Kampani ya CyberMDX zambiri za , ikukhudza zida zosiyanasiyana zachipatala za GE Healthcare zopangidwira kuyang'anira momwe odwala alili. Zofooka zisanu zimapatsidwa mulingo wovuta kwambiri (CVSSv3 10 mwa 10). Zowonongekazo zatchedwa codenamed MDhex ndipo zimagwirizana kwambiri ndi kugwiritsa ntchito zidziwitso zomwe zidakhazikitsidwa kale zomwe zimagwiritsidwa ntchito pazida zonse.
- CVE-2020-6961 - kutumiza pazida za kiyi wamba ya SSH pamzere wonse wazogulitsa, zomwe zimakupatsani mwayi wolumikizana ndi chipangizo chilichonse ndikuyikapo code. Kiyiyi imagwiritsidwanso ntchito panthawi yopititsa patsogolo.
- CVE-2020-6962 - zidziwitso zodziwikiratu zomwe zimapezeka pazida zonse zolembera ndikuwerenga mafayilo amafayilo kudzera pa protocol ya SMB;
- CVE-2020-6963 - kuthekera kogwiritsa ntchito MultiMouse ndi Kavoom KM kuwongolera chida chakutali (kutengera kiyibodi, mbewa ndi bolodi) popanda kutsimikizika;
- CVE-2020-6964 - zodziwikiratu zolumikizira za VNC pazida zonse;
- CVE-2020-6965 - preset mtundu wa Webmin womwe umalola mwayi wofikira kutali ndi maufulu a mizu;
- CVE-2020-6966 - Woyang'anira zosintha zosinthidwa zomwe zimagwiritsidwa ntchito pazida zimalola kusokoneza (zosintha zimatsimikiziridwa ndi kiyi yodziwika ya SSH).
Mavutowa amakhudza ma seva osonkhanitsira ma telemetry ApexPro ndi CARESCAPE Telemetry Server, CIC (Clinical Information Center) ndi nsanja za CSCS (CARESCAPE Central Station), komanso machitidwe owunika odwala a B450, B650 ndi B850. Zowonongeka zimalola kuwongolera kwathunthu pazida, zomwe zitha kugwiritsidwa ntchito kusintha magwiridwe antchito, kuletsa ma alarm, kapena kuwononga data ya odwala.
Kuti aukire, wowukirayo ayenera kukhazikitsa kulumikizana ndi netiweki ku chipangizocho, mwachitsanzo polumikizana ndi netiweki yachipatala. Monga njira zodzitetezera patulani subnet ndi zida zamankhwala ku netiweki yazipatala zambiri ndikutchinga ma network 22, 137, 138, 139, 445, 10000, 5225, 5800, 5900 ndi 10001 pa firewall.
Source: opennet.ru