Vulnerability in Cisco IOS left users without Internet

Date:

2018-04-06 22:15:08

Views:

4481

Rating:

1Like 0Dislike

Share:

Vulnerability in Cisco IOS left users without Internet Source:

Currently, a powerful botnet attack. All Internet addresses are scanned for the presence of fresh vulnerabilities in the software of the Cisco IOS that allows you to remotely execute commands on Cisco devices. The bot walks to the device and remove the configuration, recording is her own files.

A Vulnerability has received the identifier CVE-2018-0171 and scored 9.8 points on a scale of CVSS. If you have just turned off the Internet or off in the near future, then with high probability, this is due to the above vulnerability. The Network performance issues are observed now. Including the team Hi-News.ru.

Cisco has published a report according to which hundreds of thousands of devices on the Network vulnerable with Smart Install. The company has warned critical infrastructure about the risks of using vulnerable devices.

Smart Install allows you to automate the process of initial configuration and download the current operating system image for a new network switch.

About the problem of burst scans in an attempt to detect vulnerable devices that are activated Smart Install, Cisco reported in February last year. At that time it was said that hacker groups can use Smart Install to receive copies of the configurations of affected devices customers. In addition, it was reported that the attackers used the tool open source for scanning in search of vulnerable systems. This tool is called Smart Install Exploitation Tool (SIET).

Now Cisco issued a new statement:

"Cisco is aware of a significant increase in the number of attempts to scan for vulnerable devices with an activated Smart Install. As a result of successful attack an attacker can modify the configuration file, force restart your device to upload new image IOS, to run CLI commands with the highest rights".

According to experts, some of these attacks were carried out by a group known as Dragonfly, Crouching Yeti and Energetic Bear. In this regard, administrators are advised to install the update or disable in device settings SMI technology designed to automate the initial configuration and download the firmware for the new switches.

The Problem is that many owners do not adjust or turn off the SMI Protocol and the client continues to wait for commands "ustanovlennuyu" in the background. Using the vulnerability, an attacker can modify the settings of the TFTP server and retrieve the configuration files via TFTP, change the General configuration file of the switch, replace the OS image IOS, to create a local account and to provide an opportunity for the attacker to log into the device and execute any command.

To exploit the vulnerability the attacker needs to contact TCP port 4786 is open by default. It is reported that the problem can be used as a DoS attack, leading the vulnerable devices into an endless loop of reboots.

According to the Cisco Talos, currently available 168 thousand switches that support SMI. However, according to analytical group Embedi in total, the Internet discovered more than 8.5 million units with an open port 4786, and the patch that fixes the critical vulnerability is not established approximately 250 000 of them.

Analysts Embedi conducted penetration testing on devices Catalyst 4500 Supervisor Engine and switch series Cisco Catalyst 3850 and Cisco Catalyst 2960, but probably we are talking about the vulnerability of all devices running on Smart Install, namely:

the
    the
  • Catalyst 4500 Supervisor Engines;
  • the
  • Catalyst 3850 Series;
  • the
  • Catalyst 3750 Series;
  • the
  • Catalyst 3650 Series;
  • the
  • Catalyst 3560 Series;
  • the
  • Catalyst 2960 Series;
  • the
  • Catalyst 2975 Series;
  • the
  • IE 2000;
  • the
  • IE 3000;
  • the
  • IE 3010;
  • the
  • IE 4000;
  • the
  • IE 4010;
  • the
  • IE 5000;
  • the
  • SM-ES2 SKUs;
  • the
  • SM-ES3 SKUs;
  • the
  • NME-16ES-1G-P;
  • the
  • SM-X-ES3 SKUs.

Cisco has published the Protocol is disabled on the affected devices, and also released a tool for scanning local networks or the Internet to search for vulnerable devices.

Recommended

And you can? SpaceX has released a real simulation of Crew Dragon docks with ISS

And you can? SpaceX has released a real simulation of Crew Dragon docks with ISS

this month a new spacecraft from SpaceX Crew Dragon will deliver its first passengers to the International space station. How will this happen? Now you can see what the astronauts see when approaching the ISS. SpaceX has released the real online simu...

What the company will definitely survive the pandemic?

What the company will definitely survive the pandemic?

In the world in the midst of a pandemic coronavirus, which has already affected millions of people. And I'm not talking only about those who were infected, but also about those who have lost a job, got laid wages or even can no longer conduct busines...

Will we be able to survive without the Internet?

Will we be able to survive without the Internet?

do you think we are still the ones who roamed the earth thousands of years, or we become a new society — society ONLINE? Almost like in the cult movie the Matrix. I have long thought that we are very dependent on the Internet, but wonder how. L...

Comments (0)

This article has no comment, be the first!

Add comment

Related News

Roskomnadzor decided to block Telegram through the court

Roskomnadzor decided to block Telegram through the court

As reported by numerous sources with reference to the press service of Roskomnadzor, the Agency appealed to the court to block the messaging service Telegram. The lawsuit was filed to the Tagansky district court of Moscow and was ...

Telegram could

Telegram could "undermine the national currency" of Iran

a Platform for the exchange of messages, Telegram, created by Pavel Durov and his team, had just completed the second round of the ICO record, and the results did not like the government of Iran. The app is extremely popular in au...

Microsoft has begun integrating Azure with bloccano Ethereum

Microsoft has begun integrating Azure with bloccano Ethereum

the Developers of the cloud platform Azure from Microsoft reported that they began work on the integration of the service with bloccano Ethereum. According to them, the new decision will allow to start applications for simultaneou...

NASA's orbital test mobile data transmitters

NASA's orbital test mobile data transmitters

When a small spacecraft needed to transmit data to Earth, he has to wait when he gets within range of a ground station, and it's pretty long and not always convenient, especially if we are talking about small satellites with modes...

New Android virus intercepts calls to the Bank

New Android virus intercepts calls to the Bank

there are various companies are discovering hundreds of new viruses. Among them can be as innocuous and highly hazardous computer programs that can leave you without a single penny in the Bank account. And recently had a virus on ...

Philips is testing the technology Li-Fi in offices

Philips is testing the technology Li-Fi in offices

Philips has announced that it began testing its technology Li-Fi (Lighting Fidelity) at the offices of the French investment company Icade. At the moment, Li-Fi provides employees with broadband access to the Internet using led's ...

In Facebook you can now write 3D messages

In Facebook you can now write 3D messages

In recent years, social network Facebook began to introduce more innovation to its users. For example, recently introduced support for the three-dimensional positions that will give users a new degree of freedom in the design of m...

SpaceX successfully launched the first satellites for Internet distribution

SpaceX successfully launched the first satellites for Internet distribution

After repeated postponements of the launch that took place for different reasons, today, February 22, the company SpaceX, owned by Elon musk, were finally able to launch a rocket, the Falcon 9, on Board of which were the first two...

How to understand the Zen? We know the quickest way!

How to understand the Zen? We know the quickest way!

You are reading in the browser, mobile platforms, iOS and Android, but also sometimes in social networks. But today we want to tell you about a new way of reading Hi-News.ru that could well be of interest to you. Not so long ago ...

The US government has offered to make a SpaceX Internet service provider

The US government has offered to make a SpaceX Internet service provider

next Saturday, the company SpaceX to send into orbit two test satellites Microsat 2a and 2b, which will be distributed on the Internet, covering a floor area up to ten kilometers each. These two satellites — «a drop in ...

Mark Zuckerberg will distribute $ 10 million in the most interesting community in Facebook

Mark Zuckerberg will distribute $ 10 million in the most interesting community in Facebook

for anybody not a secret that the most popular communities in social networks are a good source of income for their administrators. But Facebook decided to best motivate your community. As recently stated by the Creator of the soc...

Facebook: social networks have negative influence on democracy

Facebook: social networks have negative influence on democracy

Today it is hard to deny the influence of social networks on people's minds, although even ten years ago such a statement would be perceived with great skepticism. And even a giant and a pioneer social networking company Facebook ...

Rostov hacker hacked PayPal

Rostov hacker hacked PayPal

Despite the development of new methods of cyber security, e-wallets and payment systems will always be a tasty morsel for hackers and other dishonest people that live on the world wide web. Have repeatedly made attempts of hacking...

5G Qualcomm: are we ready for the future?

5G Qualcomm: are we ready for the future?

Qualcomm — one of the companies that are involved in order to bring the future of communication and give the world a new communication standard 5G. Can we call the timely desire to transition to higher-speed technology in a ...

Named list of the worst passwords of 2017

Named list of the worst passwords of 2017

the Company SplashData, specializing in providing information security services, annually makes the list of most popular passwords, based on millions of stolen logins, which end up in open access. And every year we never cease to ...

New ISS crew launched from Baikonur rocket

New ISS crew launched from Baikonur rocket "Soyuz-FG"

booster «the Union-FG» with the manned spacecraft «Union, MS-07» and a new crew was launched from Baikonur to International space station (ISS), RIA Novosti reported. On Board «Union» are the astrona...

Microsoft tries to breathe life into the Bing search engine using artificial intelligence

Microsoft tries to breathe life into the Bing search engine using artificial intelligence

it is Unlikely that many of our readers use the Bing search engine as the main source of searched information. Certainly there are such people, but they are the vast minority. The greater part of the users preferring such as Googl...

Search engine

Search engine "Sputnik" has received 260 million rubles for the development

Recognized as unprofitable domestic search engine «Satellite» more in the summer on the verge of closing. On its further fate of the «Rostelecom», to which the search belongs, refused to speak, pointing to the ...

Sun startup Exchange of South Africa pay for electricity with bitcoin

Sun startup Exchange of South Africa pay for electricity with bitcoin

Yes, exactly. The essence of a startup is that it offers to invest in the construction of the farms that supply solar energy to where need it most. Investment Exchange Sun collects on Indiegogo, allowing investors to buy individua...

Facebook releases messenger baby

Facebook releases messenger baby

the Issue of security and privacy of user data on the Internet lately discussed more often. The main focus of the creators of social networks are doing to protect the younger generation from inappropriate content, to keep track of...