8.7 C
London
Wednesday, September 20, 2017
Home Tags Simple Network Management Protocol

Tag: Simple Network Management Protocol

Attackers are leveraging misconfigurations in networks' Cisco Smart Install and SNMP protocols.

Businesses are urged to review their device logs for any unusual activity.
Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software.
Nine SNMP MIBs vulnerable Cisco's been caught out by the venerable Simple Network Management Protocol, turning up nine bugs in IOS and IOSnbsp;XE that appear in all SNMP versions.…
The Simple Network Management Protocolnbsp;(SNMP) subsystem of Cisconbsp;IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system ...
With Open IOS XE, Cisco is changing the game Old-school network engineers probably remember the Cisco 2500-series router.
It ran a slow Motorola 68000 CPU, the monolithic IOS operating system, and did one thing only:  route packets.Routers and switches have certainly sped up since then, and the operating system has been modernized, but networking hasn't changed much otherwise. We still use CLI and SNMP to manage our networks the same way we did in the 1990s.With Open IOS XE, however, Cisco is changing the game. We now support powerful programmable interfaces like NETCONF and YANG. We can easily on-board devices without tedious manual configuration, and we can host Python scripts and applications all directly on the box.To read this article in full or to leave a comment, please click here
With Open IOS XE, Cisco is changing the game Old-school network engineers probably remember the Cisco 2500-series router.
It ran a slow Motorola 68000 CPU, the monolithic IOS operating system, and did one thing only:  route packets.Routers and switches have certainly sped up since then, and the operating system has been modernized, but networking hasn't changed much otherwise. We still use CLI and SNMP to manage our networks the same way we did in the 1990s.With Open IOS XE, however, Cisco is changing the game. We now support powerful programmable interfaces like NETCONF and YANG. We can easily on-board devices without tedious manual configuration, and we can host Python scripts and applications all directly on the box.To read this article in full or to leave a comment, please click here
Hundreds of thousands of internet gateway devices around the world, primarily residential cable modems, are vulnerable to hacking because of a serious weakness in their Simple Network Management Protocol implementation.SNMP is used for automated network device identification, monitoring and remote configuration.
It is supported and enabled by default in many devices, including servers, printers, networking hubs, switches and routers.[ 18 surprising tips for security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Independent researchers Ezequiel Fernandez and Bertin Bervis recently found a way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers.To read this article in full or to leave a comment, please click here
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is...
Each DDoS (distributed denial-of-service) attack seem to be larger than the last, and recent advisories from Akamai and Ixia indicate that attackers are stepping up their game.

As attackers expand their arsenal of reflection methods to target CLDAP ...
Payroll printer, HR's server - wahey... jackpot! Network Management Systems are far more easily attacked than previously reckoned, according to new research by Rapid7. The firm behind the popular Metasploit penetration testing tool warns that vulnerabilities in systems used to manage network elements (routers, servers, printers and more) offers attackers a “treasure map” of valuable - and perhaps non-obvious - enterprise targets, such as the printer that is responsible for payroll runs, or HR's central server containing personally identifiable information on the employee base. The new research from Rapid7 explores how it is often possible to attack various types of network management system (NMS) over the Simple Network Management Protocol (SNMP), a protocol used extensively by NMSes to manage and monitor a wide variety of networked devices.

Three distinct attack vectors are explored: Passively injecting Cross-Site Scripting (XSS) attacks over SNMP agent-provided data, which is passed unprocessed from the SNMP server service and rendered on an NMS web-based administration console. Actively injecting XSS attacks over SNMP trap alert messages, intended for NMS consoles. Format string processing on the NMS web management console, when format strings passed unprocessed from SNMP agent-provided data. The prevalence of the flaws is partly explained because Machine-to-machine communications “often escape the scrutiny afforded to more typical user-to-machine communication”, according to Deral Heiland, research lead at Rapid7.
Varied failures to inspect resulted in exposing NMS web-based administration consoles to persistent XSS and a format string exploit. Rapid7’s research team uncovered 13 vulnerabilities across products from nine different vendors, all of which came as a result of a lack of validation of machine-provided input.

All nine of the vendors were notified of these issues by Rapid7 well before the publication of paper on the research on Wednesday. Products accessed included Castle Rock SMNPc, CloudView NMS, Ipswitch WhatsUp Gold, ManageEngine OpUtils, Netikus EventSentry, Opmantek NMIS, Opsview Monitor, Paessler PRTG and Spiceworks Desktop. Users of these products are urged to ensure they are running the latest versions of the software. ®
And none of you are patching it, not even UK government users Tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit thought to have been cooked up by the United States National Security Agency (NSA). The "Extra Bacon" exploit was one of many found as part of an Equation Group cache leaked by a hacking outfit calling itself the Shadow Brokers. Equation Group is thought to be an offensive NSA Tailored Access Operations unit. The leaked exploits and the tools stolen by Shadow Brokers are thought to have come from a compromised command and control staging server. Cisco has rushed out patches against the Extra Bacon exploit, while researchers extended the attack to compromise more modern ASA units. Now Rapid 7 engineering duo Derek Abdine and Bob Rudis say tens of thousands of ASA boxes appear still to be exposed to the attack judging by the time of last reboot. The pair scanned the 50,000 ASA devices Rapid 7 had previously catalogued to find the last time reboot times. About 12,000 refused to provide the information. Some 10,000 of the 38,000 ASA devices had rebooted within the 15 days since Cisco released its patch, meaning about 28,000 were un-patched. Those un-patched include four large US firms, a UK government agency and a financial services company, and a large Japanese telecommunications provider. Exploiting Extra Bacon while severe is complex and unreliable, and does not mean all un-patched vulnerable ASA boxes are at high risk. Attackers must reach vulnerable devices through UDP SNMP and know the SNMP community string, and have SSH access. "Even though there's a high probable loss magnitude from a successful exploit, the threat capability and threat event frequency for attacks would most likely be low in the vast majority of organisations that use these devices to secure their environments," Abdine and Rudis say. "Having said that, Extra Bacon is a pretty critical vulnerability in a core network security infrastructure device and Cisco patches are generally quick and safe to deploy, so it would be prudent for most organisations to deploy the patch as soon as they can obtain and test it." The pair caution those organisations which have considered the chance for exploitation to be low to fully understand their exposure. ®
Buggy defaults in SNMP This week's Cisco patch round includes a critical vuln in the kind of product least likely to get patched – a small business Ethernet switch. The Small Business 220 Series Smart Plus switches ship with a hard-coded SNMP community string, which means if it's visible to the Internet, a remote attacker can access its SNMP objects. While Cisco rates the vulnerability as critical, it also notes that SNMP is off by default on the devices; it's only if the management protocol is turned on that the devices are vulnerable. It's present on switches running firmware release 1.0.0.17, 1.0.0.18, and 1.0.0.19; new firmware is available. The same switches also have issues in their Web interface: a cross-site request forgery bug; a cross-site scripting issue; and a denial-of-service vulnerability. WebEx Meetings Player can be crashed by a remote attacker – in the author's experience it can be crashed just by trying to join a meeting, but whatever – and a new version is available. There are also a couple of minor DoS vulnerabilities in Switchzilla's wireless LAN controller software. ® Sponsored: 2016 Cyberthreat defense report