Outdated Network Devices and Unsecured Protocols and Services Expose Network Infrastructure to Compromise

Abstract: Outdated network devices have known and unknown vulnerabilities that expose the network to severe risk. Unsupported, also called end-of-life, devices and software versions will not receive patches from vendors even for known vulnerabilities. Improperly secured communication protocols and services and insecure credentials increase the risk of unauthorized access and modification to the network infrastructure. When network infrastructure devices are deployed, these devices remain online for several years and are rarely rebooted, patched, or upgraded. Network infrastructure devices include routers, switches, access points, gateways, proxies, firewalls, and others. Common improperly secured protocols are Simple Network Management Protocol (SNMP), Secure Shell (SSH), Telnet, and others. Networks must not use vulnerable devices and software versions or unsecured protocols unless absolutely necessary, and, if necessary, ONLY along with supplemental mitigations to detect and prevent compromise and lateral movement. 

Date Published:

Last Reviewed: 31 August 2016

Identifier: ORN-U-OO-802587-16

Creator: Vulnerability Solutions

Dissemination Control: N/A

Length: 4 page(s)

Format: pdf

Type: Advisory/Alert

Tags: Advisory; Vulnerability; Network; Network Device Integrity - NDI