Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
mumavhiki apfuura Cisco yanga ichibatanidzwa mudambudziko rakakura rekuchengetedza mukuitwa kwewebhu interface inoshandiswa pane yemuviri uye chaiyo Cisco zvishandiso zvine neCisco IOS XE inoshanda sisitimu.
Uye kubva pakati pemwedzi waOctober, Nhau dzakaburitswa kuti njodzi yakaoma yakaonekwa (yatove yakanyorwa pasi pe (CVE-2023-20198), iyo inobvumira, pasina huchokwadi, kuwana kwakazara kune sisitimu nehupamhi hwemaropafadzo, kana iwe uchikwanisa kuwana kune network port iyo iyo web interface inoshanda.
Izvo zvinotaurwa kuti njodzi yedambudziko iri kuwedzera nekuda kwekuti Vapambi vanga vachishandisa kusagadzikana kusingagadziriswe kweanopfuura mwedzi kugadzira mamwe "cisco_tac_admin" uye "cisco_support" maakaundi ane kodzero dzemaneja, uye nekuisa otomatiki implant pane zvishandiso zvinopa kure kure kuti uite mirairo pachigadzirwa.
Dambudziko nekusagadzikana nderekuti inoburitsa kusagadzikana kwechipiri (CVE-2023-20273) iyo yakashandiswa mukurwisa kuisa implant pamidziyo inomhanya Cisco IOS XE. uye iyo Cisco yakashuma kuti vapambi vakatora mukana mushure mekushandisa hutachiona hwekutanga CVE-2023-20198 uye vakabvumidza kushandiswa kweakaundi nyowani ine midzi kodzero, yakagadzirwa panguva yekushandiswa kwayo, kuita zvisizvo mirairo pachigadzirwa.
Zvinonzi kushandiswa kwekusagadzikana CVE-2023-20198 inobvumira munhu anorwisa kuti awane ropafadzo nhanho 15 yekuwana mudziyo., iyo yaunogona kushandisa kugadzira mushandisi wepanzvimbo uye kupinda neyakajairwa mushandisi kuwana. Pamusoro pezvo, izvi zvakaita kuti zvikwanise kunzvenga ongororo nekutsiva mavara muchikumbiro nechimiriri "%xx." Semuyenzaniso, kuti uwane sevhisi yeWMSA (Web Service Management Agent), unogona kutumira chikumbiro che “POST /%2577ebui_wsma_HTTP”, chinodaidza “webui_wsma_http” chibatiso usina kuonesa kuti pane kupinda.
Kusiyana nezvakaitika munaGunyana, chiitiko chaGumiguru ichi chaisanganisira zviito zvakati wandei, kusanganisira kutumirwa kweimplant yatinodaidza kuti "BadCandy" ine faira rekugadzirisa ("cisco_service.conf"). Iyo faira yekumisikidza inotsanangura iyo nyowani yewebhu server endpoint (URI nzira) inoshandiswa kupindirana neiyo implant. Iyo yekupedzisira inogashira mamwe ma paramita, anotsanangurwa zvakadzama pazasi, ayo anobvumira mutambi kuti aite zvekupokana mirairo padanho rehurongwa kana padanho reIOS. Kuti iyo implant ishande, sevha yewebhu inofanirwa kutangwa patsva; Muchiitiko chimwechete chakaonekwa, sevha haina kutangwazve, saka iyo implant haina kuzomboitwa kunyangwe yakaiswa.
Iyo BadCandy implant inochengetwa munzira yefaira "/usr/binos/conf/nginx-conf/cisco_service.conf" iyo ine tambo mbiri dzakasiyana dzakagadzirwa nehexadecimal mavara. Iyo implant haisi-kuenderera, zvichireva kuti mudziyo reboot uchaibvisa, asi ichangobva kugadzirwa emunharaunda mushandisi maakaundi anoramba achishanda kunyangwe mushure mekutangazve system. Maakaundi emushandisi matsva ane nhanho gumi neshanu, zvichireva kuti vane azere maneja kuwana kune mudziyo. Iyi yakasarudzika yekuwana michina uye kugadzirwa kwakatevera kwevashandisi vatsva kwakanyoreswa seCVE-15-2023.
Nezvenyaya yacho Cisco yanga ichiburitsa ruzivo rwakagadziridzwa zvese patsvakiridzo yayakaita pamwe nekuongororwa kwehunyanzvi hwekusagadzikana kwakaunzwa uyezve pane exploit prototype, iyo yakagadzirwa nemuongorori akazvimirira zvichienderana nekuongorora kwevanorwisa traffic.
Kunyangwe, kuti ive nechokwadi cheyakakodzera nhanho yekuchengetedza, zvinokurudzirwa kuvhura mukana kune wewebhu interface chete kune vakasarudzwa mauto kana network yemuno, vatariri vazhinji vanosiya sarudzo yekubatanidza kubva kune network yepasirese. Kunyanya, sekureva kweShodan sevhisi, parizvino kune anopfuura zviuru zana nemakumi mana ezvishandiso zvingangove munjodzi zvakanyoreswa pane network yepasirese. Sangano reCERT rakatonyoresa kunosvika zviuru makumi matatu neshanu zveCisco zvishandiso zvakabudirira kurwisa.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo nezvechinyorwa, unogona kubvunza chinyorwa chepakutanga mu inotevera chinongedzo.