SolarWinds Orion Platform Supply Chain Attack

Due to the recent announcement by SolarWinds regarding compromises in their supply chain, SolarWinds has released a security advisory providing guidance on assessing and remediating this issue: https://www.solarwinds.com/securityadvisory

Cisco recommends that customers assess if they have used an affected version of SolarWinds Orion Platform and, if so, take the following actions:

Follow the guidance provided in the SolarWinds Security Advisory.
Determine the need to change credentials on all devices being managed by the affected SolarWinds platform software. This includes:

User credentials
Simple Network Management Protocol (SNMP) version 2c community strings
SNMP version 3 user credentials
Internet Key Exchange (IKE) preshared keys
Shared secrets for TACACS, TACACS+, and RADIUS
Secrets for Border Gateway Protocol (BGP), OSPF, Exterior Gateway Routing Protocol (EIGRP), or other routing protocols
Exportable RSA keys and certificates for Secure Shell (SSH) or other protocols

While there are no vulnerabilities in Cisco products related to this issue, if a customer was using an affected version of SolarWinds Orion Platform and would like to investigate potential impact to Cisco devices, Cisco has published a number of documents that can help the investigation. Please consult https://tools.cisco.com/security/center/resources/ir_escalation_guidance.

Cisco TALOS has also published guidance regarding this issue that can be viewed here: https://blog.talosintelligence.com/2020/12/fireeye-breach-guidance.html

Customers that need assistance with Incident Response activities can contact Cisco TALOS here: https://talosintelligence.com/incident_response

Cisco will update this advisory as needed, if additional information becomes available.

Security Impact Rating: Informational

Source:: Cisco Security Advisories