{"id":4795,"date":"2023-05-14T10:22:10","date_gmt":"2023-05-14T08:22:10","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4795"},"modified":"2023-05-14T10:22:10","modified_gmt":"2023-05-14T08:22:10","slug":"kriticna-ranjivost-u-ruckus-uredjajima","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/05\/14\/kriticna-ranjivost-u-ruckus-uredjajima\/","title":{"rendered":"Kriti\u010dna ranjivost u Ruckus ure\u0111ajima"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di iz kompanije <em>FortiGuard Labs<\/em> su <a href=\"https:\/\/www.fortiguard.com\/threat-signal-report\/5151\/exploitation-spike-observed-for-ruckus-wireless-admin-rce-vulnerability-cve-2023-25717\" target=\"_blank\" rel=\"noopener\">otkrili kriti\u010dnu ranjivost<\/a> u <em>Ruckus<\/em> ure\u0111ajima, odnosno bezbjednosnu gre\u0161ku u\u00a0 <em>Ruckus<\/em> administratorskom panelu koja omogu\u0107ava pristup <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">zlonamjernim napada\u010dima<\/a>.<\/span><\/p>\n<div id=\"attachment_4800\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4800\" class=\"size-full wp-image-4800\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Ruckus-RCE.jpg\" alt=\"Ruckus\" width=\"1024\" height=\"626\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Ruckus-RCE.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Ruckus-RCE-300x183.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Ruckus-RCE-768x470.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/Ruckus-RCE-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4800\" class=\"wp-caption-text\"><em>Kriti\u010dna ranjivost u Ruckus ure\u0111ajima; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<h2><span style=\"font-size: 14pt;\"><strong>Ranjivost u <em>Ruckus<\/em> ure\u0111ajima<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Ranjivost je ozna\u010dena kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-25717\" target=\"_blank\" rel=\"noopener\"><em>CVE<\/em>&#8211;<em>2023<\/em>&#8211;<em>25717<\/em><\/a> (sa <em>CVSS<\/em> ocjenom <em>9.8<\/em>), a odnosi se na nepravilno upravljanje <em>HTTP<\/em> zahtjevima, koje omogu\u0107ava izvr\u0161avanje daljinskog k\u00f4da i potpuno kompromitovanje <em>Ruckus<\/em> be\u017ei\u010dnih pristupnih ta\u010dki (eng. <em>access point \u2013 AP<\/em>).<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su primijetili da ovu ranjivost iskori\u0161tava novi <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/24\/botnet\/\" target=\"_blank\" rel=\"nofollow noopener\">botnet<\/a> pod nazivom <em>Andoryu<\/em>. Ova botnet je prvo dokumentovala kineska sigurnosna kompanija <em>QiAnXin<\/em> ove godine u februaru, opisuju\u0107i njenu mogu\u0107nost komunikacije sa komandnim serverom (<em>C2<\/em>) kori\u0161tenjem <em>SOCKS5<\/em> protokola.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Poznato je da ovaj botnet ve\u0107 iskori\u0161tava <em>GitLab<\/em> (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205\" target=\"_blank\" rel=\"noopener\"><em>CVE<\/em>&#8211;<em>2021<\/em>&#8211;<em>22205<\/em><\/a>) i <em>Lilin<\/em> <em>DVR<\/em> ranjivosti za svoje \u0161irenje, dodavanje ove ranjivosti u <em>Ruckus<\/em> ure\u0111ajima pokazuju tendenciju unapre\u0111ivanja mogu\u0107nosti napada i pove\u0107anja broja ure\u0111aja pod svojom kontrolom.<\/span><\/p>\n<p>&nbsp;<\/p>\n<blockquote><p><span style=\"font-size: 14pt;\"><em>\u201cSadr\u017ei module <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/25\/ddos\/\" target=\"_blank\" rel=\"nofollow noopener\">DDoS napada<\/a> za razli\u010dite protokole i komunicira sa svojim serverom za komandu i kontrolu koriste\u0107i SOCKS5 proksije.\u201d<\/em><\/span><\/p>\n<p style=\"text-align: right;\"><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><span style=\"font-size: 14pt;\"><em>&#8211; <\/em><a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717\" target=\"_blank\" rel=\"noopener\"><em>Sigurnosni istra\u017eiva\u010d Cara Lin, Fortinet FortiGuard Labs<\/em><\/a><em> &#8211;<\/em><\/span><\/p>\n<\/blockquote>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Iskori\u0161tavanje ranjivosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\">Zlonamjerni softver<\/a> vr\u0161i infekciju ure\u0111aja kori\u0161tenjem zlonamjernog <em>HTTP GET<\/em> zahtjeva koji preuzima dodatnu skriptu sa nepromjenjivom adresom veb lokacije za dalje \u0161irenje. Varijanta koju su sigurnosni istra\u017eiva\u010di analizirali podr\u017eava <em>x86, arm, spc, m68k, mips, sh4, and mpsl<\/em> arhitekture. Nakon uspje\u0161ne infekcije ure\u0111aja, uspostavlja se veza sa komandnim serverom kori\u0161tenjem\u00a0 <em>SOCKS5<\/em> protokola kako bi se zaobi\u0161ao <em>firewall<\/em> i \u010deka dalje komande.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>AndoryuBot<\/em> zlonamjerni softver podr\u017eava 12 <em>DDoS<\/em> na\u010dina napada:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>tcp-raw,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>tcp-socket,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>tcp-cnc,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>tcp-handshake,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-plain,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-game,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-ovh,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-raw,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-vse,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-dstat,<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>udp-bypass<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>icmp-echo<\/em><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Nakon \u0161to uspje\u0161no uspostavi komunikaciju, ovaj zlonamjerni softver mo\u017ee dobiti naredbu koja mu govori koji na\u010din <em>DDoS<\/em> napada da pokrene, <em>IP<\/em> adresu mete napada i broj porta koji \u0107e napasti.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\"><strong>Dostupnost<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Autori softvera iznajmljuju svoje mogu\u0107nosti napada svima zainteresovanim koji \u017eele da pokrenu <em>DDoS<\/em> napade prihvataju\u0107i pla\u0107anje u kriptovalutama, koji obuhva\u0107aju razli\u010dite mjese\u010dne planove u rasponu od 90 do 115 ameri\u010dkih dolara u zavisnosti od du\u017eine trajanja napada.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Projekat <em>Andoryu <\/em>se trenutno reklamira uz pomo\u0107 videa na <em>YouTube<\/em> platformi gdje zlonamjerni akteri demonstriraju botnet mogu\u0107nosti.<\/span><\/p>\n<div id=\"attachment_4798\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4798\" class=\"size-full wp-image-4798\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel-.webp\" alt=\"seller\u2019s telegram channel\" width=\"1024\" height=\"1149\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel-.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel--267x300.webp 267w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel--913x1024.webp 913w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel--768x862.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/05\/sellers-telegram-channel--11x12.webp 11w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4798\" class=\"wp-caption-text\"><em>Seller\u2019s telegram channel; Source: <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717\" target=\"_blank\" rel=\"nofollow noopener\">Fortinet<\/a><\/em><\/p><\/div>\n<h5><span style=\"font-size: 14pt;\"><strong>Za\u0161tita<\/strong><\/span><\/h5>\n<p><span style=\"font-size: 14pt;\">Korisnicima se preporu\u010duje da \u0161to prije primjene dostupna sigurnosna a\u017euriranja, kao i da koriste jake administratorske <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinke<\/a> i onemogu\u0107e daljinski pristup administratorskom panelu. U slu\u010daju da napada\u010d uspije kompromitovati ure\u0111aj, sigurnosno rje\u0161enje sa <em>DNS<\/em> filtriranjem mo\u017ee blokirati komunikaciju sa komandnim serverom napada\u010da i na taj na\u010din onemogu\u0107iti iskori\u0161tavanje ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h5><span style=\"font-size: 14pt;\"><strong>Zaklju\u010dak<\/strong><\/span><\/h5>\n<p><span style=\"font-size: 14pt;\">Ranjivost u <em>Ruckus<\/em> be\u017ei\u010dnim pristupnim ta\u010dkama <em>CVE-2023-25717<\/em> omogu\u0107ava napada\u010du daljinsko izvr\u0161avanje k\u00f4da. Jednom kada je ure\u0111aj kompromitovan, <em>AndoryuBot<\/em> zlonamjerni softver se brzo \u0161iri i po\u010dinje komunikaciju sa komandnim serverom preko <em>SOCKS5<\/em> protokola. Za veoma kratko vrijeme se a\u017eurira sa svim novim na\u010dinima <em>DDoS<\/em> napada i \u010deka dalje instrukcije od komandnog servera. Korisnici moraju biti svjesni opasnosti od ove vrste napada i aktivno primjenjivati mjere za\u0161titite.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Sigurnosni istra\u017eiva\u010di iz kompanije FortiGuard Labs su otkrili kriti\u010dnu ranjivost u Ruckus ure\u0111ajima, odnosno bezbjednosnu gre\u0161ku u\u00a0 Ruckus administratorskom panelu koja omogu\u0107ava pristup zlonamjernim napada\u010dima. Ranjivost u Ruckus ure\u0111ajima Ranjivost je ozna\u010dena kao CVE&#8211;2023&#8211;25717&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4800,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[114,368,369,126],"class_list":["post-4795","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-ddos","tag-ruckus","tag-socks5","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4795"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4795\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4800"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}