Cisco yalengeza za kupezeka kwa chiwopsezo cha masiku a zero chomwe sichikudziwika, CVE-2023-20198, mu seva yapaintaneti ya Cisco IOS XE. Kusatetezeka kumakhudza zida zonse zakuthupi komanso zenizeni zomwe zikuyenda ndi Cisco IOS XE zomwe zilinso ndi mawonekedwe a seva ya HTTP(S). Chiwopsezo chapatsidwa kuchuluka kwazovuta kwambiri - 10 mwa mfundo 10 zomwe zingatheke - pamlingo wa CVSS. Chigawo chothana ndi chiwopsezochi sichinapezeke. Chiwopsezo chimalola wowononga, popanda kutsimikizika, kuti apange akaunti yokhala ndi mwayi waukulu (15) pa chipangizo cholumikizidwa ndi intaneti, kuwapatsa kuwongolera kwathunthu pamakina osokonekera. Kampaniyo idati idatsata momwe wowukirayo adapezerapo mwayi wopeza mwayi wowongolera pazida zomwe zimagwiritsa ntchito iOS XE kenako, kudutsa zigamba, adagwiritsa ntchito chiopsezo chakale chakutali (RCE) kuyambira 2021 (CVE-2021-1435) kukhazikitsa choyika cha Lua pamakina omwe akhudzidwa.
Source: 3dnews.ru
