Ubuthathaka obune buchongiwe kwiCisco Small Business Series Switshi ezivumela umhlaseli okude ngaphandle kokuqinisekiswa ukuba afumane ukufikelela okupheleleyo kwisixhobo esinamalungelo eengcambu. Ukuxhaphaza iingxaki, umhlaseli kufuneka akwazi ukuthumela izicelo kwi-network port ebonelela ngojongano lwewebhu. Iingxaki zinikwe inqanaba elibalulekileyo lengozi (4 ngaphandle kwe-9.8). Iprototype esebenzayo ixeliwe.
Ubuthathaka obuchongiweyo (i-CVE-2023-20159, i-CVE-2023-20160, i-CVE-2023-20161, i-CVE-2023-20189) ibangelwa iimpazamo zokuphatha imemori kubaphathi abahlukeneyo abakhoyo kwinqanaba lokuqinisekisa kwangaphambili. Ubuthathaka bukhokelela ekuphuphumeni kwe-buffer xa kusetyenzwa idatha yangaphandle efomathwe ngokukodwa. Ukongeza, ubuthathaka obune obuncinci (CVE-2023-20024, CVE-2023-20156, CVE-2023-20157, CVE-2023-20158) ichongiwe kuluhlu lweCisco Small Business oluvumela ukuqaliswa okude kokukhanyelwa kwenkonzo. , kunye nobuthathaka obunye (CVE-2023-20162) evumela ukuba ufumane ulwazi loqwalaselo lwesixhobo ngaphandle kokuqinisekiswa.
Ubuthathaka buchaphazela i-Smart Switch 250, i-350, i-350X, i-550X, i-Business 250, kunye ne-Business 350 series, kunye ne-Small Business 200, 300, kunye ne-series ye-500. I-220 kunye ne-Business 220 i-series switches ayichaphazeleki. Imiba ilungiswe kwi-firmware updates 2.5.9.16 kunye ne-3.3.0.16. Kwishishini elincinci le-200, i-300 kunye ne-500 uchungechunge, ukuhlaziywa kwe-firmware akuyi kuveliswa, njengoko umjikelezo wobomi bale mizekelo sele ugqityiwe.
umthombo: opennet.ru
