![]() So we are back from Tombsweep festival and are able to take a close look at our honeypot on port 4786, what we saw indicates it actually has nothing to do with CVE-2018-0171, instead, it is using, which leads to CVE-2016-1349 pic.twitter. Update 4/9/18: 360Netlab has stated that they these were attacks were actually using the CVE-2018-0171 vulnerability, which also targets the Smart Install feature. and UK routers that they discovered by issuing the no vstack command.Ä«leepingComputer has sent questions to the email listed in the message, but have not heard back at the time of this publication. They also claimed to fix the vulnerability on any U.S. 'Smart Install is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. ![]() The attackers have told Motherboard that they scanned many countries for vulnerable systems, but only attacked Russian or Iranian routers. Despite the command containing 'vStack' it is referring to the Smart Install feature for Cisco switches and not Cisco StackWise which is the feature/technology for the stack switches. If you use a VLAN other than vlan 1 for management, then the intermediate switch must be Smart Install capable switch. According to Reuters, Iran's Communication and Information Technology Ministry stated that over 200,000 routers worldwide were affected, with 3,500 of them being in Iran. In a tweet, Iran's ICT Minister Mohammad Javad Azari-Jahromi stated that by 4:12PM EST yesterday, 95% of the affected routers in Iran had been restored to normal service. Intermediate switches or clients connected to the director through an intermediate switch in a multihop environment can be, but are not necessarily Smart Install-capable, provided the management VLAN is set to default VLAN1.
0 Comments
Leave a Reply. |