Can you explain this vulnerability to me?

This vulnerability exists in Siklu MultiHaul TG series devices before version 2.0.0. It allows remote attackers to retrieve randomly generated credentials by sending a specific hex-encoded command to port 12777. This enables attackers to obtain the username and password without authentication, granting them direct SSH access to the device.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can allow unauthorized remote attackers to gain direct SSH access to affected devices by retrieving credentials without authentication. This can lead to unauthorized control over the device, potential data breaches, disruption of network services, and further exploitation within the network.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for attempts to send the specific hex-encoded command to port 12777 on Siklu MultiHaul TG series devices. You can use network packet capture tools like tcpdump or Wireshark to filter traffic targeting port 12777 and look for unusual hex-encoded payloads. For example, a command to capture such traffic could be: tcpdump -i <interface> port 12777 -X. Additionally, scanning your devices for open port 12777 and testing if they respond to the specific hex-encoded command may help identify vulnerable devices.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to port 12777 on Siklu MultiHaul TG devices by implementing firewall rules to block unauthorized network traffic to this port. Additionally, upgrading the devices to version 2.0.0 or later, where this vulnerability is fixed, is recommended. Until the upgrade can be performed, disabling remote access or isolating the devices from untrusted networks can reduce the risk of exploitation.

Useful 0 Not Useful 0