Rewterz Threat Advisory – APT28 Targeting Old Cisco Vulnerability

Severity

High

Analysis Summary

APT28 is a Russian state-sponsored hacking group that has been linked to numerous cyber attacks around the world. The group has been linked to a range of activities, including spear-phishing campaigns, network intrusions, and data exfiltration. One of their tactics is to target poorly maintained Cisco routers and exploit vulnerabilities such as CVE-2017-6742 to deploy malware on unpatched devices.

CVE-2017-6742 is a vulnerability in Cisco IOS and Cisco IOS XE Software that allows an attacker to execute arbitrary code on an affected device. This vulnerability was first discovered in March 2017 and Cisco released a patch to address the issue in May of the same year.

CVE-2017-6742

Cisco IOS and IOS XE Software could allow a remote authenticated attacker to execute arbitrary code on the system, caused by buffer overflow condition in the SNMP subsystem. By sending a specially-crafted SNMP packet, an attacker could exploit this vulnerability to execute arbitrary code on the system.

It is essential for organizations to keep their network infrastructure up to date with the latest security patches and to conduct regular security assessments to identify vulnerabilities. This can help prevent attacks like those carried out by APT28 and protect against other cyber threats. Additionally, it is important to have strong cybersecurity measures in place, such as firewalls, intrusion detection and prevention systems, and user training and awareness programs, to minimize the risk of successful attacks.

Impact

• Remote Code Execution

Indicators Of Compromise

CVE

• CVE-2017-6742

Affected Vendors

Cisco

Affected Products

• Cisco IOS Software
• Cisco IOS XE Software

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information. 

Cisco Security Advisory