An gano wani matsala mai mahimmanci na tsaro (CVE-2021-34795) a cikin Sisico Catalyst PON CGP-ONT-* (Passive Optical Network) jerin masu sauyawa, wanda ke ba da damar, lokacin da aka kunna yarjejeniya ta telnet, don haɗawa zuwa sauyawa tare da haƙƙin gudanarwa ta amfani da asusun cire kuskure wanda mai ƙira ya bari a cikin firmware da aka sani. Matsalar tana bayyana ne kawai lokacin da ikon shiga ta telnet ya kunna a cikin saitunan, wanda aka kashe ta tsohuwa.
Baya ga kasancewar wani asusu tare da kalmar sirri da aka riga aka sani, wasu lahani guda biyu (CVE-2021-40112, CVE-2021-40113) a cikin mahallin gidan yanar gizon an kuma gano su a cikin ƙirar canzawa da ake tambaya, yana ba da damar maharan da ba a tantance ba wanda ya aikata. ba su san sigogin shiga don aiwatar da umarninsu tare da tushen ba kuma yin canje-canje ga saitunan. Ta hanyar tsoho, ana ba da damar yin amfani da mu'amalar yanar gizo daga cibiyar sadarwa ta gida kawai, sai dai idan an soke wannan hali a cikin saitunan.
A lokaci guda, an gano irin wannan matsala (CVE-2021-40119) tare da shigar da injiniyanci da aka riga aka ƙayyade a cikin samfurin software na Cisco Policy Suite, wanda aka shigar da maɓallin SSH da aka shirya a gaba ta hanyar masana'anta, yana ba da damar maharan nesa ya samu. samun dama ga tsarin tare da haƙƙin tushen.
source: budenet.ru