多款Cisco产品授权问题漏洞

CNNVD-ID编号	CNNVD-202007-103
CVE编号	CVE-2020-3297
发布时间	2020-07-01
更新时间	2020-07-10
漏洞类型	授权问题
漏洞来源	N/A
危险等级	超危
威胁类型	远程
厂商	N/A

漏洞介绍

Cisco Small Business 200 Series Smart Switches等都是美国思科（Cisco）公司的产品。Cisco Small Business 200 Series Smart Switches是一款小型智能交换机设备。Cisco 350 Series Managed Switches是一款350系列管理型交换机。550X Series Stackable Managed Switches是一款550X系列管理型交换机。

多款Cisco产品中Web接口的会话管理存在授权问题漏洞。攻击者可利用该漏洞绕过身份验证保护，获取被劫持会话账户的权限，包括管理员权限。以下产品及版本受到影响：Cisco 250 Series Smart Switches；350 Series Managed Switches；350X Series Stackable Managed Switches；550X Series Stackable Managed Switches；Small Business 200 Series Smart Switches；Small Business 300 Series Managed Switches；Small Business 500 Series Stackable Managed Switches。

漏洞补丁

目前厂商已发布升级了多款Cisco产品授权问题漏洞的补丁，多款Cisco产品授权问题漏洞的补丁获取链接：

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY

参考网址

来源:CISCO

链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2270/
来源:tools.cisco.com

链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-3297

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202007-103