I roto i te whakatinanatanga o te atanga tukutuku e whakamahia ana i runga i nga taputapu Cisco tinana me te mariko kua whakauruhia ki te punaha whakahaere Cisco IOS XE, kua kitea he whakaraeraetanga nui (CVE-2023-20198), e taea ai, me te kore he motuhēhēnga, te uru katoa ki te punaha me te taumata teitei o nga painga, mena ka uru koe ki te tauranga whatunga e whakahaere ai te atanga tukutuku. Ko te kino o te raru ka kaha ake na te mea kua whakamahia e te hunga whakaeke te whakaraeraetanga mo te marama kotahi ki te hanga i etahi atu kaute "cisco_tac_admin" me te "cisco_support" me nga mana whakahaere, me te whakanoho aunoa i te whakauru ki runga i nga taputapu e whakarato ana i te uru mamao ki te mahi. whakahau i runga i te taputapu.
Ahakoa te meka ki te whakarite i te taumata tika o te haumarutanga, e taunaki ana kia whakatuwherahia te uru ki te atanga tukutuku anake ki nga kaihautu kua tohua, ki te whatunga rohe ranei, he maha nga kaiwhakahaere e waiho ana i te whiringa ki te hono mai i te whatunga o te ao. Ina koa, e ai ki te ratonga Shodan, i tenei wa kua neke atu i te 140 mano nga taputapu whakaraerae kua tuhia ki te whatunga o te ao. Kua tuhia e te whakahaere CERT mo te 35 mano i whakaeke angitu i nga taputapu Cisco me te whakaurunga kino.
I mua i te whakaputa i tetahi whakatika e whakakore ana i te whakaraeraetanga, hei huarahi ki te aukati i te raru, ka tūtohu kia whakakorehia te HTTP me te HTTPS server i runga i te taputapu ma te whakamahi i nga whakahau "no ip http server" me "no ip http secure-server" i roto i te papatohu, whakawhāitihia te uru ki te atanga tukutuku i runga i te papangaahi. Hei tirotiro i te ahua o te whakaurunga kino, e taunaki ana kia mahia te tono: curl -X POST http://IP-devices/webui/logoutconfirm.html?logon_hash=1, ki te taupatupatuhia, ka hoki mai he tohu 18. hash. Ka taea hoki e koe te tātari i te raarangi i runga i te taputapu mo nga hononga kee me nga mahi hei whakauru i etahi atu konae. %SYS-5-CONFIG_P: I whirihorahia ma te mahinga SEP_webui_wsma_http mai i te papatohu hei kaiwhakamahi i runga i te raina %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Takiuru Angitu [kaiwhakamahi: kaiwhakamahi] [Putake: source_IP_address] i te 05:41:11 UTC Wenerei 17 Oketopa 2023 WE6 -XNUMX-INSTALL_OPERATION_INFO: Kaiwhakamahi: ingoa kaiwhakamahi, Tāuta Mahi: ADD ingoa kōnae
Ki te taupatupatu, ki te tango i te implant, whakaara ano i te taputapu. Ko nga kaute i hangaia e te kaitukino ka mau tonu i muri i te tiimatanga me te whakakore a-ringa. Ko te whakaurunga kei roto i te konae /usr/binos/conf/nginx-conf/cisco_service.conf me te 29 rarangi waehere kei roto i te reo Lua, e whakarato ana i te whakatinanatanga o nga whakahau i te taumata punaha, i te atanga whakahau Cisco IOS XE ranei hei whakautu. ki te tono HTTP me te huinga tawhā motuhake.
Source: opennet.ru