Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Defense Digests
Table of content
Cisco has identified new vulnerabilities affecting a wide range of products:
“Snort” is an open source protocol which identifies malicious mobile network traffic. A successful attack would cause this process to stall and traffic inspection to cease. This would create a situation where no traffic is passing through the device, therefore denying services (i.e. Denial of Service, DoS attack).
ID: D3-2022-0002
Severity: 7.5 (HIGH)
This vulnerability covers a wide range of other products, but the risk to each is the same; a Denial of Service.
*For the Meraki MX series devices, exploitation of this vulnerability results in the bypass of inspection services. This could result in malicious traffic not generating alerts and in turn reaching devices that are located behind the MX series device. For this reason, the Security Impact Rating (SIR) for Meraki MX devices is Medium.
*For Cybervision, exploitation of this vulnerability results in the bypass of Snort intrusion detection (IDS) services. This could result in malicious traffic not generating alerts. Deep packet inspection (DPI) and anomaly detection services are not impacted. For this reason, the SIR for Cybervision software is Medium.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.
This vulnerability affects all open source Snort project releases earlier than Release 2.9.18 and Release 3.1.0.100. For more information, see the Snort website.
*Modbus inspection is enabled by default, but the Unified Threat Defense functionality (referenced below) is not installed by default.
Determine Whether UTD is Enabled
To determine whether UTD is enabled on a device, issue the show utd engine standard status command and check for a Yes under Running. The following output shows a device with UTD enabled:
Router# show utd engine standard status Engine version : 1.0.19_SV2.9.16.1_XE17.3 Profile : Cloud-Low System memory : Usage : 6.00 % Status : Green Number of engines : 1
Engine Running Health Reason =========================================== Engine(#1): Yes Green None =======================================================
. . .
If there is no output after issuing the command, the device is not affected.
Upgrade Device Software
Release planned for March 20222
1. The hotfix is planned for the MX67, MX68, MX75, MX80, MX84, MX85, MX95, MX100, MX105, MX250, MX250M, MX400, MX450, MX600 platforms.
2. The release is planned for the MX64 and MX65 platforms.
SOURCES
CONTRIBUTING AUTHORS
View all Dataprise Defense Digests here.
INSIGHTS
Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.