Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.
emavikini okugcina UCisco ubandakanyeke enkingeni enkulu yezokuphepha ekusetshenzisweni kwesixhumi esibonakalayo sewebhu esisetshenziswa kumadivayisi aphathekayo weCisco aphathekayo ngohlelo lokusebenza lweCisco IOS XE.
Futhi kusukela phakathi nenyanga ka-Okthoba, Kukhishwe izindaba zokuthi kutholakale ubungozi obukhulu (esivele ibhalwe ngaphansi kwe-(CVE-2023-20198), evumela, ngaphandle kokuqinisekisa, ukufinyelela okugcwele ohlelweni ngezinga eliphezulu lamalungelo, uma ukwazi ukufinyelela echwebeni lenethiwekhi lapho isixhumi esibonakalayo sewebhu sisebenza khona.
Kushiwo lokho ingozi yenkinga ibhebhetheka ngenxa yokuthi i Abahlaseli sebesebenzise ukuba sengozini okungakabhalwanga isikhathi esingaphezu kwenyanga ukuze udale ama-akhawunti engeziwe “e-cisco_tac_admin” kanye “ne-cisco_support” anamalungelo omlawuli, kanye nokubeka ngokuzenzakalela okokufaka kumadivayisi anikeza ukufinyelela okukude ukuze wenze imiyalo kudivayisi.
Inkinga ngokuba sengozini ukuthi idala ukuba sengozini kwesibili (CVE-2023-20273) eyasetshenziswa ekuhlaselweni ukuze kufakwe isimila kumadivayisi asebenzisa i-Cisco IOS XE. nokuthi i-Cisco ibike ukuthi abahlaseli basebenzise inzuzo yokuqala ngemuva kokusebenzisa ubungozi bokuqala be-CVE-2023-20198 futhi bavumela ukusetshenziswa kwe-akhawunti entsha enamalungelo ezimpande, adalwe ngesikhathi sokuxhashazwa kwayo, ukwenza imiyalo engafanele kudivayisi.
Kuyashiwo ukuthi ukuxhashazwa kokuba sengozini I-CVE-2023-20198 ivumela umhlaseli ukuthi athole ukufinyelela kweleveli 15 yelungelo kudivayisi, ongayisebenzisa ukuze udale umsebenzisi wendawo futhi ungene ngokufinyelela komsebenzisi okuvamile. Ukwengeza, lokhu kwenze kwaba nokwenzeka ukudlula ukuqinisekiswa ngokufaka izinhlamvu eziceliwe esikhundleni sokumelela okuthi "%xx." Isibonelo, ukuze ufinyelele isevisi ye-WMSA (Web Service Management Agent), ungathumela isicelo se-“POST /%2577ebui_wsma_HTTP”, esibiza isibambi se-“webui_wsma_http” ngaphandle kokuqinisekisa ukufinyelela.
Ngokungafani nodaba lwangoSepthemba, lo msebenzi ka-Okthoba uhlanganise izenzo ezimbalwa ezalandela, okuhlanganisa nokusetshenziswa kokufakelwa esikubiza ngokuthi "I-BadCandy" equkethe ifayela lokulungiselela ("cisco_service.conf"). Ifayela lokucushwa lichaza iphoyinti lokuphela leseva yewebhu entsha (umzila we-URI) osetshenziselwa ukusebenzisana nokufakelwa. Leso siphetho sithola amapharamitha athile, achazwe ngemininingwane eyengeziwe ngezansi, evumela umlingisi ukuthi akhiphe imiyalo engafanele ezingeni lesistimu noma kuleveli ye-IOS. Ukuze ukufakwa kusebenze, iseva yewebhu kufanele iqalwe kabusha; Okungenani esimweni esisodwa esiboniwe, iseva ayizange iqalwe kabusha, ngakho-ke ukufakelwa akuzange kwenziwe kusebenze naphezu kokufakwa.
Ukufakwa kwe-BadCandy kulondolozwe endleleni yefayela ethi “/usr/binos/conf/nginx-conf/cisco_service.conf” equkethe amayunithi ezinhlamvu amabili ahlukahlukene akhiwe izinhlamvu ze-hexadecimal. Ukufakelwa akuqhubeki, okusho ukuthi ukuqalisa kabusha idivayisi kuzoyisusa, kodwa ama-akhawunti wasendaweni asanda kwakhiwa ahlala esebenza ngisho nangemva kokuqaliswa kwesistimu. Ama-akhawunti wabasebenzisi abasha anamalungelo aleveli 15, okusho ukuthi banokufinyelela okugcwele komlawuli kudivayisi. Lokhu kufinyelela okukhethekile kumadivayisi nokudalwa okulandelayo kwabasebenzisi abasha kubhaliswa njenge-CVE-2023-20198.
Mayelana necala I-Cisco ikhiphe ulwazi olubuyekeziwe kokubili ocwaningweni olulwenzile kanye nasezihlaziyweni zezobuchwepheshe zobungozi obuvezwayo kanye nesibonelo sokuxhaphaza, esilungiswe umcwaningi ozimele ngokusekelwe ekuhlaziyweni kwethrafikhi yabahlaseli.
Nakuba, ukuze kuqinisekiswe izinga elifanele lokuphepha, kunconywa ukuthi uvule ukufinyelela kusixhumi esibonakalayo sewebhu kuphela kubasingathi abakhethiwe noma inethiwekhi yendawo, abalawuli abaningi bashiya inketho yokuxhuma kunethiwekhi yomhlaba wonke. Ikakhulukazi, ngokwenkonzo yakwaShodan, njengamanje kunamadivayisi angaba sengozini angaphezu kwezinkulungwane eziyi-140 abhaliswe kunethiwekhi yomhlaba. Inhlangano ye-CERT isivele ibhalise cishe izinkulungwane ezingama-35 zamadivayisi e-Cisco ahlaselwe ngempumelelo.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho mayelana nenothi, ungabheka ukushicilelwa kwangempela ku isixhumanisi esilandelayo.