˼¿ÆÐû²¼¶à¸ö¸ßΣÎó²îΣº¦Í¨¸æ

Ðû²¼Ê±¼ä 2020-03-06

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-3127£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3128£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3148£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3155£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.4£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


CVE񅧏

Ó°Ïì²úÆ·

CVE-2020-3127

CVE-2020-3128

Cisco Webex   Meetings ¡ª All Webex Network Recording Player and Webex Player releases   earlier than Release WBS 39.5.17 or WBS 39.11.0

Cisco Webex   Meetings Online ¡ª All Webex Network Recording Player and Webex Player   releases earlier than Release 1.3.49

Cisco Webex   Meetings Server ¡ª All Webex Network Recording Player releases earlier than   Release 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2

CVE-2020-3148

Cisco Prime   Network Registrar releases earlier than 10.1

CVE-2020-3155

Cisco Intelligent   Proximity application

Cisco Jabber

Cisco Webex   Meetings

Cisco Webex Teams

Cisco Meeting App


Îó²î¸ÅÊö


3ÔÂ4ÈÕ˼¿ÆÐû²¼Á˲úÆ·Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¸öÎó²î£¬£¬£¬£¬£¬°üÀ¨4¸ö¸ßΣÎó²î£¬£¬£¬£¬£¬¸ÅÊöÈçÏ£º


CVE-2020-3127/CVE-2020-3128

Cisco Webex Network Recording PlayerÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»¿îÓÃÓÚ²¥·ÅÊÓƵ¾Û»á¼Í¼µÄ²¥·ÅÆ÷¡£¡£¡£¡£¡£¡£¡£


»ùÓÚWindowsƽ̨µÄCisco Webex Network Recording PlayerºÍCisco Webex PlayerÖб£´æÊäÈëÑéÖ¤¹ýʧÎó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòûÓгä·ÖÑéÖ¤ARF»òWRFÃûÌÃϵÄWebex¼Í¼ÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâµÄARF»òWRFÎļþʹÓøÃÎó²îÒÔÄ¿µÄÓû§È¨ÏÞÔÚϵͳÉÏÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£


CVE-2020-3148

Cisco Prime Network Registrar£¨CPNR£©ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»¿îÍøÂç×¢²áÆ÷²úÆ·¡£¡£¡£¡£¡£¡£¡£¸Ã²úÆ·ÌṩÁ˶¯Ì¬Ö÷»úÉèÖÃЭÒ飨DHCP£©¡¢ÓòÃûϵͳ£¨DNS£©ºÍIPµØµãÖÎÀí£¨IPAM£©µÈЧÀÍ¡£¡£¡£¡£¡£¡£¡£


Cisco CPNR 10.1֮ǰ°æ±¾£¨releases£©ÖлùÓÚWebµÄ½Ó¿Ú±£´æ¿çÕ¾ÇëÇóαÔìÎó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòûÓоÙÐгä·ÖµÄ¿çÕ¾ÇëÇóαÔì±£»£»£»£»¤¡£¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýÓÕʹÓû§µã»÷¶ñÒâÁ´½ÓʹÓøÃÎó²îÐÞ¸Ä×°±¸ÉèÖ㬣¬£¬£¬£¬½ø¶ø¿ÉÒԱ༭»ò½¨Éèí§ÒâȨÏÞÓû§µÄÕË»§¡£¡£¡£¡£¡£¡£¡£


CVE-2020-3155

Cisco Intelligent Proximity solutionÖеÄSSLʵÏÖ±£´æÐÅÈÎÖÎÀíÎÊÌâÎó²î£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚȱÉÙ¶ÔSSLЧÀÍÆ÷Ö¤ÊéµÄÑéÖ¤¡£¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýʹÓÃÖÐÐÄÈËÊÖÒÕ£¬£¬£¬£¬£¬×èµ²ÊÜÓ°Ïì¿Í»§¶ËºÍ¶ËµãÖ®¼äµÄÁ÷Á¿²¢Ê¹ÓÃαÔìµÄÖ¤ÊéÀ´Ã°³ä¶ËµãʹÓøÃÎó²îÉó²é»òÐÞ¸ÄÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPoC/EXP¡£¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼CVE-2020-3127/CVE-2020-3128£¬£¬£¬£¬£¬CVE-2020-3148µÄÉý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL


CVE-2020-3155µÄÉý¼¶²¹¶¡»¹Î´Ðû²¼£¬£¬£¬£¬£¬Ö»Óлº½â²½·¥£¬£¬£¬£¬£¬Ïê¼ûÁ´½Ó£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB


²Î¿¼Á´½Ó


https://tools.cisco.com/security/center/publicationListing.x