Cisco Software Manager’da aniqlangan zaiflik Hakerlarga parolni o’zgartirishga imkon beradi

Cisco kompaniyasining Smart Software Manager On-Prem (SSM On-Prem (https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/smart-software-manager-satellite/datasheet-c78-734539.html)) da jiddiy zaiflik yuzaga keldi, bu autentifikatsiya qilinmagan, masofaviy tajovuzkorlarga foydalanuvchi parollarini, shu jumladan ma’muriy foydalanuvchilarning parollarini o’zgartirishga imkon beradi.
💻 Ushbu CVE-2024-20419 (https://nvd.nist.gov/vuln/detail/CVE-2024-20419) yuqori darajali zaiflik tajovuzkorlarga zararlangan qurilmaga yaratilgan HTTP so’rovlarini yuborish orqali tizimdan foydalanish imkonini beradi. Bu ekspluatatsiya tajovuzkorga buzilgan foydalanuvchi bilan bir xil imtiyozlarga ega bo’lish imkonini beradi yani maxfiy ma’lumotlarga va tizim funksiyalariga ruxsatsiz kirishga olib kelishi mumkin.
🔴 Cisco mazkur zaiflikni bartaraf etish uchun dasturiy ta’minot yangilanishlarini chiqardi. (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy) Foydalanuvchilar xavfsizlik yangilanishlarni imkon qadar tezroq qo’llashlari kerakligini takidladi. (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy)
✅ UZCERT xizmati Cisco mijozlarini Cisco tomonidan chiqarilgan xavfsizlik yangilanishlarini amalga oshirishini (https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes) hamda Cisco’ning xavfsizlik boʻyicha maslahatlar sahifasini muntazam ravishda kuzatib borishingizni tavsiya qiladi. (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy)