fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cisco Warns Of Actively Exploited Bugs In Carrier-Grade Routers

Cisco Warns Of Actively Exploited Bugs In Carrier-Grade Routers

Cisco warns of actively exploited bug in carrier-grade routers

Image: Taylor Vick

09/01/20 Update below. This post was originally published on August 31st, 2020. We updated it to reflect that there are two actively exploited DVMRP Memory Exhaustion Vulnerabilities according to Cisco’s updated security advisory.

Cisco warned over the weekend that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company’s Cisco IOS XR software that runs on carrier-grade routers.

Cisco’s IOS XR Network OS is deployed on multiple router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

Cisco hasn’t yet released software updates to address these actively exploited zero-days — tracked as CVE-2020-3566 and CVE-2020-3569 — but the company provides mitigation in a security advisory published over the weekend.

“On August 28, 2020, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of these vulnerabilities in the wild,” Cisco explains.

“For affected products, Cisco recommends implementing a mitigation that is appropriate for the customer’s environment.”

All Cisco IOS XR routers affected (if multicast routing is enabled)

The zero-days exist in the Distance Vector Multicast Routing Protocol (DVMRP) feature of the IOS XR software and it may allow remote and unauthenticated attackers to exhaust the targeted device’s memory.

“These vulnerabilities are due to insufficient queue management for Internet Group Management Protocol (IGMP) packets,” the security advisory explains.

“An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes.

“These processes may include, but are not limited to, interior and exterior routing protocols.”

According to Cisco, the security flaws affect any Cisco device running any Cisco IOS XR Software release if one of their active interfaces is configured under multicast routing.

To determine if multicast routing is enabled on a device, admins can run the show igmp interface command. For IOS XR routers were multicast routing is not enabled, the output will be empty and the devices are not affected by CVE-2020-3566.

On devices where these vulnerabilities were exploited to exhaust memory, admins can see system log messages similar to the ones in the screenshot embedded below.

IOCs

Also read: Top 10 Exceptional And Creative Website Design Guidelines

Mitigation measures

Cisco says that admins can take measures to partially or fully remove the exploit vector threat actors could use in attacks targeting devices vulnerable against CVE-2020-3566 and CVE-2020-3569 exploits.

Admins can implement rate-limiting to reduce IGMP traffic rates and increase the time needed to successfully exploit the two flaws, time that can be used for recovery.

Customers can also “implement an access control entry (ACE) to an existing interface access control list (ACL)” or a new ACL to deny inbound DVRMP traffic to interfaces with multicast routing enabled.

Cisco recommends disabling IGMP routing on interfaces where processing IGMP traffic is not necessary by entering IGMP router configuration mode.

This can be done by issuing the router igmp command, selecting the interface using interface , and disabling IGMP routing using router disable.

Last month, Cisco fixed another high severity and actively exploited read-only path traversal vulnerability tracked as CVE-2020-3452 and affecting the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software.

One week earlier, the company issued another set of security updates to address pre-auth critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple firewall and router devices that could lead to full device takeover.

Also read: Data Protection Framework: Practical Guidance for Businesses

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us