Ciscoが「Log4Shell」の調査を終了、65製品に影響 - 大半が年内にリリース予定

「Apache Log4j」に関しては、「CVE-2021-44228」「CVE-2021-45046」の修正版としてリリースされた「Apache Log4j 2.16.0」に関しても、あらたに「CVE-2021-45105」が判明、急遽「同2.17.0」がリリースされている。同社では、同脆弱性の影響についても引き続き調査を進めていく方針。

脆弱性「CVE-2021-44228」「CVE-2021-45046」の影響を受ける製品は以下のとおり。

Cisco Webex Meetings Server
Cisco CX Cloud Agent Software
Cisco Call Studio
Cisco Nexus Insights
Cisco Firepower Threat Defense managed by Firepower Device Manager
Cisco Identity Services Engine
Cisco Application Policy Infrastructure Controller - Network Insights Base App
Cisco Automated Subsea Tuning
Cisco Business Process Automation
Cisco CloudCenter Cost Optimizer
Cisco CloudCenter Suite Admin
Cisco CloudCenter Workload Manager
Cisco CloudCenter
Cisco Common Services Platform Collector
Cisco Crosswork Data Gateway
Cisco Crosswork Network Controller
Cisco Crosswork Optimization Engine
Cisco Crosswork Platform Infrastructure
Cisco Crosswork Situation Manager
Cisco Crosswork Zero Touch Provisioning
Cisco Cyber Vision Sensor Management Extension
Cisco DNA Spaces Connector
Cisco Data Center Network Manager
Cisco Evolved Programmable Network Manager
Cisco Intersight Virtual Appliance
Cisco Network Services Orchestrator
Cisco Nexus Dashboard, formerly Cisco Application Services Engine
Cisco Prime Service Catalog
Cisco Smart PHY
Cisco Virtual Topology System
Cisco Virtualized Infrastructure Manager
Cisco WAN Automation Engine
Cisco DNA Center
Cisco IOx Fog Director
Cisco Network Assurance Engine
Cisco Network Convergence System 1004
Cisco Optical Network Controller
Cisco SD-WAN vManage
Cisco Integrated Management Controller Supervisor
Cisco UCS Central Software
Cisco UCS Director
Cisco Workload Optimization Manager
Cisco BroadWorks
Cisco Cloud Connect
Cisco Contact Center Domain Manager
Cisco Contact Center Management Portal
Cisco Emergency Responder
Cisco Enterprise Chat and Email
Cisco Finesse
Cisco Packaged Contact Center Enterprise
Cisco Paging Server
Cisco Unified Communications Manager
Cisco Unified Communications Manager Session Management Edition
Cisco Unified Communications Manager IM &Presence Service
Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Enterprise - Live Data server
Cisco Unified Contact Center Express
Cisco Unified Customer Voice Portal
Cisco Unified Intelligence Center
Cisco Unified SIP Proxy Software
Cisco Unity Connection
Cisco Virtualized Voice Browser
Cisco Webex Workforce Optimization
Cisco Video Surveillance Operations Manager
Cisco Connected Mobile Experiences

（Security NEXT - 2021/12/21 ） ツイート

PR

関連記事

ゼロデイ攻撃は8カ月以上前 - 「Active! mail」脆弱性の影響拡大に懸念
「Erlang/OTP」脆弱性、一部Cisco製品で影響が判明
「ActiveMQ NMS OpenWire Client」にRCE脆弱性 - 修正版が公開
「GitHub Enterprise Server」に複数脆弱性 - アップデートで修正
NVIDIA製GPUドライバに複数の脆弱性 - 権限昇格やDoSのおそれ
トレンドの法人向け複数製品に脆弱性 - アップデートで修正
「Erlang/OTP」に深刻なRCE脆弱性 - 概念実証コードも公開済み
「GitLab」に5件の脆弱性 - 最新パッチで修正
「SonicOS」にリモートよりDoS攻撃を受けるおそれ - 修正版を公開
NVIDIAのAI開発フレームワーク「NeMo」に3件の脆弱性