cisco firewall 9 月有二个分数很高的洞 , 一个 9.9 一个 9 ,基本上不上 patch ,有开服务大都会死的情形
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
官方给出 patch 的版本,包括 EOL 了..
影响到的型号及最终版本
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
5512-X and 5515-X – Last Date of Support: August 31, 2022
5525-X, 5545-X, and 5555-X – Last Date of Support: September 30, 2025
5585-X – Last Date of Support: May 31, 2023
以上没合约的就.....没救了.建议关机.
5506-X, 5506H-X, 5506W-X, 5508-X, and 5516-X – Last Date of Support: August 31, 2026
这在合约内的快更新.
Fixed Releases 看最右那一栏 First Fixed Release for all of These Vulnerabilities
至于因为 EOL 的 9.12 , 9.14
有权限的可以download patch 版本
9.12.4.72 https://software.cisco.com/download/specialrelease/5c390a2391d7c51421843b43e70e8373
9.14.4.28 https://software.cisco.com/download/specialrelease/29ca8c3a3cc367a4c86144da9f77dabf
我有上 9.12.4.72 没用,星期二被爆破VPN设备~~5512, 我才刚到货 1220 要换.
基本上 我建议 5500 系列的,全面下架....