Mukuda kusimbisa dziviriro yayo yecybersecurity, Cisco nguva pfupi yadarika yakafumura uye nekukasira kugadzirisa kusasimba kwakanyanya mukati meSecure Client software. Iyo yakanyanya kutsoropodza iyi, inozivikanwa seCVE-2024-20337, inopa kutyisidzira kukuru nekubvumira kupinda kusingatenderwe kumisangano yeVPN. Iine chibodzwa cheCVSS che8.2, kusazvibata uku kunobva mukurwiswa kwejekiseni rekutakura ngoro yekudzoka (CRLF), zvichipa gedhi rinogona kuitika revaiti vane hutsinye kuti vanyengedze zvikamu zvevashandisi zvine mhedzisiro yakaipa. Ichi chinyorwa chinoongorora zvakadzama nezvekusagadzikana, kukanganisa kwayo, uye matanho anotorwa neCisco kuderedza njodzi.
CVE-2024-20337 in Detail
Kusagadzikana kwemoyo weiyo cyber kutyisidzira kunobvumira vanorwisa vari kure kushandisa CRLF jekiseni kurwisa nekuda kwekusakwana kusimbiswa kwekuisa-kunopihwa nemushandisi. Nekuisa zvisungo zvakashongedzwa, vatambi vekutyisidzira vanogona kunyengera vashandisi kuti vatange kupambadza vasingazive panguva yekubatanidza VPN. Kukanganisa uku kune zvakunokonzeresa, zvichipa vanorwisa kugona kuita zvisina tsarukano script kodhi mukati menzvimbo dzebrowser yevakabatwa uye kuwana ruzivo rwakadzama, kusanganisira zviratidzo zveSecurity Assertion Markup (SAML) tokens.
Nemapilfered tokens, vanorwisa vanogona kutanga kure yekuwana VPN zvikamu, vachiita sevashandisi vechokwadi, vanogona kupinda mukati memanetiweki uye kukanganisa data rakavanzika. Uku kusadzikama kwakakosha kunowedzera kusvika kwayo pamapuratifomu akawanda, inokanganisa Secure Client software paWindows, Linux, uye macOS.
Nekuona kuoma kwemamiriro ezvinhu, Cisco akaita nekukasika kugadzirisa kusagadzikana. Iyo kambani yakaburitsa zvigamba mumhando dzakasiyana siyana dzesoftware kudzikisira njodzi. Mavhezheni ekutanga kupfuura 4.10.04065 anoonekwa seasiri munjodzi, nepo kuburitswa kwakatevera kwakasimbiswa kubvisa chikanganiso chakaonekwa.
Pamusoro peCVE-2024-20337, Cisco yakagadzirisawo chimwe chikanganiso chepamusoro-soro, CVE-2024-20338, ichikanganisa Secure Client yeLinux. Iine mucherechedzo weCVSS we7.3, kusagadzikana uku kunogona kugonesa varwisi venzvimbo kusimudza ropafadzo pamidziyo yakakanganisika, zvichisimudza kunetseka kwakanyanya.
Kupindura kune kusarongeka uku, Cisco inokurudzira vashandisi kuti vashandise nekukurumidza zvigamba zvinodiwa uye zvigadziriso kuchengetedza masisitimu avo kubva mukubiridzira. Kukosha kwekugara wakasvinura uye kushingairira mukutarisana nekutyisidzira kwecyber hakugone kuwedzeredzwa.
Nepo mazita chaiwo ekuona eiyo malware ane chekuita nekusagadzikana uku asina kupihwa, masangano anorairwa kuti agare aine ruzivo nezve kutyisidzira kuri kubuda uye kuwedzera akasimba cybersecurity matanho ekuona nekudzivirira kurwiswa kungangoitika. Kutyisidzirwa kwakafanana kunogona kushandisa kusagadzikana mumasoftware akasiyana, zvichisimbisa kukosha kwemaitiro akazara ekuchengetedza.
Maitiro Akanakisisa Ekudzivirira
Kusimbisa dziviriro yecybersecurity uye kudzivirira kutapukirwa mune ramangwana, vashandisi vanorayirwa kuti vatore anotevera maitiro akanakisa:
- Gara uchinatsurudza software uye firmware: Ita shuwa kuti ese anoshanda masisitimu, maapplication, uye chengetedzo software ndeyemazuva ano kurongedza kusasimba uye kuwedzera kusimba kwehurongwa.
- Shandisa network segmentation: Kamura network kuita zvikamu kudzikamisa kukanganisa kwekutyorwa uye kuve nezviitwa zvakashata.
- Dzidzisa vashandisi: Simbisa tsika yekuziva nezve cybersecurity pakati pevashandisi, uchisimbisa kukosha kwekuziva kuedza kwehutsotsi uye kungwarira nezvinongedzo uye zvakanamirwa.
- Monitor network traffic: Shandisa yakasimba network yekutarisa maturusi kuona uye kupindura kune zvisina kujairika kana fungidziro zviitiko nekukasira.
- Ita maodhisheni ekuchengetedza nguva nenguva: Nguva nenguva ongorora uye odhita chengetedzo mapuroteni, zvigadziriso, uye zvidzoreso zvekuwana kuona nekugadzirisa zvinogona kukanganisa.
mhedziso
Kuwanikwa uye nekukasira kudzikiswa kwekusagadzikana mukati meCisco's Secure Client software inosimbisa simba rekutyisidzira kwecyber. Sezvo masangano arikuenderera mberi nekutarisa mamiriro edhijitari, kuchengetedza chimiro, kugara uchiziva nezvenjodzi dziri kubuda, uye kushandisa matanho akasimba ekuchengetedza zvinhu zvakakosha zveiyo yakazara cybersecurity zano. Mhinduro yeCisco inoshanda sechiyeuchidzo chekushandira pamwe kunodiwa kudzivirira kubva mukutyisidzira uye kuchengetedza ruzivo rwakadzama kubva mukuwanikwa kusingatenderwe.