Inkinga yezokuphepha ebucayi (CVE-2021-34795) ikhonjwe kumaswishi ochungechunge lwe-Cisco Catalyst PON CGP-ONT-* (Passive Optical Network), okuvumela, uma iphrothokholi ye-telnet inikwe amandla, ukuxhuma ekushintsheni okunamalungelo omlawuli kusetshenziswa. i-akhawunti yokususa iphutha eyaziwa ngaphambilini eshiywe umenzi ku-firmware. Inkinga ivela kuphela lapho amandla okufinyelela nge-telnet ecushiwe kuzilungiselelo, evinjwa ngokuzenzakalelayo.
Ngokungeziwe ebukhoneni be-akhawunti enephasiwedi eyaziwa ngaphambilini, ubungozi obubili (CVE-2021-40112, CVE-2021-40113) kusixhumi esibonakalayo sewebhu nakho kukhonjwe kumamodeli wokushintsha okukhulunywa ngawo, okuvumela umhlaseli ongagunyaziwe owenza lokho. awazi amapharamitha wokungena ukuze akhiphe imiyalo yawo ngempande futhi enze izinguquko kuzilungiselelo. Ngokuzenzakalela, ukufinyelela kusixhumi esibonakalayo sewebhu kuvunyelwe kuphela kunethiwekhi yendawo, ngaphandle uma lokhu kuziphatha kubhalwe phansi kuzilungiselelo.
Ngesikhathi esifanayo, inkinga efanayo (i-CVE-2021-40119) ngokungena ngemvume konjiniyela okuchazwe ngaphambilini ikhonjwe kumkhiqizo wesofthiwe ye-Cisco Policy Suite, lapho ukhiye we-SSH olungiselelwe kusengaphambili umenzi wafakwa, okuvumela umhlaseli okude ukuthi azuze. ukufinyelela ohlelweni olunamalungelo ezimpande.
Source: opennet.ru