Create Case

Does Extreme Networks have an official statement on the “VPNFilter” malware?

  • Article Type:
  • Q & A
  • Article Number:
  • 000034999
  • Last Modified:
  • 7/26/2018

Question

Does Extreme Networks have an official statement on the “VPNFilter” malware?

Environment

All Extreme Networks Products

Answer

There is a widely reported instance of malware called “VPNFilter” that has compromised significant numbers of routing and switching devices worldwide. By some accounts, over 500K devices have been compromised. As of July, 2018, there is no public information about the infection vector that VPNFilter uses to attack and compromise network infrastructure devices, and further there is no direct evidence that Extreme Networks gear is being targeted. Similarly to the statement regarding US-CERT alert TA18-106A “Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices”, it is of paramount importance to ensure secure configurations are used for deployed devices. Specifically, as mentioned in the “General Mitigations” section of the US-CERT Alert, Telnet should be replaced with SSHv2, SNMPv1/v2 should be replaced with SNMPv3, and HTTP should be replaced with HTTPS/TLS. In general, all unencrypted protocols should be replaced with encrypted protocols, and those encrypted protocols should be configured to use the strongest available encryption, features, and protections.

Further, it is imperative that all default administrative credentials be changed to strong versions known only to the customer, and access/segmentation policies should be in place that restrict management protocol communication to approved sources.

Extreme Networks will continue to monitor communications from the broader security community for information regarding the specific infection vectors that VPNFilter uses, and will provide updates as necessary if these vectors are determined to affect our products.

Additional notes

Feedback