˼¿Æ°ä²¼¶à¸ö¸ßΣ·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2020-03-06

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2020-3127 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3128 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3148 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2020-3155 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.4 £¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


CVE񅧏

Ó°Ïì²úÆ·

CVE-2020-3127

CVE-2020-3128

Cisco Webex   Meetings ¡ª All Webex Network Recording Player and Webex Player releases   earlier than Release WBS 39.5.17 or WBS 39.11.0

Cisco Webex   Meetings Online ¡ª All Webex Network Recording Player and Webex Player   releases earlier than Release 1.3.49

Cisco Webex   Meetings Server ¡ª All Webex Network Recording Player releases earlier than   Release 3.0MR3SecurityPatch1 and 4.0MR2SecurityPatch2

CVE-2020-3148

Cisco Prime   Network Registrar releases earlier than 10.1

CVE-2020-3155

Cisco Intelligent   Proximity application

Cisco Jabber

Cisco Webex   Meetings

Cisco Webex Teams

Cisco Meeting App


·ì϶¸ÅÊö


3ÔÂ4ÈÕ˼¿Æ°ä²¼Á˲úÆ·°²È«¸üР£¬½¨¸´¶à¸ö·ì϶ £¬Ô̺¬4¸ö¸ßΣ·ì϶ £¬¸ÅÊöÈçÏ£º


CVE-2020-3127/CVE-2020-3128

Cisco Webex Network Recording PlayerÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»¿îÓÃÓÚ²¥·ÅÊÓƵ»áÒé¼Í¼µÄ²¥·ÅÆ÷¡£


»ùÓÚWindowsƽ̨µÄCisco Webex Network Recording PlayerºÍCisco Webex PlayerÖдæÔÚÊäÈëÑéÖ¤ÃýÎó·ì϶ £¬¸Ã·ì϶ԴÓÚ·¨Ê½Ã»Óгä·ÖÑéÖ¤ARF»òWRFÌåʽϵÄWebex¼Í¼ÐÅÏ¢¡£¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâµÄARF»òWRFÎļþÀûÓø÷ì϶ÒÔÖ¸±êÓû§È¨ÏÞÔÚϵͳÉÏÖ´ÐÐËÁÒâ´úÂë¡£


CVE-2020-3148

Cisco Prime Network Registrar£¨CPNR£©ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»¿îÍøÂç×¢²áÆ÷²úÆ·¡£¸Ã²úÆ·ÌṩÁ˶¯Ì¬Ö÷»úÅäÖúÍ̸£¨DHCP£©¡¢ÓòÃûϵͳ£¨DNS£©ºÍIPµØÖ·ÖÎÀí£¨IPAM£©µÈ·þÎñ¡£


Cisco CPNR 10.1֮ǰ°æ±¾£¨releases£©ÖлùÓÚWebµÄ½Ó¿Ú´æÔÚ¿çÕ¾ÒªÇóαÔì·ì϶ £¬¸Ã·ì϶ԴÓÚ·¨Ê½Ã»ÓнøÐгä·ÖµÄ¿çÕ¾ÒªÇóαÔì±£»¤¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýÓÕʹÓû§µã»÷¶ñÒâÁ´½ÓÀûÓø÷ì϶Åú¸ÄÉ豸ÅäÖà £¬½ø¶øÄܹ»±à×ë»ò´´½¨ËÁÒâȨÏÞÓû§µÄÕË»§¡£


CVE-2020-3155

Cisco Intelligent Proximity solutionÖеÄSSLʵÏÖ´æÔÚÐÅÀµÖÎÀíÎÊÌâ·ì϶ £¬¸Ã·ì϶ԴÓÚ¶Ìȱ¶ÔSSL·þÎñÆ÷Ö¤ÊéµÄÑéÖ¤¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýʹÓÃÖÐÑëÈ˼¼Êõ £¬À¹½ØÊÜÓ°Ïì¿Í»§¶ËºÍ¶ËµãÖ®¼äµÄÁ÷Á¿²¢Ê¹ÓÃαÔìµÄÖ¤ÊéÀ´¼ÙÒâ¶ËµãÀûÓø÷ì϶²é¿´»òÅú¸ÄÐÅÏ¢¡£


·ì϶ÑéÖ¤


ÔÝÎÞPoC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼CVE-2020-3127/CVE-2020-3128 £¬CVE-2020-3148µÄÉý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬²¹¶¡»ñÈ¡Á´½Ó£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200304-webex-player

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL


CVE-2020-3155µÄÉý¼¶²¹¶¡»¹Î´°ä²¼ £¬Ö»Óлº½â´ëÊ© £¬Ïê¼ûÁ´½Ó£º

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB


²Î¿¼Á´½Ó


https://tools.cisco.com/security/center/publicationListing.x