Cisco IOS/IOS XE Software Plug-and-Play PKI API证书验证漏洞(CVE-2017-12228)
受影响系统:
Cisco IOS
Cisco Identity Services Engine (ISE)
描述:CVE(CAN) ID: CVE-2017-12228
Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。
Cisco IOS Software/Cisco IOS XE Software在Cisco Network Plug and Play应用中存在安全漏洞,可使未经身份验证的远程攻击者通过无效的证书,未授权访问敏感数据。
<*来源:Cisco
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
*>
建议:厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20170927-pnp)以及相应补丁:
cisco-sa-20170927-pnp:Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp