Мultiple sources, including private, public, and cyber security research organizations and alliesalerts that cyber actors are exploiting a large number of network infrastructure devices (business-class and SOHO router, switch, firewall, Network-based Intrusion Detection System (NIDS)) worldwide.
Cyber actors leverage a number of legacy or weak protocols associated with network administration activities as Telnet, SNMP and TFTP, SMI and TFTP, GRE tunneling and the associated ports.
Cyber actors use these weaknesses to
- identify vulnerable devices;
- extract device configurations;
- map internal network architectures;
- harvest login credentials;
- masquerade as privileged users;
- modify: device firmware, operating systems, configurations; and
- copy or redirect victim traffic through cyber-actor-controlled infrastructure.
They could potentially modify or deny traffic traversing through the router.
Network devices are often easy targets because:
- Once installed, many network devices are not maintained at the same security level as other general-purpose desktops and servers.
- Owners and administrators of network devices do not change vendor default settings, do not configure them according to good security practices or do not update their firmware and software.
- ISPs do not replace equipment on a customer's property when that equipment is no longer supported by the manufacturer or vendor.
- Owners and administrators often overlook network devices when they investigate, examine for intruders, and restore general-purpose hosts after cyber intrusions.
• Do not let unencrypted protocols reach the organization via the Internet;
• Do not allow access to the management interface of any network device over the Internet;
• Disable old and weak protocols such as TelNet and SNMPv1 or v2c;
• Immediately change your default password and enact a strong password policy. Do not use the same password for multiple devices.
CERT Bulgaria recommends users and administrators to apply manufacturers's and security organizations's security advices as soon as possible after their released.
More information can be found at:
You can check the validity of the CISCO network device software at: