Nyaya yakakosha yekuchengetedza (CVE-2021-34795) yakaonekwa muCisco Catalyst PON CGP-ONT-* (Passive Optical Network) inoteedzera switch, iyo inobvumira, kana iyo telnet protocol yakagoneswa, kubatanidza kune switch ine kodzero yemutungamiriri uchishandisa. iyo yakagara yazivikanwa debug account yakasiiwa nemugadziri mune firmware. Dambudziko rinongoonekwa chete kana kugona kuwana kuburikidza ne telnet kuchiitwa muzvirongwa, izvo zvinoremadzwa nekukasira.
Pamusoro pekuvapo kweakaundi ine pre-inozivikanwa pasiwedhi, kusazvibata kuviri (CVE-2021-40112, CVE-2021-40113) muwebhu interface yakaonekwawo mumhando dzekuchinja dziri mubvunzo, zvichibvumira anorwisa asina kutenderwa anoita. kusaziva mapeji ekupinda ekuita mirairo yavo nemidzi uye kuita shanduko kune zvigadziriso. Nekumisikidza, kupinda kwewebhu interface kunobvumidzwa chete kubva kunetiweki yemuno, kunze kwekunge maitiro aya akadarika muzvirongwa.
Panguva imwecheteyo, dambudziko rakafanana (CVE-2021-40119) ine yakafanotsanangurwa yeinjiniya login yakaonekwa muCisco Policy Suite software chigadzirwa, umo kiyi yeSSH yakagadzirirwa kare nemugadziri yakaiswa, ichibvumira anorwisa ari kure kuti awane. kuwana kune system ine kodzero dzemidzi.
Source: opennet.ru