選單換圖效果,請啟用Active Scripting功能
南臺首頁 English
:::
訪客 未來學生 本校學生 教職同仁 畢業校友
:::
  南臺頭條新聞
  南臺影音新聞
  所有訊息
  重要公告
  行政公告
  校園活動
  專案計劃
  研討會資訊
  校內徵才
  校園職場實習
  工作機會
  國際證照
  南臺新生
  招生資訊
  南臺RSS新聞
  本月公告一覽
  停刊公告活動欄
  [公告系統登入]


【行政公告】 ::: [ 上一頁 ]
 
公 告 單位
 圖資處數位服務組
訊 息 類 別 行政公告 行政公告 公 告 對 象 全體
公 告 主 題
 【資安漏洞預警】Cisco IOS與IOS XE Software存在高風險安全漏洞(CVE-2017-6736至CVE-2017-6744),請儘速確認並進行修補
[Security Vulnerability Alert] Cisco IOS and IOS XE Software have high-risk security vulnerabilities (CVE-2017-6736 to CVE-2017-6744). Please confirm and patch as soon as possible.
公 告 內 容
轉發 國家資安資訊分享與分析中心 NISAC-200-202508-00000021

[內容說明]
研究人員發現Cisco IOS與IOS XE Software之SNMP功能存在緩衝區溢位(Buffer Overflow)漏洞(CVE-2017-6736至CVE-2017-6744),允許已取得SNMP Community String之遠端攻擊者利用此漏洞於設備執行任意程式碼。此系列漏洞於2017年揭露,於2022年列進KEV清單,並於近期更新影響產品與緩解措施等資訊,請儘速確認並進行修補。

[影響平台]
所有使用Cisco IOS與IOS XE Software並開啟SNMP功能之所有設備

[建議措施]
1.官方已針對漏洞釋出修復更新,請參考官方說明進行更新,網址如下:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp

可使用Cisco Software Checker(https://sec.cloudapps.cisco.com/security/center/softwarechecker.x )確認現行使用之Cisco IOS與IOS XE Software版本是否受到影響

[參考資料]
1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
2. https://nvd.nist.gov/vuln/detail/cve-2017-6736
3. https://nvd.nist.gov/vuln/detail/cve-2017-6737
4. https://nvd.nist.gov/vuln/detail/cve-2017-6738
5. https://nvd.nist.gov/vuln/detail/cve-2017-6739
6. https://nvd.nist.gov/vuln/detail/cve-2017-6740
7. https://nvd.nist.gov/vuln/detail/cve-2017-6741
8. https://nvd.nist.gov/vuln/detail/cve-2017-6742
9. https://nvd.nist.gov/vuln/detail/cve-2017-6743
10. https://nvd.nist.gov/vuln/detail/cve-2017-6744
Forwarded by the National Information Security Information Sharing and Analysis Center (NISAC-200-202508-00000021)

[Description]
Researchers have discovered buffer overflow vulnerabilities (CVE-2017-6736 to CVE-2017-6744) in the SNMP functionality of Cisco IOS and IOS XE Software. These vulnerabilities allow remote attackers who have obtained the SNMP community string to execute arbitrary code on the device. This series of vulnerabilities was disclosed in 2017 and added to the KEV list in 2022. Information on affected products and mitigation measures has recently been updated. Please verify and patch them as soon as possible.

[Affected Platforms]
All devices using Cisco IOS and IOS XE Software with SNMP enabled

[Recommended Actions]
1. An official update has been released to fix the vulnerability. Please refer to the official instructions for updating:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp

You can use the Cisco Software Checker (https://sec.cloudapps.cisco.com/security/center/softwarechecker.x) to determine if your current Cisco IOS and IOS XE Software versions are affected.

[References]
1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
2. https://nvd.nist.gov/vuln/detail/cve-2017-6736
3. https://nvd.nist.gov/vuln/detail/cve-2017-6737
4. https://nvd.nist.gov/vuln/detail/cve-2017-6738
5. https://nvd.nist.gov/vuln/detail/cve-2017-6739
6. https://nvd.nist.gov/vuln/detail/cve-2017-6740
7. https://nvd.nist.gov/vuln/detail/cve-2017-6741
8. https://nvd.nist.gov/vuln/detail/cve-2017-6742
9. https://nvd.nist.gov/vuln/detail/cve-2017-6743
10. https://nvd.nist.gov/vuln/detail/cve-2017-6744
相 關 訊 息


公 告 時 間
  2025/8/7   至 2026/2/7   
點 閱 次 數
 70

:::
 
地址:71005 台南市永康區南台街一號 (開車訪客請由中正南路→正南一街→進入南臺科技大學) HyperLink