Warning: Detecting more than 1000 Cisco router and switch devices in Vietnam has a serious security error
There are more than 1000 Cisco router and switch devices in Vietnam (all devices used in large network environments and core systems) are subject to serious security errors.
The Information Security Department (Ministry of Information and Communications) has sent a warning letter about a group of 40 critical safety information points on Cisco routers (switches) and switches (switches). In particular, in the vulnerable Cisco IOS operating system with international error code CVE-2018-0171 exists in the Smart Install function, a function used to manage installation, device deployment and is normally enabled determined.
Bad guys take advantage of this flaw to send a Smart Install fake message to the TCP port 4786 of the device. If successful, a process will be started to reload the device, execute remote code or perform an infinite loop on the device that leads to a denial of service.
Previously, Cisco confirmed information about this vulnerability on its router / switch devices on March 28, 2018. Since then, the CVE-2018-0171 vulnerability has been exploited by bad guys to carry out many cyber-attacks around the world.
According to VARANS, there are more than 1000 devices affected in Vietnam and the country with the most IP range detected. Therefore, users need to be very wary.
The list of Cisco network devices is affected by the vulnerability:
In order to ensure information security and prevent the risk of network attacks, administrators at agencies and organizations check and review network devices that may be affected and fix vulnerabilities.
How to check CVE-2018-0171 vulnerability
To check CVE-2018-0171 vulnerability, administrators can do one of the following:
Method 1: Use tools published by Cisco at the following link: https://github.com/Cisco-Talos/smi_check
Method 2: Run the show vstack config command on the Cisco device. If the device uses the Smart Intstall Client, the following content will appear:
switch # show vstack config | inc Role
Role: Client (SmartInstall enabled)
How to fix security holes on Cisco routers and switches
Method 1: Update and upgrade the operating system for routers and switches according to Cisco's instructions at the following address:
- https://goo.gl/tbYqPu
Method 2: Run the no vstack command on the affected device to turn off the Smart Instal feature if not needed.
Method 3: If you don't use Access List, you can block 4786.
For more information on vulnerability analysis and PoC, you can visit the link below.
- https://goo.gl/hc8saV
See more:
- Warning: GandCrab extortionist code is attacking Vietnam
- Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype .
You should read it
- Instructions for configuring Cisco routers
- What is Cisco's new programmable switch?
- Extremely powerful Wi-fi transmitter for businesses
- The Linksys smart Wi-Fi router was found to contain information leaks of connected devices
- Cisco Router Configuration Guide 1800 series (Cisco 1801, 1802, 1803, 1811, 1812)
- Review the Cisco RV180 VPN router
- The basics of Cisco Switch Management - Part 2
- Good hackers find and patch the vulnerability for more than 100,000 other routers
May be interested
- What is a router? Operating principle of Routerto better understand what a router is, let's take a look at the article below with huy khang. router is a device that spreads wifi waves to connect to many devices.
- How to Secure WiFi with tips on the routerrouter controls access to home wifi network and all phones, tablets, and laptops. etc .. connect via router. it is therefore essential to keep the router as secure as possible.
- Detect dangerous security holes affecting many D-Link routerssecurity researchers miguel méndez zúñiga and pablo pollanco of telefónica chile have just published proof-of-concept (poc) that allows hackers to execute remote commands and exploit vulnerabilities that leak information related to many d-link routers are being used worldwide.
- Basic information about network equipmentin order to be able to use and connect networks to computers, we need dedicated network installation devices. including 5 basic names including repeater, hub, switch, router and gateway. each device has different characteristics as well as ability to work.
- Warning: Detecting a very serious vulnerability in Cyberoam, a common firewall system in Vietnamvsec is broadcasting a warning about an extremely dangerous vulnerability with the code name cve-2019-17059 on cyberoam.
- Warning: If you own an old D-Link VPN router, throw it away!the manufacturer has confirmed that a serious vulnerability has been found in some devices that are no longer officially supported.
- How to Configure TP Link Routera router (or router) is a device that connects multiple devices (such as computers and smartphones) to a network. with a newly purchased tp-link router, you can configure the device through quick setup using the user interface on your pc's web browser. if you don't have enough information, try setting up and using the wi-fi network through the basic steps. additionally, you can use the web-based interface to set up parental controls on the router, as well as assign port forwarding to specific devices. tipsmake today will show you how to configure tp-link router.
- Set up a new router using IP address 192.168.1.1192.168.1.1 ip address is often used by linksys broadband routers and sometimes by other router brands or home network gateway devices.
- What is Network TAP? How does it help secure the system?a network tap is a hardware device that you place in a network, especially between two connected devices of a network (such as a switch, router, or firewall) to monitor network traffic.
- 10 best VPN routers 2020the vpn router provides all the data security and privacy features of the vpn client, and does this to all devices connected to them. here are the 10 best router models that can act as vpn ports for your home or small business.