Zofooka zinayi zapezeka mu ma switch a Cisco Small Business omwe amalola wowukira wakutali kupeza mwayi wokwanira wolowera ku chipangizocho popanda kutsimikizira. Kuti agwiritse ntchito zofooka izi, wowukira ayenera kukhala wokhoza kutumiza zopempha ku doko la netiweki lomwe limathandizira mawonekedwe awebusayiti. Zofooka izi zayesedwa kuti ndi zofunika kwambiri (9.8 mwa 10). Chitsanzo chogwira ntchito chanenedwa.
Zofooka zomwe zapezeka (CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189) zimachitika chifukwa cha zolakwika zokumbukira m'ma handlers osiyanasiyana omwe amapezeka panthawi yotsimikizira. Zofookazi zimapangitsa kuti pakhale kuchuluka kwa zinthu zomwe zimasungidwa mu buffer pamene mukukonza deta yakunja yopangidwa mwapadera. Kuphatikiza apo, zofooka zinayi zosaopsa kwambiri (CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158) zinapezeka mu mndandanda wa Cisco Small Business, zomwe zinalola wowukira wakutali kuyambitsa kukanidwa kwa ntchito, ndi vuto limodzi (CVE-2023-20162) zomwe zinalola kuti chipangizocho chikhale chokhazikika popanda kutsimikizika.
Zofookazi zimakhudza mndandanda wa Smart Switch 250, 350, 350X, 550X, Business 250, ndi Business 350, komanso mndandanda wa Small Business 200, 300, ndi 500. Ma switch a 220 ndi Business 220 si ofooka. Mavutowa ayankhidwa mu zosintha za firmware 2.5.9.16 ndi 3.3.0.16. Zosintha za firmware sizidzatulutsidwa pa mndandanda wa Small Business 200, 300, ndi 500, chifukwa mitundu iyi yafika kumapeto kwa moyo.
Source: opennet.ru
