9VSA23-00931-01 CSIRT comparte información de varias vulnerabilidades parchadas por Cisco en su Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades parchadas por Cisco como parte de su Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, actualizaciones publicadas de forma semianual.
Resumen
El CSIRT de Gobierno comparte información de nuevas vulnerabilidades parchadas por Cisco como parte de su Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication, actualizaciones publicadas de forma semianual.
Vulnerabilidades
CVE-2023-20048
CVE-2023-20086
CVE-2023-20095
CVE-2023-20244
CVE-2023-20083
CVE-2023-20063
CVE-2023-20155
CVE-2023-20219
CVE-2023-20220
CVE-2023-20042
CVE-2023-20114
CVE-2023-20264
CVE-2023-20005
CVE-2023-20041
CVE-2023-20074
CVE-2023-20206
CVE-2023-20245
CVE-2023-20256
CVE-2023-20270
CVE-2023-20246
CVE-2023-20071
CVE-2023-20247
CVE-2022-20713
CVE-2023-20070
CVE-2023-20267
CVE-2023-20031
CVE-2023-20177
Impacto
Vulnerabilidades de riesgo crítico:
CVE-2023-20048: Vulnerabilidad de inyección de comandos en FMC, debido a la autorización insuficiente de comandos de configuración enviados a través de la interfaz web. CVSS: 9.9.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Productos afectados
Cisco ASA, FMC y FTD.
Enlaces
https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74985
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20083
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20177
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA23-00931-01.