Kutholwe ubungozi kusixhumi esibonakalayo sewebhu samadivayisi ane-JunOS

Darkcrizt

Imizuzu ye-4

ubungozi

Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.

Zimbalwa izinsuku ezedlule ulwazi lukhishwe ngobungozi obuhlukahlukene obukhonjwe kubo isixhumi esibonakalayo sewebhu "J-Web", esisetshenziswa kumadivayisi enethiwekhi yeJuniper afakwe uhlelo lokusebenza Juni.

Okuyingozi kakhulu ukuba sengozini I-CVE-2022-22241, ikakhulukazi lokhu ivumela ukwenza ikhodi ukude kusistimu ngaphandle kokuqinisekisa ngokuthumela isicelo se-HTTP esakhiwe ngokukhethekile.

Ingqikithi yokuba sengozini iwukuthi indlela yefayela edluliselwe umsebenzisi icutshungulwa kusikripthi /jsdm/ajax/logging_browse.php ngaphandle kokuhlunga isiqalo nohlobo lokuqukethwe esiteji ngaphambi kokuhlolwa kokuqinisekisa.

Umhlaseli angadlulisela ifayela le-phar eliyingozi ngaphansi kwesithunzi sesithombe bese usebenzisa ikhodi ye-PHP ebekwe kufayela le-phar usebenzisa indlela yokuhlasela ethi "Phar Deserialization".

Inkinga ukuthi uma ubheka ifayela elilayishiwe ngomsebenzi we-is_dir(). Ku-PHP, lo msebenzi ususa ngokuzenzakalelayo imethadatha ye-Phar File (PHP File) lapho ucubungula izindlela eziqala ngo-"phar://". Umphumela ofanayo ubonakala lapho kucutshungulwa izindlela zefayela elinikezwe umsebenzisi emisebenzini yefayela_get_contents(), fopen(), ifayela(), file_exists(), md5_file(), filemtime(), kanye ne-filesize() imisebenzi.

Ukuhlasela kuyinkimbinkimbi yiqiniso lokuthi, ngaphezu kokuqala ukukhishwa kwefayela le-phar, umhlaseli kufanele athole indlela yokuyilanda kudivayisi (lapho efinyelela /jsdm/ajax/logging_brows.php, angacacisa kuphela indlela ukwenza ifayela elikhona).

Ezimweni ezingase zibe khona zokuthi amafayela afinyelele idivayisi, kukhulunywa ngokulayisha ifayela le-phar ngokuzenza kwesithombe ngesevisi yokudlulisa izithombe nokufaka ifayela kunqolobane yokuqukethwe kwewebhu.

Okunye ukuba sengozini kutholiwe I-CVE-2022-22242, lobu sengozini ingaxhashazwa umhlaseli okude ongagunyaziwe ukuze antshontshe izikhathi ukuphathwa kwe-JunOS noma okusetshenziswe kuhlanganiswe nobunye ubungozi obudinga ukuqinisekiswa. Isibonelo, lobu bungozi bungasetshenziswa ngokuhambisana nephutha lokubhala ifayela langemuva kokuqinisekisa eliyingxenye yombiko.

I-CVE-2022-22242 ivumela ukushintshwa kwamapharamitha angaphandle okungahlungiwe ekuphumeni kweskripthi sephutha.php, esivumela ukubhalwa phansi kwendawo yonke futhi sisebenzisa ikhodi ye-JavaScript engafanele esipheqululini somsebenzisi uma isixhumanisi sichofozwa. Ukuba sengozini kungase kusetshenziswe ukuze kuvinjwe amapharamitha eseshini yomlawuli uma abahlaseli bengathola umlawuli ukuthi avule isixhumanisi esiklanywe ngokukhethekile.

Ngakolunye uhlangothi, ukukhubazeka kuyashiwo futhi I-CVE-2022-22243 engaxhashazwa yisihlaseli esikude esigunyaziwe ukuze ilawule izikhathi Ukuphatha kwe-JunOS noma ukuphazamisa ukusakazwa kwe-XPATH okusetshenziswa iseva ukuze ikhulume nabahlahli bayo be-XML kanye ne-СVE-2022-22244 nayo engase ixhashazwe umhlaseli okude ogunyaziwe ukuze aphazamise izikhathi zokuphatha ze-JunOS. Kukho kokubili ukufakwa esikhundleni kwenkulumo ye-XPATH ngokusebenzisa imibhalo ethi jsdm/ajax/wizards/setup/setup.php kanye /modules/monitor/interfaces/interface.php ivumela umsebenzisi oqinisekisiwe ngaphandle kwamalungelo okuphatha izikhathi zomlawuli.

Okunye ubuthakathaka zidaluliwe yilezi:

  • I-CVE-2022-22245: Uma ukulandelana ".." ezindleleni ezicutshunguliwe kusikripthi se-Upload.php kungahlanzwanga kahle, umsebenzisi ogunyaziwe angalayisha ifayela lakhe le-PHP kuhla lwemibhalo oluvumela ukwenziwa kombhalo we-PHP (isb. ngokudlula indlela " fileName=\..\..\..\..\www\dir\new\shell.php").
  • I-CVE-2022-22246: Amandla okusebenzisa ifayela le-PHP lendawo ngokunganaki ngokukhohlisa ngomsebenzisi ogunyaziwe onombhalo we-jrest.php, lapho kusetshenziswa khona amapharamitha angaphandle ukuze kwakhiwe igama lefayela elilayishwe umsebenzi we-"require_once("). (ngokwesibonelo, "/jrest.php?payload =alol/lol/any\..\..\..\..\any\file"). Lokhu kuvumela umhlaseli ukuthi afake noma yiliphi ifayela le-PHP eligcinwe kuseva. Uma lobu bungozi buxhashazwa kanye nokuba sengozini kokulayishwa kwefayela, kungaholela ekusebenziseni ikhodi yesilawuli kude.

Okokugcina Abasebenzisi bekhompyutha beJuniper bayanconywa ukuthi bafake isibuyekezo se-firmware futhi, uma lokhu kungenzeki, qinisekisa ukuthi ukufinyelela esibonakalayo sewebhu kuvinjiwe kumanethiwekhi angaphandle futhi kukhawulelwe kubasingathi abathembekile kuphela.

Uma ungathanda ukufunda okwengeziwe ngayo, ungathintana nemininingwane kokuthi isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.