Cisco Security Advisory
SolarWinds Orion Platform Supply Chain Attack
-
Due to the recent announcement by SolarWinds regarding compromises in their supply chain, SolarWinds has released a security advisory providing guidance on assessing and remediating this issue: https://www.solarwinds.com/securityadvisory
Cisco recommends that customers assess if they have used an affected version of SolarWinds Orion Platform and, if so, take the following actions:
- Follow the guidance provided by the U.S. Department of Homeland Security and in the SolarWinds Security Advisory.
- Determine the need to change credentials on all devices being managed by the affected SolarWinds platform software. This includes:
- User credentials
- Simple Network Management Protocol (SNMP) version 2c community strings
- SNMP version 3 user credentials
- Internet Key Exchange (IKE) preshared keys
- Shared secrets for TACACS, TACACS+, and RADIUS
- Secrets for Border Gateway Protocol (BGP), OSPF, Exterior Gateway Routing Protocol (EIGRP), or other routing protocols
- Exportable RSA keys and certificates for Secure Shell (SSH) or other protocols
While there are no vulnerabilities in Cisco products related to this issue, if a customer was using an affected version of SolarWinds Orion Platform and would like to investigate potential impact to Cisco devices, Cisco has published a number of documents that can help the investigation. Please consult https://tools.cisco.com/security/center/resources/ir_escalation_guidance.
For information on Cisco’s use of SolarWinds in our enterprise environment, consult our Event Response Page here: https://tools.cisco.com/security/center/resources/solarwinds_orion_event_response
Cisco TALOS has also published guidance regarding this issue that can be viewed here: https://blog.talosintelligence.com/2020/12/solarwinds-supplychain-coverage.html
Customers that need assistance with Incident Response activities can contact Cisco TALOS here: https://talosintelligence.com/incident_response
Cisco will update this advisory as needed, if additional information becomes available.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessVersion Description Section Status Date 1.3 Added Event Response Page link. Summary Interim 2020-DEC-18 1.2 Updated text to include additional source. Summary Interim 2020-DEC-14 1.1 Updated Talos link. Summary Interim 2020-DEC-14 1.0 Initial public release. — Interim 2020-DEC-14
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.