This underscores the importance of proper security around out-of-band management/console networks and proper security of console ports to the extent that devices offer it. Thank you jms On Thu, Mar 13, 2025 at 1:29 PM Bryan Fields via NANOG < nanog@lists.nanog.org> wrote:
On 3/13/25 12:22 PM, Eric Kuhnke via NANOG wrote:
PDF file:
https://supportportal.juniper.net/sfc/servlet.shepherd/document/download/069...
From reading this there was no known remote exploit, they needed user level shell access to exploit another local vulnerability which got them root and then installed this exploit. While this isn't great, if someone has unaudited login user level access to your routers, you've already lost. Basic ACL's go a long way to filtering this from outside a logged network too. Security is best when it's a multilayered approach.
This said, I've been greeted with a login prompt telnetting to carrier's upstream router in the last 6 months. They seemed outright confused why I cared about it and closed the ticket. 🤦♂️
-- Bryan Fields
727-409-1194 - Voice http://bryanfields.net _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/2UEVTAIT...