UCisco ebebandezeleka ngokuxhaphazwa okusebenzayo kobuthathaka kwiCisco IOS XE

Umngcipheko

Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.

kwiiveki zokugqibela UCisco uye wabandakanyeka kwingxaki enkulu yokhuseleko ekuphunyezweni kojongano lwewebhu olusetyenziswa kwizixhobo eziphathekayo kunye nenyani zeCisco ezixhotyiswe nge Cisco IOS XE inkqubo yokusebenza.

Kwaye ukususela phakathi kwenyanga ka-Oktobha, Iindaba zakhutshwa ukuba ubuthathaka obubalulekileyo bachongiwe (esele ifakwe kwikhathalogu phantsi (i-CVE-2023-20198), evumela, ngaphandle kokuqinisekiswa, ukufikelela ngokupheleleyo kwinkqubo enomgangatho ophezulu wamalungelo, ukuba unokufikelela kwi-port yenethiwekhi apho i-interface yewebhu isebenza ngayo.

Kuyakhankanywa ukuba ingozi yengxaki iba mandundu ngenxa yokuba Abahlaseli bebesebenzisa ubuthathaka obungabhalwanga ngaphezulu kwenyanga ukwenza ezongezelelweyo "cisco_tac_admin" kunye "cisco_support" akhawunti kunye namalungelo omlawuli, kunye nokubeka ngokuzenzekelayo ukufakelwa kwizixhobo ezibonelela ngokufikelela kude ukwenza imiyalelo kwisixhobo.

Ingxaki ngobuthathaka kukuba ivelisa ubuthathaka besibini (CVE-2023-20273) eyayisetyenziswa kuhlaselo lokufaka implanti kwizixhobo ezisebenzisa iCisco IOS XE. kwaye i-Cisco ibike ukuba abahlaseli basebenzise inzuzo emva kokuxhaphaza ubuthathaka bokuqala be-CVE-2023-20198 kwaye bavumela ukusetyenziswa kwe-akhawunti entsha ngamalungelo engcambu, edalwe ngexesha lokuxhatshazwa kwayo, ukwenza imiyalelo engafanelekanga kwisixhobo.

Kukhankanyiwe ukuba ukuxhaphazwa ukuba sesichengeni I-CVE-2023-20198 ivumela umhlaseli ukuba afumane ilungelo lenqanaba le-15 lokufikelela kwisixhobo, onokuyisebenzisa ukwenza umsebenzisi wasekhaya kwaye ungene ngonikezelo oluqhelekileyo lomsebenzisi. Ukongeza, oku kwenze ukuba kube nokwenzeka ukuba kugqithe isiqinisekiso ngokususa amagama afakwe kwisicelo ngokufaka ummeli "%xx." Umzekelo, ukufikelela kwinkonzo ye-WMSA (i-Agent yoLawulo lweNkonzo yeWebhu), ungathumela isicelo se-"POST /%2577ebui_wsma_HTTP", esibiza i-"webui_wsma_http" isibambi ngaphandle kokuqinisekisa ukufikelela.

Ngokungafaniyo nemeko kaSeptemba, lo msebenzi ka-Oktobha wawuquka izenzo ezininzi ezilandelayo, kuquka ukuthunyelwa kwe-implant esiyibiza ngokuthi "BadCandy" equkethe ifayile yoqwalaselo ("cisco_service.conf"). Ifayile yoqwalaselo ichaza isiphelo seseva yewebhu entsha (indlela ye-URI) esetyenziselwa ukusebenzisana nofakelo. Eso siphelo sifumana iiparamitha ezithile, ezichazwe ngokweenkcukacha ngakumbi ngezantsi, ezivumela umlingisi ukuba enze imiyalelo engafanelekanga kwinqanaba lenkqubo okanye kwinqanaba le-IOS. Ukuze ukufakwa kusebenze, iseva yewebhu kufuneka iphinde iqalwe; Kwimeko enye eboniweyo, iseva ayizange iphinde iqalwe, ngoko ke ukufakelwa akuzange kusebenze nangona ifakiwe.

Ukufakelwa kweBadCandy kugcinwe kwindlela yefayile "/usr/binos/conf/nginx-conf/cisco_service.conf" equlethe iintambo ezimbini eziguquguqukayo ezenziwe ngoonobumba be-hexadecimal. Ufakelo aluqhubeki, oku kuthetha ukuba isixhobo siqalelwa ngokutsha siyakusisusa, kodwa ii-akhawunti zabasebenzisi zasekhaya ezisandula ukwenziwa zihlala zisebenza nasemva kokuba inkqubo iqalwe kwakhona. Iiakhawunti zabasebenzisi abatsha zinenqanaba le-15 amalungelo, okuthetha ukuba banokufikelela ngokupheleleyo komlawuli kwisixhobo. Olu fikelelo lunelungelo kwizixhobo kunye nokudalwa okulandelayo kwabasebenzisi abatsha kubhaliswa njenge-CVE-2023-20198.

Malunga netyala I-Cisco ikhuphe ulwazi oluhlaziyiweyo zombini kuphando olulwenzileyo kunye nohlalutyo lobuchwephesha lobuthathaka obunikiweyo kunye nakwiprototype yokuxhaphaza, eyalungiswa ngumphandi ozimeleyo ngokusekelwe kuhlalutyo lwetrafikhi yomhlaseli.

Nangona, ukuqinisekisa umgangatho ofanelekileyo wokhuseleko, kuyacetyiswa ukuba uvule ukufikelela kwi-interface yewebhu kuphela kwimikhosi ekhethiweyo okanye inethiwekhi yendawo, abalawuli abaninzi bashiya inketho yokudibanisa kwinethiwekhi yehlabathi. Ngokukodwa, ngokwenkonzo yeShodan, ngoku kukho ngaphezu kwe-140 lamawaka izixhobo ezinokuthi zibe sesichengeni ezibhalisiweyo kuthungelwano lwehlabathi. Umbutho we-CERT sele ubhalise malunga ne-35 amawaka ezixhobo zeCisco ezihlaselwe ngempumelelo.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga nenqaku, ungajongana noshicilelo lokuqala kwi ukulandela ikhonkco.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.