On April 18, 2023, the UK National Cyber Security Centre (NCSC) along with the United States FBI, NSA and CISA published a joint advisory describing how state-sponsored cyber actors were able to successfully exploit a known SNMP vulnerability (CVE-2017-6742) in Cisco IOS and Cisco IOS XE Software. This vulnerability was first disclosed in a security advisory on June 29, 2017. Fixed software was made available to all customers on that day. On January 11, 2018, Cisco updated the advisory, as the Cisco Product Security Incident Response Team (PSIRT) became aware of exploitation of the vulnerabilities described in the security advisory.
As described in the NCSC’s advisory the threat actor used weak SNMP community strings (including the default “public” community string) using an IP address unique to their infrastructure allowing them to perform reconnaissance and enumerate router interfaces.
Cisco has provided well-known advice for many years to restrict SNMP access only to trusted users. This applies to any management interface or service in the device. Exploitation of these vulnerabilities is best prevented by restricting access to trusted administrators and IP addresses. The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions that use SSH, NETCONF, and RESTCONF, as well as statistics-gathering with SNMP or NetFlow. NETCONF and RESTCONF provide significant security advantages over SNMP, including stronger authentication and encryption, more granular access control, better-structured data representation, and improved error handling and transaction support. While SNMP is still widely used for its simplicity and compatibility with older network devices, the security benefits of NETCONF and RESTCONF make them more suitable for modern network management.
When you consider the security of a network device, it is critical that the management plane be protected. Designed to prevent unauthorized direct communication to network devices, infrastructure access control lists (iACLs) are one of the most critical security controls that can be implemented in networks.
Details on how customers can apply mitigations and disable the affected MIBs are available in the security advisory.
Cisco Talos provided additional details about this specific campaign as well as observations of a larger issue of which this campaign is an example – a rising volume of attacks against aging networking appliances and software across all vendors. You can read their findings and recommendations in their a blog post also out today.
Infrastructure devices are critical components of any organization’s IT infrastructure. These devices are often the first line of defense against cyber-attacks and can help prevent unauthorized access to your network. Proper patch management for infrastructure devices reduces the risk of exploitation.
The following resources include numerous best practices on how to harden infrastructure devices, perform integrity assurance checks, and provide guidance on how to perform forensic investigations:
- Cisco Guide to Harden Cisco IOS Devices
- Cisco Security Indicators of Compromise Reference Guide
- Telemetry-Based Infrastructure Device Integrity Monitoring
- Cisco IOS Software Forensic Investigation Procedures for First Responders
Cisco IOS XE Software Forensic Investigation Procedures for First Responders
- Cisco IOS Software Integrity Assurance
Cisco IOS XE Software Integrity Assurance
Cisco recognizes the technology vendor’s role in protecting customers and won’t shy away from our responsibility to constantly provide you with up-to-date information, as well as guidance on how to protect your network against cyber-attacks.
For additional guidance and information, visit the below resources:
- Network Resilience resources on the Cisco Trust Center.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
My colleagues and I, acknowledge the enormous benefits of the security networking upgrade among other competitors in your market research.
We are confident in your product, enjoying such profound services and hope to receive notification of the next accomplishments in your journey of development.
And my friends are grateful for your assistance and recommend this “App” to cooperate entities and individuals.
I have developed into a good leader at work. But even more importantly I’ve developed into a better father and husband.
Hjbv fatehgarh regards
I’ll love my device to be protected from potential threats.
Free fire Max mein hacker banna hai hack using hack use karna hai kaise kar sakte hain
Hack use karna hai free fire Max mein
Hack use karna hai free fire Max meindfddgshat sadi cycjctdhsgshzuzgzjzgzjztxgxkxhxfxixirxsodfffxodrdtduskxksnztxosistcidyctgosystsostsjeosttfosysrdusosryfodtssiudtdjsystdsitdrssytddyvejctvdk SC rvidcoftd to ustsdiiddyduyd tu strxxhcjjdtcrvisidtvhskdyct ta jdidtrcuskdtdid it rddusjtdtdtisydrfsi it try diajbsfxyzizusgwistxgzjzkzirxoxtdisizyzgxosts
Seaport village of the world chief justice of the world ???? you guys have hhc jajis would have to make a n you guys too I am prime Minister of Mohammad sallallahu alaihi wasallam nickname huzoor sallallahu alaihi wasallam nickname Abdullah
Seaport village of the world chief justice ⚖️♎ you guys have hhc jajis would be great if we could just wanted okay
Muhammad sallallahu alaihi wasallam nickname huzoor sallallahu alaihi wasallam nickname Abdullah, Pakistan all meh ceehp jajis would be great if you guys King ???? you are huzoor ok
I’m Saudi Arabia bad Saha e waqat you with the world chief justice ⚖️♎ you feel better soon ????