ʻEhā mau nāwaliwali i ʻike ʻia ma Cisco Small Business series switch e ʻae i kahi mea hoʻouka mamao me ka ʻole o ka hōʻoia e loaʻa i ke komo piha i ka hāmeʻa me nā kuleana kumu. No ka hoʻohana ʻana i nā pilikia, pono e hiki i ka mea hoʻouka ke hoʻouna i nā noi i ke awa pūnaewele e hāʻawi ana i ka interface pūnaewele. Hāʻawi ʻia nā pilikia i kahi pae koʻikoʻi o ka pōʻino (4 mai ka 9.8). Hōʻike ʻia kahi prototype o kahi hana hana.
ʻO nā haʻahaʻa i ʻike ʻia (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189) ke kumu o nā hewa i ka wā e hana ana me ka hoʻomanaʻo i nā mea lawelawe like ʻole i loaʻa i ka pae pre-authentication. Ke alakaʻi nei nā mea palupalu i ka hoʻoheheʻe ʻana i ka wā e hoʻoili ai i ka ʻikepili waho i hoʻolālā kūikawā ʻia. Eia kekahi, ʻehā mau mea nāwaliwali liʻiliʻi (CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158) i ʻike ʻia i loko o ka Cisco Small Business moʻo e ʻae i ka hōʻole mamao o ka lawelawe, a hoʻokahi. vulnerability (CVE-2023-20162), e hiki ai ke kiʻi i ka ʻike hoʻonohonoho hoʻonohonoho me ka ʻole o ka hōʻoia.
Hoʻopilikia nā mea palupalu i ka Smart Switch 250, 350, 350X, 550X, Business 250 a me Business 350 series, a me ka moʻo Small Business 200, 300 a me 500. ʻAʻole pili ka 220 a me Business 220 e ka nāwaliwali. Ua hoʻopaʻa ʻia nā pilikia ma ka firmware updates 2.5.9.16 a me 3.3.0.16. No ka ʻoihana liʻiliʻi 200, 300 a me 500 pūʻulu, ʻaʻole e hana ʻia nā mea hou firmware, no ka mea, ua pau ke ola o kēia mau hiʻohiʻona.
Source: opennet.ru