That results in some data centers being unavailable, and that, in turn, results in some popular sites being down.Īccording to Cisco Talos, there are more than 168,000 devices found on Shodan, that have this vulnerability.
#VSTACK COMMAND CISCO INSTALL#
Once it finds a vulnerable switch, it exploits the Smart Install Client, rewrites the config – and thus takes another segment of the Internet down. It seems that there’s a bot that is searching for vulnerable Cisco switches via the IoT search engine Shodan and exploiting the vulnerability in them (or, perhaps, it might be using Cisco’s own utility that is designed to search for vulnerable switches). The malefactors then rewrite the Cisco IOS image on the switches and change the configuration file, leaving a message that reads “Do not mess with our elections” there.
#VSTACK COMMAND CISCO SOFTWARE#
An unknown threat actor is exploiting a vulnerability in a piece of software called Cisco Smart Install Client, which allows them to run arbitrary code on the vulnerable switches. The attack seems to be happening in the following manner. There’s a reason for that according to our sources, there’s a massive attack against Cisco switches going on right now – these switches are used in data-centers all across the globe. The easiest way to mitigate this problem is to run the command “no vstack” on the affected devices. If this is not feasible, the best option is to use access control list on the APIs to restrict access.Let’s say that your internet connection suddenly went down or, perhaps, you cannot reach your favorite website.
On March 29, Cisco warned that at least 8.5 million switches were under attack, and as many as 168,000 systems in the world might be affected by this vulnerability.Īccording to Cisco Talos researchers, attackers are exploiting the “protocol abuse”vulnerability in the Cisco Smart Installation Client to get access to critical infrastructure providers. In the week following Cisco’s announcement, Cisco released a Smart Installation Client (a tool for rapid deployment of new switches) threat notification.Īccording to Cisco, an organization can determine if a device is affected by a smart installation issue by running the command “show vstack config”, which will show if the smart installation client is active. It is said that 8.5 million switches worldwide may be attacked, leading to 160,000 systems being potentially affected
With 14,000 devices in our country affected, the Iran’s total affected devices is at 2%.”
#VSTACK COMMAND CISCO PC#
TCP port 4786 needs attentionĬisco issued an alert in February 2017 saying that Smart Install Clients that were not turned off or did not have proper security controls configured had increased the frequency of scanning the Internet. Hackers can send new commands to switches running Cisco IOS or IOS XE network operating systems.īy exploiting the vulnerability, hackers can target attacks towards critical infrastructure of a number of countries, including Iran. According to the report, due to the problems in the data centers of major Internet service providers such as Afranet, Shatel, Sabanet, etc., Many Iran’s important services and websites were out of service last night.Īccording to “the guardian”, Iranian IT Minister Mohammad Javad Azari-Jahromi posted on Twitter with a snapshot of a PC screen displaying a US flag along with hackers’information. He said it is still not clear who carried out the attack. According to a state television report, Azali Jahumi stated that the attack mainly affected Europe, India and the United States.Īzari-Jahromi said: “Approximately 55,000 devices in the United States have been affected.
He added that when starting to work on Saturday morning, all Iranian companies or organizations will face some confusion and anomalies in their networks, and they should take immediate actions to eliminate these problems.Ĭisco IOS / IOS XE remote code execution vulnerability CVE-2018-0171 exploit highly suspected. “No abnormal data access and leaks were caused. Problem Has Been Solved, Said Iran OfficialĪli Nickelneuve, director of Iran Cyber Police (FATA) Center for Detection and Prevention, said on Saturday The attack involved Iran 3500 switches, but the official in the country emphasized that the attack didn’t lead to sensitive data leakage. From description, the suspected attacker exploited the Cisco IOS / IOS XE remote code execution vulnerability-2018-0171 CVE, while Cisco said, on a global range more than 8.5 million switches are potential attack targets, hence more than 160,000 systems may be affected. News from The Iran Project, the Iranian cyber police confirmed Friday night that the country’s data center was attacked.
0 kommentar(er)
