High Threat Security Alert (A18-04-06): Protecting the Network Infrastructure


 

Published on: 18 April 2018

  
  

Description:

Reports indicate that there is elevated risk of cyber attacks on vulnerable network devices. Users are advised to patch and harden all network devices immediately. Since exploits are publicly available for the recently patched Cisco Smart Install (SMI) vulnerability mentioned in A18-03-07, please prioritise to patch the affected devices.

 

Affected Systems:

  • Generic Routing Encapsulation (GRE) Enabled Devices
  • Cisco Smart Install (SMI) Enabled Devices
  • Simple Network Management Protocol (SNMP) Enabled Network Devices

 

Recommendation:

US-CERT, UK’s National Cyber Security Centre (NCSC) and Cisco have published their alerts and advisories respectively to provide information on the cyber exploitation of network infrastructure devices, such as routers, switches, firewalls, and network-based Intrusion Detection System (NIDS) devices. To mitigate the risks of network attacks, users are advised to follow the best practices to protect all network devices, including both Internet-facing and internal network equipment. In particular, users are advised to take the following action immediately:

  1. Patch the critical SMI vulnerability as mentioned in the Cisco Advisory and our Security Alert A18-03-07, which allows remote code execution.
  2. Disable SMI, Generic Routing Encapsulation (GRE), Simple Network Management Protocol (SNMP) and other unnecessary services on network equipment, including routers, switches, firewalls, and any other network appliances or systems.
  3. For those necessary network services, administrators should apply access control to restrict connections only from authorised parties.
  4. Conduct log review regularly to monitor for any suspicious network connections and activities.

For details, please refer to the following resources:

https://www.us-cert.gov/ncas/alerts/TA18-106A

https://www.ncsc.gov.uk/alerts/russian-state-sponsored-cyber-actors-targeting-network-infrastructure-devices

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a

 

More Information:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0171

 



Tag: Cisco , GRE , SMI , SNMP
Tags