I-Cisco ibhengeze ukuchongwa komngcipheko we-zero-day engaziwayo ngaphambili kwi-CVE-2023-20198 kwi-server ye-Cisco IOS XE yewebhu. Ukuba sesichengeni kuchaphazela zombini izixhobo eziphathekayo kunye nenyani eziqhuba iCisco IOS XE, ekwanayo nomncedisi we-HTTP(S) osebenzayo. Ukuba semngciphekweni kufumene ukureyithwa kobungqongqo obuphezulu be-10 kumanqaku ali-10 anokwenzeka kwisikali se-CVSS. Isiqwenga esigquma ubuthathaka asikalungi okwangoku. Ubuthathaka buvumela i-hacker ukuba yenze i-akhawunti kunye nenqanaba eliphezulu lamalungelo (15) kwisixhobo esiqhagamshelwe kwi-Intanethi ngaphandle kokuqinisekiswa, okumnika ulawulo olupheleleyo kwi-system ye-compromised. Inkampani ithe ilandelela indlela umhlaseli asebenzise ngayo ukuba semngciphekweni ukuze afumane amalungelo akwinqanaba lomlawuli kwizixhobo ezisebenzisa i-IOS XE, emva koko idlule iipatches ngokusebenzisa ikhowudi yakudala ye-2021 ekude (RCE) semngciphekweni (CVE-2021-1435) ukufaka iLua. -ukufakelwa kwiinkqubo ezichaphazelekayo.
umthombo: 3dnews.ru