Search This Blog

Showing posts with label Routers. Show all posts

Microsoft Unveils Vulnerabilities in Netgear Routers

 

Increasing safety measures led attackers to explore different ways to breach systems. The increasing number of firewall and ransomware attacks employing VPN devices and other websites are instances of attacks initiated externally and underneath the operating system layer. As these sorts of attacks are becoming more widespread, consumers must also aim to maintain single-use software, running their hardware, such as routers. 

In Netgear routers, Microsoft has revealed several vulnerabilities that might lead to data disclosure and complete system compromise. Whereas on June 30, 2021, Jonathan Bar Or, a member of Microsoft's 365 Defender Research Team revealed, that the vulnerabilities that have been patched before public release. 

“We discovered the vulnerabilities while researching device fingerprinting in the new device discovery capabilities in Microsoft Defender for Endpoint. We noticed a very odd behavior: a device owned by non-IT personnel was trying to access a NETGEAR DGN-2200v1 router’s management port. The communication was flagged as anomalous by machine learning models, but the communication itself was TLS-encrypted and private to protect customer privacy, so we decided to focus on the router and investigate whether it exhibited security weaknesses that can be exploited in a possible attack scenario,” told Microsoft. 

After observing odd behavior on the router management port, the Microsoft Security team uncovered vulnerabilities. While TLS encryption protects the communication, machine learning models are still identified as anomalous. 

Three HTTPd authentication issues have been identified upon further research on the router firmware. The first one enabled the team to visit any website on a device, including those that need to be authenticated, such as router administration pages, by inserting GET variables to substrate requests, which allows full bypass authentication. The second security flaw allowed side-channel attacks. If used, attackers may obtain stored credentials. Lastly, the third vulnerability used the former authentication bypass bug, which could decode and remotely retrieve the router's restore configuration file encoded using the "NtgrBak," constant key which allows attackers to decrypt and gain stored data. 

The Microsoft Security Vulnerability Research (MSVR) initiative made Netgear knowledgeable of security concerns discreetly. Netgear has patched the firmware vulnerabilities by issuing a security alert exposing the safety deficiencies in December. The bugs were assigned as PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365, and CVSS gravity ratings from 7.1 to 9.4 were issued.

Furthermore, Netgear notifies that its customers must use Netgear Support, type in its model number into a search box, and get the latest firmware version, to install the latest firmware accessible to their routers. Updates can also be accessed using Netgear applications.

Cisco's Routers. Switches and IP Equipment Suffer Zero-Day Attacks! Major Vulnerabilities Discovered!


The extremely well-known Cisco’s products, including IP Phones, Routers, cameras, and switches, were determined to have several severe “zero-day” vulnerabilities by researchers in the “Cisco Discovery Protocol (CDP)”, per sources.

CDP is a proprietary “Layer 2” network protocol that is put into effect in all the Cisco devices to be privy to the mechanisms of the devices.

Reports mention that a total of five vulnerabilities were ascertained out of which, four were “Remote Code Execution” (RCE) that let hackers or any other cyber-con to manipulate every single operation of the devices without any sort of consent of the user.

According to sources, one of the vulnerabilities led to a “Denial of Service” in the Cisco FXOS, NX-OS and IOS XR software that ended up damaging the victims’ networks

By exploiting the vulnerabilities effectively, numerous organizations’ and companies’ networks were smashed, costing all the affected parties heavily.

Per legitimate sources, following is the list of all the vulnerable devices in the represented categories:

Switches
• Nexus 1000 Virtual Edge
• Nexus 1000V Switch
• Nexus 3000 Series Switches
• Network Convergence System (NCS) 1000 Series
• Network Convergence System (NCS) 5000 Series
• Network Convergence System (NCS) 540 Routers
• Network Convergence System (NCS) 5500 Series
• Network Convergence System (NCS) 560 Routers
• MDS 9000 Series Multilayer Switches
• Nexus 5500 Series Switches
• Nexus 5600 Series Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Fabric Switches
• Network Convergence System (NCS) 6000 Series
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects
• UCS 6400 Series Fabric Interconnects

IP Phones
• Unified IP Conference Phone 8831
• Wireless IP Phone 8821-EX
• Wireless IP Phone 8821
• IP Conference Phone 7832
• IP Conference Phone 8832
• IP Phone 6800 Series
• IP Phone 7800 Series
• IP Phone 8800 Series
• IP Phone 8851 Series

IP Cameras
• Video Surveillance 8000 Series IP Cameras

Routers
• IOS XRv 9000 Router
• Carrier Routing System (CRS)
• ASR 9000 Series Aggregation Services Routers
• Firepower 1000 Series
• Firepower 2100 Series
• Firepower 4100 Series
• Firepower 9300 Security Appliances
• White box routers running Cisco IOS XR

The exploitation of the other four Remote Execution vulnerabilities could be in a way that a “maliciously” fabricated “CDP Packet” could be sent on the targeted Cisco devices and have their mechanisms altered.

There’s a vulnerability that could be hunted down or traced by (CVE-2020-3119). It helps the attackers to completely override the default switch and network infrastructure settings.

One of the vulnerabilities which could be traced as (CVE-2020- 3118), could help attackers gain control of the target’s router via remote code execution and use it in any harmful way they find acceptable.

Cisco’s 800 series IP cameras were vulnerable to attackers’ remote code execution. The vulnerability could be located as (CVE-2020-3110)

According to sources, in the other Cisco “Voice over IP Phone” vulnerability, an overflow in the parsing function could be exploited to access “code execution”. This vulnerability could be traced to (CVE-2020-311).

The troubles this vulnerability could cause an organization are manifold.
Acquiring access to other devices via “man-in-the-middle” attacks.
Damaging the network’s structure
“Data Exfiltration”, ranging from network traffic to sensitive information and personal phone calls, by the help of manipulated routers and switches.

Per reports, Cisco has come up with patches and the users are directed to employ them without any further delay.
[CVE-2020-3111
CVE-2020-3118
CVE-2020-3120
CVE-2020-3110
CVE-2020-3119]