{"id":4640,"date":"2018-01-23T10:39:34","date_gmt":"2018-01-23T07:39:34","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=4640"},"modified":"2019-11-15T14:44:21","modified_gmt":"2019-11-15T11:44:21","slug":"router-vulnerability-34c3","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/router-vulnerability-34c3\/4640\/","title":{"rendered":"Tespit edilmi\u015f olmas\u0131 zarars\u0131z oldu\u011fu anlam\u0131na gelmiyor"},"content":{"rendered":"<p>Neredeyse her g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131 hakk\u0131nda yeni haberler duyuyoruz. \u0130nsanlar bunlar\u0131 internette tart\u0131\u015f\u0131yor, geli\u015ftiriciler d\u00fczeltme eki yay\u0131nl\u0131yorlar. Sonras\u0131nda da herkes sakinle\u015fiyor. B\u00f6ylece her \u015fey yolundaym\u0131\u015f ve sorun \u00e7\u00f6z\u00fclm\u00fc\u015f gibi g\u00f6r\u00fcn\u00fcyor olabilir. Fakat durum b\u00f6yle de\u011fil. \u00d6zellikle g\u00fcncellemeleri \u00e7ok \u00e7aba gerektiren a\u011f ekipmanlar\u0131n\u0131n yaz\u0131l\u0131mlar\u0131 s\u00f6z konusu oldu\u011funda, y\u00f6neticilerin bir k\u0131sm\u0131 bu g\u00fcncellemeleri kurmuyorlar.<\/p>\n<p>Baz\u0131 sistem y\u00f6neticileri, i\u015fletmelerinin k\u00f6t\u00fc niyetli ki\u015filerin hedefinde olaca\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnm\u00fcyor. Baz\u0131lar\u0131 resmi g\u00fcvenlik raporlar\u0131nda \u201ca\u00e7\u0131ktan yararlanma i\u015fareti yok\u201d gibi sihirli c\u00fcmleler ar\u0131yor, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n sadece teoride var oldu\u011funu d\u00fc\u015f\u00fcnerek rahatl\u0131yorlar.<\/p>\n<p>Ge\u00e7en sene Cisco ekipmanlar\u0131nda birka\u00e7 tane ciddi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bildirilmi\u015fti. Raporlardan biri olan \u201cCisco IOS ve IOS XE i\u015fletim sistemlerindeki SNMP Uzaktan Kod \u00c7al\u0131\u015ft\u0131rma G\u00fcvenlik A\u00e7\u0131klar\u0131\u201d (rapor kodu: <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20170629-snmp\" target=\"_blank\" rel=\"noopener nofollow\">cisco-sa-20170629-snmp<\/a>), bir yabanc\u0131n\u0131n gelip b\u00fct\u00fcn sistemi nas\u0131l ele ge\u00e7irebilece\u011fini a\u00e7\u0131klam\u0131\u015ft\u0131. Bunun i\u00e7in gereken tek \u015fey, ilgili sistem i\u00e7in kullan\u0131lan ve bir \u00e7e\u015fit kullan\u0131c\u0131 ad\u0131 ve parola olan bir SNMP salt okunur topluluk dizesiydi. Bu sorun Temmuz 2017\u2019den beri bilinmekte. G\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 ciddiye alan Cisco, bir d\u00fczeltme eki uygulad\u0131. B\u00f6ylece herhangi bir a\u00e7\u0131ktan yararlanma denemesi tespit edilmedi.<\/p>\n<p>S\u0131zma testi uzman\u0131 olan meslekta\u015f\u0131m\u0131z Artem Kondratenko, bir d\u0131\u015far\u0131dan s\u0131zma testi ger\u00e7ekle\u015ftirerek varsay\u0131lan SNMP topluluk dizesiyle bir Cisco y\u00f6nlendiricisi ortaya \u00e7\u0131kard\u0131. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ne kadar tehlikeli olabilece\u011fini ara\u015ft\u0131rmaya karar verdi. Kendine bir hedef belirledi: Bu y\u00f6nlendiriciyi kullanarak i\u00e7 a\u011fa eri\u015fim sa\u011flayacakt\u0131. Bu arada, Kondratenko\u2019nun ke\u015ffi e\u015fsiz bir durum de\u011fildi. Shodan ayn\u0131 modele ait, varsay\u0131lan topluluk dizesini kullanan 3.313 ayg\u0131t s\u0131ral\u0131yor.<\/p>\n<p>Teknik detaylar\u0131 \u015fimdilik bir kenara b\u0131rakal\u0131m. Ara\u015ft\u0131rmas\u0131n\u0131 daha yak\u0131ndan incelemek istiyorsan\u0131z, Kondratenko\u2019nun <a href=\"https:\/\/media.ccc.de\/v\/34c3-8936-1-day_exploit_development_for_cisco_ios\" target=\"_blank\" rel=\"noopener nofollow\">Kaos \u0130leti\u015fim Kongresi<\/a>\u2018ndekikonu\u015fmas\u0131na g\u00f6z atabilirsiniz. Burada esas \u00f6nemli olan, sonu\u00e7. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n, 15. seviye bir ayr\u0131cal\u0131kla sisteme eri\u015fim sa\u011flamak i\u00e7in kullan\u0131labilece\u011fini g\u00f6sterdi. 15. seviye bir ayr\u0131cal\u0131k, Cisco\u2019nun IOS kabu\u011fu i\u00e7in m\u00fcmk\u00fcn olan en y\u00fcksek seviye. \u00d6zetle, herhangi bir a\u00e7\u0131ktan yararlanma vakas\u0131 olmamas\u0131na ra\u011fmen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 g\u00f6rmezden gelmek \u00e7ok ak\u0131ll\u0131ca de\u011fil. Sald\u0131r\u0131ya a\u00e7\u0131k bir ayg\u0131t bulmas\u0131 ve daha sonra cisco-sa-20170629-snmp\u2019nin a\u00e7\u0131klar\u0131ndan nas\u0131l yararlan\u0131labilece\u011fine dair bir tasar\u0131 kan\u0131t\u0131 yaratmas\u0131, Kondratenko\u2019nun sadece d\u00f6rt haftas\u0131n\u0131 ald\u0131.<\/p>\n<p>Y\u00f6nlendiricinizin bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ilk kurban\u0131 olmas\u0131n\u0131 engellemek i\u00e7in \u015funlar\u0131 yapabilirsiniz:<\/p>\n<ol>\n<li>A\u011f ekipman yaz\u0131l\u0131m\u0131n\u0131z\u0131n g\u00fcncel oldu\u011fundan emin olun;<\/li>\n<li>D\u0131\u015far\u0131daki bir a\u011fa ba\u011fl\u0131 olan y\u00f6nlendiricilerde varsay\u0131lan bir topluluk dizesi kullanmay\u0131n (hatta varsay\u0131lan topluluk dizelerini hi\u00e7bir yerde kullanmay\u0131n);<\/li>\n<li>A\u011f ayg\u0131tlar\u0131n\u0131z\u0131n yaz\u0131l\u0131m desteklerinin sonland\u0131\u011f\u0131na dair a\u00e7\u0131klamalar\u0131 ka\u00e7\u0131rmay\u0131n, bu noktadan sonra ayg\u0131t\u0131n\u0131z \u00fcreticiler taraf\u0131ndan desteklenmez ve hi\u00e7bir g\u00fcncellemeyi almaz.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Neredeyse her g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131 hakk\u0131nda yeni haberler duyuyoruz. \u0130nsanlar bunlar\u0131 internette tart\u0131\u015f\u0131yor, geli\u015ftiriciler d\u00fczeltme eki yay\u0131nl\u0131yorlar. Sonras\u0131nda da herkes sakinle\u015fiyor. B\u00f6ylece her \u015fey yolundaym\u0131\u015f ve sorun \u00e7\u00f6z\u00fclm\u00fc\u015f gibi g\u00f6r\u00fcn\u00fcyor olabilir. Fakat durum b\u00f6yle de\u011fil. \u00d6zellikle g\u00fcncellemeleri \u00e7ok \u00e7aba gerektiren a\u011f ekipmanlar\u0131n\u0131n yaz\u0131l\u0131mlar\u0131 s\u00f6z konusu oldu\u011funda, y\u00f6neticilerin bir k\u0131sm\u0131 bu g\u00fcncellemeleri kurmuyorlar.<\/p>\n","protected":false},"author":700,"featured_media":4641,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1194,1727],"tags":[1506,969,1507,1514,1122,1511],"class_list":{"0":"post-4640","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-34c3","10":"tag-aciklar","11":"tag-ccc","12":"tag-chaos-communications-congress","13":"tag-exploit","14":"tag-kaos-iletisim-kongresi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/router-vulnerability-34c3\/4640\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/router-vulnerability-34c3\/12248\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/router-vulnerability-34c3\/10169\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/router-vulnerability-34c3\/14439\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/router-vulnerability-34c3\/12667\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/router-vulnerability-34c3\/12340\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/router-vulnerability-34c3\/15149\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/router-vulnerability-34c3\/14932\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/router-vulnerability-34c3\/19491\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/router-vulnerability-34c3\/20747\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/router-vulnerability-34c3\/9946\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/router-vulnerability-34c3\/10031\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/router-vulnerability-34c3\/8801\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/router-vulnerability-34c3\/9197\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/router-vulnerability-34c3\/19288\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/router-vulnerability-34c3\/19398\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/router-vulnerability-34c3\/19362\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/34c3\/","name":"34c3"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=4640"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4640\/revisions"}],"predecessor-version":[{"id":6975,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/4640\/revisions\/6975"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/4641"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=4640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=4640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=4640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}