{"id":11097,"date":"2022-10-10T12:29:22","date_gmt":"2022-10-10T09:29:22","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11097"},"modified":"2022-10-10T12:29:22","modified_gmt":"2022-10-10T09:29:22","slug":"defcon30-cisco-updates-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/defcon30-cisco-updates-vulnerabilities\/11097\/","title":{"rendered":"Cisco kurumsal yaz\u0131l\u0131m\u0131nda g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan g\u00fcncellemeler"},"content":{"rendered":"<p>A\u011fustos ay\u0131nda ger\u00e7ekle\u015fen Black Hat 2022 konferans\u0131nda sistem y\u00f6neticilerinin ve g\u00fcvenlik sorumlular\u0131n\u0131n pratikte i\u015fine yarayacak \u00e7ok fazla sunum yer almad\u0131. Rapid7 ara\u015ft\u0131rmac\u0131s\u0131 Jacob Baines\u2019in raporu ise istisnalardan biriydi. Baines, Cisco kurumsal yaz\u0131l\u0131m\u0131n\u0131 analiz ederek yaz\u0131l\u0131mda nas\u0131l birden \u00e7ok g\u00fcvenlik a\u00e7\u0131\u011f\u0131 buldu\u011funu detayl\u0131 olarak anlatt\u0131. Jacob\u2019\u0131n bulgular\u0131na <a href=\"https:\/\/i.blackhat.com\/USA-22\/Thursday\/US-22-Baines-Do-Not-Trust-The-ASA-Trojans.pdf\" target=\"_blank\" rel=\"noopener nofollow\">slaytlar<\/a> halinde, ayr\u0131nt\u0131l\u0131 bir <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2022\/08\/11\/rapid7-discovered-vulnerabilities-in-cisco-asa-asdm-and-firepower-services-software\/\" target=\"_blank\" rel=\"noopener nofollow\">rapor<\/a> \u015feklinde ve GitHub\u2019da yard\u0131mc\u0131 programlar <a href=\"https:\/\/github.com\/jbaines-r7\/cisco_asa_research\" target=\"_blank\" rel=\"noopener nofollow\">seti<\/a> olarak ula\u015fabilirsiniz.<\/p>\n<p>Jacob; Cisco Adaptive Security Software, Adaptive Security Device Manager ve Firepower Services Software for ASA \u00e7\u00f6z\u00fcmlerini etkileyen 10 sorun buldu. Bu yaz\u0131l\u0131m \u00e7\u00f6z\u00fcmlerinin kontrol etti\u011fi \u00e7e\u015fitli kurumsal kullan\u0131c\u0131lara y\u00f6nelik Cisco sistemlerinin aras\u0131nda donan\u0131m g\u00fcvenlik duvarlar\u0131 ve u\u00e7tan uca g\u00fcvenlik \u00e7\u00f6z\u00fcmleri de var. Cisco bu sorunlardan yedisini g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olarak tan\u0131d\u0131, geri kalan \u00fc\u00e7\u00fc ise sa\u011flay\u0131c\u0131ya g\u00f6re g\u00fcvenli\u011fi etkilemiyor. Rapid7, Cisco\u2019yu \u015eubat\/Mart 2022\u2019de bilgilendirmi\u015f olsa da rapor a\u00e7\u0131kland\u0131\u011f\u0131 s\u0131rada yedi g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan ikisi hen\u00fcz kapat\u0131lmam\u0131\u015ft\u0131 (ba\u015fka birinin ise sonradan kapat\u0131ld\u0131\u011f\u0131 s\u00f6yleniyor).<\/p>\n<h2>G\u00fcvenlik a\u00e7\u0131klar\u0131 neler?<\/h2>\n<p>En dikkat \u00e7eken iki g\u00fcvenlik a\u00e7\u0131\u011f\u0131na g\u00f6z atal\u0131m. <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asa-asdm-sig-NPKvwDjm\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-20829<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131, Cisco ASA yaz\u0131l\u0131m\u0131nda kullan\u0131lan g\u00fcncelleme da\u011f\u0131t\u0131m metoduyla ilgili. Hata \u00e7ok basit: \u0130kili g\u00fcncelleme paketleri y\u00fckleme s\u0131ras\u0131nda hi\u00e7 do\u011frulanm\u0131yor, ne dijital imza do\u011frulama var ne de ba\u015fka bir \u015fey. Rapid7, Cisco ASDM ikili paketlerinin i\u015flenirken i\u015ftenen kodu y\u00fcr\u00fctecek \u015fekilde nas\u0131l modifiye edilebilece\u011fini g\u00f6sterdi.<\/p>\n<p>Dikkate de\u011fer ikinci g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ise <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asdm-rce-gqjShXW\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-1585<\/a>. 2020\u2019nin sonlar\u0131nda ara\u015ft\u0131rmac\u0131 Malcolm Lashley taraf\u0131ndan <a href=\"https:\/\/gist.github.com\/mlashley\/7d2c16e91fe37c9ab3b2352615540025\" target=\"_blank\" rel=\"noopener nofollow\">ke\u015ffedildi<\/a>. Lashley, g\u00fcncellemeler da\u011f\u0131t\u0131l\u0131rken TLS anla\u015fmas\u0131yla g\u00fcvenli bir ba\u011flant\u0131 kurmak i\u00e7in gerekli olan sertifikan\u0131n yanl\u0131\u015f i\u015flendi\u011fini buldu. Bu durum, bir sald\u0131rgan\u0131n Cisco m\u00fc\u015fterilerine kar\u015f\u0131 bir \u201cman-in-the-middle\u201d sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirebilmesini, yani me\u015fru bir g\u00fcncelleme kayna\u011f\u0131n\u0131 kendi kayna\u011f\u0131yla de\u011fi\u015ftirebilmesini sa\u011fl\u0131yordu. Bu sayede yama yerine k\u00f6t\u00fc ama\u00e7l\u0131 bir kod da\u011f\u0131t\u0131l\u0131p y\u00fcr\u00fct\u00fclebiliyordu. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ilgin\u00e7 bir ge\u00e7mi\u015fi var. Malcolm Lashley g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 Cisco\u2019ya Aral\u0131k 2020\u2019de bildirdi. Temmuz 2021\u2019de Cisco herhangi bir yama olmaks\u0131z\u0131n g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ayr\u0131nt\u0131lar\u0131n\u0131 yay\u0131nlad\u0131. Temmuz 2022\u2019ye gelindi\u011finde ise g\u00fcvenlik a\u00e7\u0131\u011f\u0131 \u015firket m\u00fc\u015fterilerine y\u00f6nelik kurum i\u00e7i portalda kapat\u0131ld\u0131 olarak i\u015faretlendi. Rapid7 durumun hi\u00e7 de b\u00f6yle olmad\u0131\u011f\u0131n\u0131 ortaya koydu; bir yama varsa bile i\u015fe yaram\u0131yordu.<\/p>\n<p>Di\u011fer g\u00fcvenlik a\u00e7\u0131klar\u0131 da \u00f6nemsiz say\u0131lmaz. \u00d6rne\u011fin <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-asasfr-cmd-inject-PE4GfdG\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2022-20828<\/a> uzaktan eri\u015fimle bir sistem y\u00f6neticisine sald\u0131rmak i\u00e7in kullan\u0131labiliyor. Demonstrasyonda \u00f6rnek olarak potansiyel sald\u0131rgan\u0131n tek bir komut girerek sisteme nas\u0131l tam eri\u015fim elde edebildi\u011fi g\u00f6sterildi. Dahas\u0131 Rapid7, FirePOWER \u00f6ny\u00fckleme mod\u00fcllerinin hi\u00e7 taranmad\u0131\u011f\u0131n\u0131 da ke\u015ffetti. Yani yaz\u0131l\u0131mdaki g\u00fcvenlik a\u00e7\u0131klar\u0131 kapat\u0131lsa bile daha eski ve yamalanmam\u0131\u015f bir s\u00fcr\u00fcm\u00fcn \u00f6ny\u00fckleme g\u00f6r\u00fcnt\u00fcs\u00fcn\u00fc geri y\u00fcklemek daima m\u00fcmk\u00fcn. Ger\u00e7ek sald\u0131r\u0131larda b\u00f6yle bir s\u00fcr\u00fcm d\u00fc\u015f\u00fcrme kullan\u0131lmas\u0131 olas\u0131l\u0131\u011f\u0131na ra\u011fmen Cisco bunu bir g\u00fcvenlik sorunu olarak de\u011ferlendirmiyor.<\/p>\n<h2>G\u00fcncelleme da\u011f\u0131t\u0131m\u0131 g\u00fc\u00e7l\u00fckleri<\/h2>\n<p>Bu g\u00fcvenlik a\u00e7\u0131klar\u0131, \u00fcst d\u00fczey kurumsal \u00e7\u00f6z\u00fcmler i\u00e7eren yaz\u0131l\u0131mlarda bile g\u00fcncelleme da\u011f\u0131t\u0131m sistemlerinin eksikleri oldu\u011funu g\u00f6steriyor. Bir s\u00fcre \u00f6nce Apple cihazlara y\u00f6nelik Zoom web istemcisinde de benzer bir sorundan <a href=\"https:\/\/www.kaspersky.com\/blog\/defcon30-zoom-vulnerability\/45420\/\" target=\"_blank\" rel=\"noopener nofollow\">bahsetmi\u015ftik<\/a>. G\u00fcncelleme kontrol i\u015flemi olduk\u00e7a g\u00fcvenli g\u00f6r\u00fcn\u00fcyordu; sunucuya eri\u015fim g\u00fcvenli bir ba\u011flant\u0131 \u00fcst\u00fcnden ger\u00e7ekle\u015ftiriliyordu, g\u00fcncelleme dosyas\u0131 da dijital imzal\u0131yd\u0131. Ancak imza do\u011frulama prosed\u00fcr\u00fc, do\u011fru y\u00fcr\u00fct\u00fclebilir dosya yerine herhangi bir \u015feyin en y\u00fcksek ayr\u0131cal\u0131kla y\u00fcr\u00fct\u00fclmesine izin veriyordu. \u201cK\u00f6t\u00fc ama\u00e7l\u0131 g\u00fcncellemelerin\u201d ger\u00e7ek sald\u0131r\u0131larda kullan\u0131ld\u0131\u011f\u0131 \u00f6rnekler de var. 2018\u2019de Kaspersky ara\u015ft\u0131rmac\u0131lar\u0131 Mikrotik y\u00f6nlendiricilerin g\u00fcvenli\u011fini ihlal etmeye y\u00f6nelik Slingshot APT sald\u0131r\u0131s\u0131nda bu y\u00f6ntemi <a href=\"https:\/\/usa.kaspersky.com\/blog\/web-sas-2018-apt-announcement-2\/14873\/\" target=\"_blank\" rel=\"noopener\">tespit etmi\u015fti<\/a>.<\/p>\n<p>Cisco \u00f6rne\u011finde ASDM ikili paketinin dijital imzas\u0131n\u0131 do\u011frulamay\u0131 atlatmak bile gerekmiyor; b\u00f6yle bir do\u011frulama yok (A\u011fustos 2022\u2019de bir mekanizman\u0131n devreye girdi\u011fi s\u00f6yleniyor ama g\u00fcvenilirli\u011fi hen\u00fcz test edilmedi). Asl\u0131na bak\u0131l\u0131rsa Black Hat\u2019teki ara\u015ft\u0131rmac\u0131lar\u0131n \u00f6ne s\u00fcrd\u00fc\u011f\u00fc t\u00fcm sald\u0131r\u0131lar ger\u00e7ekle\u015ftirmesi olduk\u00e7a g\u00fc\u00e7 sald\u0131r\u0131lar. Fakat bu durumda dosya \u015fifreleyen bir fidye yaz\u0131l\u0131m\u0131 kar\u015f\u0131s\u0131nda veya ticari s\u0131rlar\u0131n \u00e7al\u0131nmas\u0131 durumunda kaybedecek \u00e7ok fazla \u015feyi olan b\u00fcy\u00fck kurulu\u015flardan bahsetti\u011fimiz i\u00e7in bu riski ciddiye almak gerekiyor.<\/p>\n<h2>Bu konuda ne yap\u0131labilir<\/h2>\n<p>Bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n kendine has \u00f6zellikleri g\u00f6z \u00f6n\u00fcnde bulunduruldu\u011funda Rapid7 ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n ba\u015fl\u0131ca tavsiyesi, tam eri\u015fimli y\u00f6netici modunda \u00e7al\u0131\u015fmay\u0131 m\u00fcmk\u00fcn oldu\u011funca s\u0131n\u0131rland\u0131rmak. Bu yaln\u0131zca altyap\u0131ya y\u00fcksek ayr\u0131cal\u0131klarla uzaktan ba\u011flanmay\u0131 kapsam\u0131yor. Maksimum \u00e7evrimd\u0131\u015f\u0131 izolasyonla bile, k\u00f6t\u00fc ama\u00e7l\u0131 g\u00fcncellemelerle ya da bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 k\u00f6t\u00fcye kullanan basit bir kodla hacklemenin m\u00fcmk\u00fcn oldu\u011funu g\u00f6steren bir\u00e7ok \u00f6rnek var. Altyap\u0131ya tam eri\u015fimi olan ki\u015fileri dikkatle g\u00f6zetim alt\u0131nda tutmak ve y\u00f6netici olarak ger\u00e7ekle\u015ftirilen eylemleri s\u0131n\u0131rland\u0131rmak ba\u015far\u0131l\u0131 bir sald\u0131r\u0131 olas\u0131l\u0131\u011f\u0131n\u0131 azaltmaya yard\u0131mc\u0131 olacakt\u0131r. Ancak yine de risk tamamen ortadan kalkmayacakt\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00dcst d\u00fczey kurumsal \u00e7\u00f6z\u00fcmlerin g\u00fcncelleme da\u011f\u0131t\u0131m sistemlerinde bile &#8220;\u00e7ocuk\u00e7a&#8221; hatalar olabiliyor.<\/p>\n","protected":false},"author":2411,"featured_media":11098,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[767,1886,790],"class_list":{"0":"post-11097","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-def-con","10":"tag-guncellemeler","11":"tag-guvenlik-aciklari"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/defcon30-cisco-updates-vulnerabilities\/11097\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/defcon30-cisco-updates-vulnerabilities\/24737\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/defcon30-cisco-updates-vulnerabilities\/20208\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/defcon30-cisco-updates-vulnerabilities\/27211\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/defcon30-cisco-updates-vulnerabilities\/25065\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/defcon30-cisco-updates-vulnerabilities\/25377\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/defcon30-cisco-updates-vulnerabilities\/27916\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/defcon30-cisco-updates-vulnerabilities\/45718\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/defcon30-cisco-updates-vulnerabilities\/19568\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/defcon30-cisco-updates-vulnerabilities\/20140\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/defcon30-cisco-updates-vulnerabilities\/29377\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/defcon30-cisco-updates-vulnerabilities\/31112\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/defcon30-cisco-updates-vulnerabilities\/30802\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11097"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11097\/revisions"}],"predecessor-version":[{"id":11099,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11097\/revisions\/11099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11098"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}