Ts'ebetsong ea sebopeho sa marang-rang se sebelisoang lisebelisoa tsa Cisco tsa 'mele le tsa sebele tse nang le sistimi ea ts'ebetso ea Cisco IOS XE, ho khethiloe ts'oaetso ea bohlokoa (CVE-2023-20198), e lumellang, ntle le netefatso, phihlello e felletseng ea sistimi e nang le maemo a phahameng a litokelo, haeba o na le phihlello ea boema-kepe ba marang-rang moo sehokelo sa webo se sebetsang ho sona. Kotsi ea bothata e mpefatsoa ke taba ea hore bahlaseli ba 'nile ba sebelisa ts'oaetso e sa ngolisoang ka khoeli ho theha li-account tse eketsehileng "cisco_tac_admin" le "cisco_support" e nang le litokelo tsa batsamaisi, le ho kenya mochine ka boomo ho lisebelisoa tse fanang ka phihlello ea hole ho e etsa. ditaelo ka sesebediswa.
Ho sa tsotellehe taba ea hore ho netefatsa boemo bo nepahetseng ba ts'ireletso, ho kgothaletswa ho bula monyetla oa ho fihlella marang-rang feela ho batho ba khethiloeng kapa marang-rang a sebaka seo, batsamaisi ba bangata ba tlohela khetho ea ho hokahanya ho tloha marang-rang a lefats'e. Haholo-holo, ho ea ka tšebeletso ea Shodan, hona joale ho na le lisebelisoa tse fetang likete tse 140 tse ka bang kotsing tse tlalehiloeng marang-rang a lefats'e. Mokhatlo oa CERT o se o tlalehile hoo e ka bang likete tse 35 tse hlasetseng ka katleho lisebelisoa tsa Cisco tse kentsoeng ho kenngoa ka lonya.
Pele o phatlalatsa tokiso e felisang ts'oaetso, e le mokhoa oa ho thibela bothata, ho kgothaletswa ho tima seva sa HTTP le HTTPS ho sesebelisoa ho sebelisa litaelo "no ip http server" le "no ip http secure-server" ho console, kapa fokotsa phihlello ea sebopeho sa webo ho firewall. Ho hlahloba boteng ba ntho e kentsoeng ka lonya, ho khothaletsoa ho etsa kopo: curl -X POST http://IP-devices/webui/logoutconfirm.html?logon_hash=1 eo, haeba e sekisitsoe, e tla khutlisa litlhaku tse 18. hash. U ka boela ua sekaseka logi ho sesebelisoa bakeng sa likhokahano tse kantle le lits'ebetso ho kenya lifaele tse ling. %SYS-5-CONFIG_P: E hlophisitsoe ka mokhoa oa ts'ebetso ka SEP_webui_wsma_http ho tsoa ho khomphutha joalo ka mosebelisi mothating %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Katleho ea ho Kena [mosebelisi: mosebelisi] [Mohloli: mohloli_IP_address] ka 05:41:11 UTC Wed Oct 17 Oct. -2023-INSTALL_OPERATION_INFO: Mosebelisi: lebitso la mosebelisi, Kenya Ts'ebetso: ADD filename
Haeba ho na le ho sekisetsa, ho tlosa ho kenya letsoho, feela qala sesebelisoa hape. Liakhaonto tse entsoeng ke mohlaseli li tla bolokoa ka mor'a ho qala bocha 'me li tlameha ho hlakoloa ka letsoho. The implant e teng faeleng /usr/binos/conf/nginx-conf/cisco_service.conf 'me e kenyelletsa mela e 29 ea khoutu ka puo ea Lua, e fanang ka ts'ebetsong ea litaelo tse hanyetsanang boemong ba tsamaiso kapa sebopeho sa taelo ea Cisco IOS XE ho arabela. ho kopo ea HTTP e nang le li-parameter tse khethehileng.
Source: opennet.ru