Cisco Email Security Appliance Çå¾²Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-14

Îó²î±àºÅºÍ¼¶±ð


       CVE±àºÅ£ºCVE-2018-15453£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬ CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.6£¬£¬ £¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


       ÊÜÓ°Ïì°æ±¾£º

       Cisco Email Security Appliance 11.1.0-131

       Cisco Email Security Appliance 0

       Cisco Asyncos 11.1 

       Cisco Asyncos 11.0 

       Cisco Asyncos 9.0

       Cisco Asyncos 10.5.2-061

       Cisco Asyncos 10.5.2-042

       Cisco Asyncos 10.5.2

       Cisco Asyncos 10.5.1-296

       Cisco Asyncos 10.5.1

       Cisco Asyncos 10.0.0-203

       Cisco Asyncos 10.0.0-125

       Cisco Asyncos 10.0.0-124

       Cisco Asyncos 10.0


      ²»ÊÜÓ°Ïì°æ±¾£º

      Cisco Email Security Appliance 12.0.0-281

      Cisco Email Security Appliance 11.1.1-042

      Cisco Email Security Appliance 11.1.1-037

      Cisco Email Security Appliance 11.0.2-044


Îó²î¸ÅÊö


Cisco Email Security Appliance(ESA)ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄÒ»¸öµç×ÓÓʼþÇå¾²×°±¸¡£¡£¡£¡£¡£¡£¡£AsyncOS SoftwareÊÇʹÓà ÔÚÆäÖеIJÙ×÷ϵͳ¡£¡£¡£¡£¡£¡£¡£


Cisco ESAµÄAsyncOS SoftwareÖеÄSecure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification»òS/MIME Public Key Harvesting¹¦Ð§±£´æÇå¾²Îó²î£¬£¬ £¬¸ÃÎó²îÔ´ÓÚ³ÌÐòûÓжÔS/MIMEÊðÃûµÄÓʼþ¾ÙÐÐ׼ȷµØÊäÈëÑéÖ¤¡£¡£¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ý·¢ËͶñÒâµÄS/MIMEÊðÃûµÄÓʼþʹÓøÃÎó²îÔì³É×°±¸¾Ü¾øЧÀÍ£¨ÏµÍ³ÄÚ´æË𻵣©¡£¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP£¬£¬ £¬¿ÉÒÔͨ¹ýÒÔÏ·½·¨ÑéÖ¤£º

Ҫȷ¶¨ÊÇ·ñÔÚESAÉÏÉèÖÃÁËS / MIME Decryption and Verification£¬£¬ £¬ÖÎÀíÔ±¿ÉÒÔÖ´ÐÐÒÔϲÙ×÷£º

1.       µ¼º½µ½Click Mail Policies > Mail Flow Policies

2.       ä¯ÀÀËùÓÐÏÖÓеÄMail Flow Policies

3.       ÏòÏÂת¶¯µ½Ã¿¸öMail Flow PolicyµÄSecurity Features²¿·Ö

4.       ÔÚS/MIME Decryption/VerificationÏ£¬£¬ £¬ÑéÖ¤ÊÇ·ñÆôÓÃÁËS/MIME decryption and

verification¡£¡£¡£¡£¡£¡£¡£


Ҫȷ¶¨ÊÇ·ñÔÚESAÉÏÉèÖÃÁËS/MIME Public Key Harvesting£¬£¬ £¬ÖÎÀíÔ±¿ÉÒÔÖ´ÐÐÒÔϲÙ×÷£º

1.       µ¼º½µ½Click Mail Policies > Mail Flow Policies

2.       ä¯ÀÀËùÓÐÏÖÓеÄMail Flow Policies

3.       ÏòÏÂת¶¯µ½Ã¿¸öMail Flow PolicyµÄSecurity Features²¿·Ö

4.       ÔÚS/MIME Public Key HarvestingÏ£¬£¬ £¬ÑéÖ¤ÊÇ·ñÆôÓÃÁËS/MIME Public Key

Harvesting¡£¡£¡£¡£¡£¡£¡£


Ҫȷ¶¨ESAÉÏÊÇ·ñÔËÐÐÁËÒ×Êܹ¥»÷µÄCisco AsyncOSÈí¼þ°æ±¾£¬£¬ £¬ÖÎÀíÔ±¿ÉÒÔÔÚESA CLI

ÖÐʹÓÃversionÏÂÁî¡£¡£¡£¡£¡£¡£¡£ÒÔÏÂʾÀýÏÔʾÁËÔËÐÐCisco AsyncOSÈí¼þ°æ±¾10.0.1-087µÄESAµÄÏÂÁîÊä³ö£º


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬ £¬Óû§Ó¦ÊµÊ±¸üÐÂÉý¼¶¾ÙÐзÀ»¤¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó

       https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos