overview

DrayTek, a Taiwan based manufacturer of networking equipment, popular with small to medium sized businesses, has recently released advisories regarding 14 newly discovered vulnerabilities, several of which track close to severity score of 10 on the Common Vulnerability Scoring System. 

 CVE-2020-15415, CVE-2020-14472, and CVE-2020-19664 are all classified as Remote Code Execution vulnerabilities and, if left unmitigated, can expose an environment to serious attacks that do not require social engineering to manipulate a user into allowing attacker’s in. Vulnerabilities such as these are the perfect target for automated attacks by botnets. 

CVE-2020-14473, and CVE-2020-14993 are classified as stack-based buffer overflow vulnerabilities that, if left unmitigated, can expose the environment to Denial-of-Service attacks and remote code execution attacks.  

Along with the vulnerabilities above, several other vulnerabilities were disclosed with scores ranging from 4.9 (relatively low severity) to 7.6 (mid-level severity).  

DrayTek after disclosing the vulnerabilities, DrayTek quickly released updates for all impacted products. Potentially impacted customers are advised to review DrayTeks Security Advisory as well as their firmware/software updates as soon as possible.  

 

 

how avertium is protecting our customers

 

IOCs ADDED TO OUR THREAT FEEDS

At this time, there are no known IoCs associated with exploitation of these vulnerabilities however, as they are a favorite target of automated attack attempts from botnets, Avertium remains vigilant in monitoring for activity related to Mirai and other known botnets. Should any specific IoCs be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

TTPs TO MONITOR

1. Initial Access

  • Exploit Public-Facing Applications (T1190): Attackers often target vulnerabilities in web applications, services, or network services that are exposed to the internet. They exploit weaknesses such as buffer overflows, insecure deserialization, or input validation issues to gain access. 
2. Privilege Escalation
  • Exploitation for Privilege Escalation (T1068): After gaining a foothold via RCE, attackers often seek to escalate their privileges to obtain higher levels of access, such as root or system admin, to control the entire system. 
3. Persistence
  • Create or Modify System Process (T1543): To maintain access, attackers might modify system services or scheduled tasks to run their malicious code whenever the system starts. 

 

 

ADDITIONAL SERVICE OFFERINGS

  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
  • Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
  • Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
    • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
    • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
    • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).




 

SUPPORTING DOCUMENTATION

Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities 

DrayTek Security Advisory 

DrayTek Firmware / Software 

CVE-2020-15415 

 
Chat With One of Our Experts



Remote Code Execution (RCE) vulnerabilities Remote Code Execution vulnerabilities Flash Notice Critical Vulnerability Blog