Networking-Forums.com

SolarWinds Orion Platform Supply Chain Attack

Due to the recent announcement by SolarWinds regarding compromises in their supply chain, SolarWinds has released a security advisory providing guidance on assessing and remediating this issue: https://www.solarwinds.com/securityadvisory

Cisco recommends that customers assess if they have used an affected version of SolarWinds Orion Platform and, if so, take the following actions:

1. Follow the guidance provided by the U.S. Department of Homeland Security and in the SolarWinds Security Advisory.


2. Determine the need to change credentials on all devices being managed by the affected SolarWinds platform software. This includes:
   
   
   
   • User credentials
   
   
   • Simple Network Management Protocol (SNMP) version 2c community strings
   
   
   • SNMP version 3 user credentials
   
   
   • Internet Key Exchange (IKE) preshared keys
   
   
   • Shared secrets for TACACS, TACACS+, and RADIUS
   
   
   • Secrets for Border Gateway Protocol (BGP), OSPF, Exterior Gateway Routing Protocol (EIGRP), or other routing protocols
   
   
   • Exportable RSA keys and certificates for Secure Shell (SSH) or other protocols
   
   
   
   

While there are no vulnerabilities in Cisco products related to this issue, if a customer was using an affected version of SolarWinds Orion Platform and would like to investigate potential impact to Cisco devices, Cisco has published a number of documents that can help the investigation. Please consult https://tools.cisco.com/security/center/resources/ir_escalation_guidance.

For information on Cisco’s use of SolarWinds in our enterprise environment, consult our Event Response Page here: https://tools.cisco.com/security/center/resources/solarwinds_orion_event_response

Cisco TALOS has also published guidance regarding this issue that can be viewed here: https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html

Customers that need assistance with Incident Response activities can contact Cisco TALOS here: https://talosintelligence.com/incident_response

Cisco will update this advisory as needed, if additional information becomes available.

     
         
Security Impact Rating:  Informational
Source: SolarWinds Orion Platform Supply Chain Attack (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-solarwinds-supply-chain-attack?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=SolarWinds%20Orion%20Platform%20Supply%20Chain%20Attack&vs_k=1)