Umba obalulekileyo wokhuseleko (CVE-2021-34795) ichongiwe kwiCisco Catalyst PON CGP-ONT-* (Passive Optical Network) iiswitshi zothotho, ezivumela, xa iprotocol ye telnet ivuliwe, ukudibanisa kwiswitshi kunye namalungelo omlawuli usebenzisa. i-akhawunti yolungiso eyaziwayo eshiywe ngumvelisi kwi-firmware. Ingxaki ibonakala kuphela xa ukukwazi ukufikelela nge-telnet kuvuliwe kwiisethingi, eziye zacinywa ngokungagqibekanga.
Ukongeza kubukho beakhawunti enegama eligqithisiweyo elaziwa ngaphambili, ubuthathaka obubini (i-CVE-2021-40112, i-CVE-2021-40113) kwi-interface yewebhu nayo ichongiwe kwiimodeli zokutshintsha okubuzwayo, ukuvumela umhlaseli ongagunyaziswanga owenzayo. andizazi iiparameters zokungena ukuphumeza imiyalelo yazo ngengcambu kwaye wenze utshintsho kwizicwangciso. Ngokungagqibekanga, ufikelelo kujongano lwewebhu luvumeleke kuphela kuthungelwano lobulali, ngaphandle kokuba le ndlela yokuziphatha ibhalwe ngaphezulu kwizicwangciso.
Ngelo xesha, ingxaki efanayo (i-CVE-2021-40119) kunye ne-login yobunjineli echazwe kwangaphambili ichongiwe kwimveliso yesoftware yeCisco Policy Suite, apho isitshixo se-SSH esilungiselelwe kwangaphambili ngumenzi sifakwe, sivumela umhlaseli okude ukuba azuze. ukufikelela kwindlela enamalungelo engcambu.
umthombo: opennet.ru