Nkhani yovuta yachitetezo (CVE-2021-34795) yadziwika mu masiwichi amtundu wa Cisco Catalyst PON CGP-ONT-* (Passive Optical Network), omwe amalola, pomwe protocol ya telnet yayatsidwa, kulumikizana ndi switch ndi maufulu owongolera pogwiritsa ntchito. akaunti yodziwiratu yomwe idasiyidwa ndi wopanga mu firmware. Vuto limangowonekera pomwe kuthekera kofikira kudzera pa telnet kutsegulidwa muzokonda, zomwe zimayimitsidwa mwachisawawa.
Kuphatikiza pa kukhalapo kwa akaunti yokhala ndi mawu achinsinsi odziwika kale, ziwopsezo ziwiri (CVE-2021-40112, CVE-2021-40113) pa intaneti zidadziwikanso mumitundu yosinthira yomwe ikufunsidwa, kulola wowukira wosavomerezeka yemwe amachita. osadziwa magawo olowera kuti akwaniritse malamulo awo ndi mizu ndikusintha zosintha. Mwachisawawa, mwayi wofikira pa intaneti ndi wololedwa kuchokera pa netiweki yapafupi, pokhapokha ngati khalidweli likupitirira muzokonda.
Nthawi yomweyo, vuto lofananalo (CVE-2021-40119) lolowera uinjiniya lodziwika kale lidadziwika mu pulogalamu ya Cisco Policy Suite, pomwe kiyi ya SSH yokonzedwa pasadakhale ndi wopanga idayikidwa, kulola wowukira kutali kuti apeze. kupeza dongosolo ndi ufulu mizu.
Source: opennet.ru