Rewterz Threat Alert – Ryuk Ransomware Gang Using Zerologon Bug for Swift Attack
October 20, 2020Rewterz Threat Advisory – CVE-2020-16935 – Microsoft Windows Privilege Escalation Vulnerability
October 21, 2020Rewterz Threat Alert – Ryuk Ransomware Gang Using Zerologon Bug for Swift Attack
October 20, 2020Rewterz Threat Advisory – CVE-2020-16935 – Microsoft Windows Privilege Escalation Vulnerability
October 21, 2020Severity
High
Analysis Summary
Attacks are found that are actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company’s Cisco IOS XR Software. The IOS XR Network OS is deployed on several Cisco router platforms including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers. The vulnerability impacts third-party white box routers and the following Cisco products if they run vulnerable Cisco IOS XR Software versions, and have the Cisco Discovery Protocol enabled both on at least one interface and globally:
- ASR 9000 Series Aggregation Services Routers
- Carrier Routing System (CRS)
- IOS XRv 9000 Router
- Network Convergence System (NCS) 540 Series Routers
- Network Convergence System (NCS) 560 Series Routers
- Network Convergence System (NCS) 1000 Series Routers
- Network Convergence System (NCS) 5000 Series Routers
- Network Convergence System (NCS) 5500 Series Routers
- Network Convergence System (NCS) 6000 Series Routers
Attempted exploitation of this vulnerability in the wild has been reported. Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability. Successful exploitation could enable the attackers to trigger a stack overflow that could lead to arbitrary code execution with administrative privileges on the targeted device.
Impact
- Arbitrary Code Execution
- Privilege Abuse
Affected Products
- ASR 9000 Series Aggregation Services Routers
- Carrier Routing System (CRS)
- IOS XRv 9000 Router
- Network Convergence System (NCS) 540 Series Routers
- Network Convergence System (NCS) 560 Series Routers
- Network Convergence System (NCS) 1000 Series Routers
- Network Convergence System (NCS) 5000 Series Routers
- Network Convergence System (NCS) 5500 Series Routers
- Network Convergence System (NCS) 6000 Series Routers
Remediation
The current status of fixed releases is shown in the table below (more information on available software maintenance upgrades can be found here).