Ua hoʻopuka ʻo Cisco i kahi ʻōlelo luhi e pili ana i kahi nāwaliwali o ka lā ʻole, i kapa ʻia ʻo CVE-2023-20269, ma kāna Cisco Adaptive Security Appliance (ASA) a me Cisco Firepower Threat Defense (FTD) ʻōnaehana. Ke hoʻohana ikaika ʻia nei kēia nāwaliwali e nā hana ransomware e ʻimi nei e loaʻa ke komo mua i nā ʻoihana hui. Hoʻopilikia ka haʻahaʻa haʻahaʻa ʻole o ka lā i ka hiʻohiʻona VPN o kēia mau ʻōnaehana Cisco, e hiki ai i nā mea hoʻouka kaua ʻole i ʻae ʻia e hoʻokō i nā hoʻouka kaua ʻino i nā moʻokāki i loaʻa.

Ma ka loaʻa ʻana o kēia mau moʻokāki, hiki i nā mea hoʻouka ke hoʻokumu i kahi hālāwai SSL VPN ʻole i loko o ka pūnaewele i hoʻopaʻa ʻia, hiki ke alakaʻi i nā hopena like ʻole e pili ana i ka hoʻonohonoho pūnaewele o ka mea i pepehi ʻia. Ua hōʻike ʻia nā hōʻike mua e pili ana nā hui ransomware, e like me Akira a me Lockbit, i nā ʻoihana ʻoihana ma o nā polokalamu Cisco VPN, hiki ke hoʻohana i kahi nāwaliwali ʻike ʻole.

ʻO ka hemahema, aia i loko o ka pūnaewele lawelawe pūnaewele o Cisco ASA a me Cisco FTD, pili pono i ka hōʻoia ʻana, ka ʻae ʻana, a me ka hana helu (AAA). ʻO ka hoʻokaʻawale kūpono ʻole o kēia mau hana AAA mai nā hiʻohiʻona polokalamu ʻē aʻe e hiki ai i nā mea hoʻouka ke hoʻouna i nā noi hōʻoia i ka interface lawelawe pūnaewele, e hoʻololi ana i nā ʻāpana ʻae. Hāʻawi ka flaw i nā hoʻāʻo ikaika ʻole ʻole i nā hōʻoia me ka ʻole o ka palena palena a i ʻole nā ​​​​mechanics blocking.

ʻOiai ua hōʻoia ʻo Cisco i ka noho ʻana o kēia nāwaliwali o ka lā ʻole a hāʻawi i nā workarounds i loko o kahi bulletin palekana interim, ʻaʻole i hoʻokuʻu ʻia nā hōʻano hou o ka palekana no nā huahana i hoʻopilikia ʻia. I kēia manawa, ʻōlelo ʻia nā luna ʻōnaehana e hoʻēmi i ka hemahema ma o ka hoʻokō ʻana i nā hana e like me ka hoʻohana ʻana i nā Dynamic Access Policies (DAP) e kāpae i nā tunnels VPN me nā kulekele pūʻulu kikoʻī, hoʻoponopono i nā hoʻonohonoho komo i ka Default Group Policy, a me ka hoʻohana ʻana i nā palena i ka waihona mea hoʻohana LOCAL. . Manaʻo pū ʻo Cisco i ka hoʻopaʻa ʻana i nā profiles Default Remote Access VPN a me ka ʻae ʻana i ka hōʻoia multi-factor authentication (MFA) e hōʻemi i ka hopena o nā hoʻouka kūleʻa.

(Kumu: Cisco Advisory)

Nā wehewehena:

- Cisco Adaptive Security Appliance (ASA): He mea palekana e hoʻohui i ka pā ahi, VPN, a me ka hiki ke pale i ka intrusion.

- Cisco Firepower Threat Defence (FTD): He kiʻi polokalamu i hui pū ʻia e hoʻohui i ka pā ahi, VPN, a me nā hiʻohiʻona pale komo.

- Hoʻopilikia i nā lā ʻole: He haʻahaʻa polokalamu i ʻike ʻole ʻia e ka mea kūʻai a mea hoʻomohala paha, e hāʻawi ana i kahi manawa no ka poʻe hoʻouka kaua e hoʻohana iā ia ma mua o ka hoʻokuʻu ʻia ʻana o kahi patch a i ʻole ka mea hou.

- Ransomware: He ʻano polokalamu ʻino e hoʻopili ai i ka ʻikepili o ka mea i pepehi ʻia a koi i kahi pānaʻi e hoʻihoʻi i ke komo ʻana iā ia.

- VPN (Virtual Private Network): He ʻenehana pūnaewele e hiki ai ke kamaʻilio paʻa ma waena o nā pūnaewele mamao a i ʻole nā ​​​​mea hana ma luna o kahi pūnaewele lehulehu, e like me ka pūnaewele.

- SSL VPN (Secure Sockets Layer Virtual Private Network): He ʻenehana VPN i hoʻopili ʻia e hāʻawi ana i kahi ala mamao paʻa i nā kumuwaiwai pūnaewele.

- AAA (Authentication, Authorization, and Accounting): He hoʻolālā no ka mālama ʻana a me ka hoʻokele ʻana i nā ʻōnaehana kamepiula a me nā kumuwaiwai pūnaewele, e pili ana i ka hōʻoia ʻana o nā mea hoʻohana, ka ʻae ʻana i kā lākou mau kuleana komo, a me ka hoʻopaʻa ʻana i kā lākou mau hana.

'Ōlelo Aʻo: ʻAʻole i loaʻa i kēia ʻatikala ka URL kumu kumu.