisco hat zum 28. September 2022 umfangreiche Sicherheitshinweise und Updates f\u00fcr seine Netzwerk-Hardware ver\u00f6ffentlicht. Die Updates betreffen unter anderem Switches und Wireless Controller dieses Herstellers. Angreifer k\u00f6nnten die Ger\u00e4te bzw. Dienste st\u00f6ren, oder die Kontrolle \u00fcbernehmen. Die Schwachstellen werden weitgehend mit dem Bedrohungsgrade hoch eingestuft.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/25785f366e9c43d785772fd650f463de\" alt=\"\" width=\"1\" height=\"1\" \/>Die Kollegen von heise haben <a href=\"https:\/\/www.heise.de\/news\/Root-Luecke-Selbtsheilungsfunktion-gefaehrdet-Cisco-Netzwerkhardware-7279116.html\" target=\"_blank\" rel=\"noopener\">hier<\/a> einige Zeilen dazu verfasst. Details finden sich in nachfolgend verlinkten Sicherheitshinweisen von Cisco.<\/p>\n<ul>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-wlc-udp-dos-XDyEwhNz\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points UDP Processing Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-wlc-dhcp-dos-76pCjPxK\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-wlc-dos-mKGRrsCB\" target=\"_blank\" rel=\"noopener\">Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-alg-dos-KU9Z8kFX\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-iosxe-cip-dos-9rTbKLt9\" target=\"_blank\" rel=\"noopener\">Cisco IOS and IOS XE Software Common Industrial Protocol Request Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-iosxe-mpls-dos-Ab4OUL3\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-c9800-mob-dos-342YAc6J\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ewc-priv-esc-nderYLtK\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sd-wan-priv-E6e8tEdF\" target=\"_blank\" rel=\"noopener\">Cisco SD-WAN Software Privilege Escalation<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ssh-excpt-dos-FzOBQTnk\" target=\"_blank\" rel=\"noopener\">Cisco IOS and IOS XE Software SSH Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-iosxe-6vpe-dos-tJBtf5Zv\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software IPv6 VPN over MPLS Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ap-assoc-dos-EgVqtON8\" target=\"_blank\" rel=\"noopener\">Cisco Catalyst 9100 Series Access Points Association Request Denial of Service<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sdwan-privesc-cli-xkGwmqKu\" target=\"_blank\" rel=\"noopener\">Cisco SD-WAN Software Arbitrary File Corruption<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-cwlc-snmpidv-rnyyQzUZ\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Information Disclosure<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ios-xe-cat-verify-D4NEQA6q\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-duo-macOS-bypass-uKZNpXE6\" target=\"_blank\" rel=\"noopener\">Cisco Duo for macOS Authentication Bypass<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-webui-cmdinj-Gje47EMn\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE Software Web UI Command Injection<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sdwan-avc-NddSGB8\" target=\"_blank\" rel=\"noopener\">Cisco Software-Defined Application Visibility and Control on Cisco vManage Authentication Bypass<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-sdavc-ZA5fpXX2\" target=\"_blank\" rel=\"noopener\">Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-iosxe-info-disc-nrORXjO\" target=\"_blank\" rel=\"noopener\">Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure<\/a><\/li>\n<li><a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-arb-file-delete-VB2rVcQv\" target=\"_blank\" rel=\"noopener\">Cisco SD-WAN Arbitrary File Deletion<\/a><\/li>\n<\/ul>\n<p>Wegen der Schwere vieler Schwachstellen sollten die Ger\u00e4te zeitnah mit den von Cisco angebotenen Updates versorgt werden.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]Kurzer Nachtrag von dieser Woche. Der Hersteller Cisco hat zum 28. September 2022 umfangreiche Sicherheitshinweise und Updates f\u00fcr seine Netzwerk-Hardware ver\u00f6ffentlicht. Die Updates betreffen unter anderem Switches und Wireless Controller dieses Herstellers. Angreifer k\u00f6nnten die Ger\u00e4te bzw. Dienste st\u00f6ren, oder &hellip; <a href=\"https:\/\/borncity.com\/blog\/2022\/10\/01\/gravierende-schwachstellen-in-cisco-netzwerk-hardware-sept-2022\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[4328],"class_list":["post-273414","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/273414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=273414"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/273414\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=273414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=273414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=273414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}