ファイアウォール関連で色々挙がっていた
f5 -- big-ip_access_policy_manager
|
The Configuration utility in F5
BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before
11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4,
and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before
11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM
and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and
11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x
before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM
11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows
remote authenticated users with certain permissions to gain privileges
by leveraging an Access Policy Manager customization configuration
section that allows file uploads.
該当する場合は、バージョンアップすれば良い。
委細、ベンダーサイトに。 |
2016-08-19
|
||
watchguard -- rapidstream
|
WatchGuard RapidStream
appliances allow local users to gain privileges and execute arbitrary
commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
|
2016-08-24
|
||
fortinet -- fortios
|
Buffer overflow in the Cookie
parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and
4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers
to execute arbitrary code via a crafted HTTP
request, aka EGREGIOUSBLUNDER.
該当の場合はバージョンアップすれば良い。
ベンダーページにも「FortiOS 5.xは影響しない」とされているので。
|
2016-08-24
|
||
cisco -- ip_phone_8800_series
_firmware
|
Cisco IP Phone 8800 devices with
software 11.0(1) allow remote attackers to cause a denial of service
(memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
|
2016-08-22
|
||
cisco -- ios_xr
|
Memory leak in Cisco IOS XR
5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR
9001 devices allows remote attackers to cause a denial of service
(control-plane protocol outage) via crafted fragmented
packets, aka Bug ID CSCux26791.
|
2016-08-22
|
||
hp –
converged_infrastructure
_solution_sizer_suite
|
HPE Smart Update in Storage
Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite
(CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management
Sizer before 16.12.1, Synergy Planning Tool before
3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite
powered by HANA before 16.11.1, Sizer for ConvergedSystems
Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before
16.12.1, Sizer for Microsoft Lync Server 2013 before
16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for
Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype
for Business Server 2015 before 16.5.1 allows remote attackers to
execute arbitrary code via unspecified vectors.
|
2016-08-22
|
-----> 2016.09.08 追記
・Alert (TA16-250A)
The Increasing Threat to Network Infrastructure Devices
and Recommended Mitigations (09/06)
←ネットワークインフラ機器への脅威。まとめが出た
No comments:
Post a Comment