Vulnerable Systems: 容易遭受攻击的系统: * Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1 *思科统一服务监视器版本1.0 , 1.1 , 2.0和2.1 * CiscoWorks QoS Policy Manager versions 4.0 and 4.1 * CiscoWorks QoS策略管理器版本4.0和4.1 * CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0 * CiscoWorks局域网管理解决方案版本2.5 , 2.6和3.0 * Cisco Security Manager versions 3.0, 3.1, and 3.2 *思科安全管理器版本3.0 , 3.1 , 3.2 * Cisco TelePresence Readiness Assessment Manager version 1.0 *思科网真准备评估管理器1.0版 * CiscoWorks Voice Manager versions 3.0 and 3.1 * CiscoWorks语音管理器3.0和3.1版本 * CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1 * CiscoWorks健康和利用监视器版本1.0和1.1 * Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1 *思科统一业务经理版本1.0 , 1.1 , 2.0和2.1 * Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and 1.3 *思科统一配置管理器版本1.0 , 1.1 , 1.2 , 1.3 The Solaris version of CiscoWorks Common Services is not affected by this vulnerability.在Solaris版本的CiscoWorks共同事务不受此漏洞的影响。 The TFTP service is enabled by default.在TFTP服务是默认打开的。 To verify that the TFTP service is running connect to the CiscoWorks interface and choose "Start > Settings > Control Panel > Administrative Tools > Services" to access the "Services" window.要验证TFTP服务是否正在运行连接到CiscoWorks界面,并选择“开始” >设置> “控制面板” >管理工具“ >服务”进入“服务”窗口。 The name of the service is "CWCS tftp service".服务的名称是“ CWCS tftp服务” 。 Note: Administrators can also issue the "tasklist/svc" Microsoft Windows command to list the services that are running on the system.注意:管理员还可以发出“任务列表/的SVC ”微软Windows命令列出的服务上正在运行的系统。 CiscoWorks Common Services contains a TFTP directory traversal vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files. CiscoWorks共同事务包含一个TFTP目录遍历安全漏洞可能允许未经认证的远程攻击者访问应用程序和主机操作系统的文件。 Note: Only CiscoWorks Common Services systems that run on Microsoft Windows operating systems are vulnerable.注意:只有CiscoWorks共同事务系统上运行的Microsoft Windows作业系统是脆弱的。 The Solaris version of CiscoWorks Common Services is not affected by this vulnerability.在Solaris版本的CiscoWorks共同事务不受此漏洞的影响。 Patch Availability: 补丁状况: CiscoWorks Common Services software patch: cwcs3.x-win-CSCsx07107-0.zip CiscoWorks共同事务的软件修补程序: cwcs3.x -双赢CSCsx07107 - 0.zip The CiscoWorks Common Services patch can be downloaded from the following link: http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one共同事务的CiscoWorks修补程序可从以下链接: http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one Workarounds 变通 To mitigate this vulnerability, administrators can disable TFTP services by completing the following steps:减轻这种脆弱性,管理员可以禁用TFTP服务的完成下列步骤: Step 1.第1步。 Choose "Start > Settings > Control Panel > Administrative Tools > Services to access the Services window.选择“开始” >设置> “控制面板” >管理工具“ >服务进入服务窗口。 Step 2.第2步。 Right-click "CWCS tftp service" and select "Properties".右键单击“ CWCS tftp服务” ,并选择“属性” 。 Step 3.第3步。 Set the "Startup Type" to "Disabled".设置“启动类型”改为“禁用” 。 Step 4.第4步。 Click the "Stop" button to stop the TFTP service.单击“停止”按钮停止TFTP服务。 Note: Disabling TFTP services may impact the functionality of some of the CiscoWorks components.注:禁用TFTP服务的功能,可能会影响一些CiscoWorks组件。 Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090520-cw.shtml额外的缓解,可以部署在思科的设备在网络覆盖范围内可在思科应用减灾公告同伴本咨询文件,可在以下链接: http://www.cisco.com/warp/public/707/思科带有-二千〇九点〇五二万- cw.shtml |
|小黑屋|最新主题|手机版|微赢网络技术论坛
( 苏ICP备08020429号 )
GMT+8, 2024-10-1 12:10 , Processed in 0.133480 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.
