Cyber Security Threat Summary:
AOE servers that are not properly secured are susceptible to a security vulnerability that could potentially grant unauthorized access to the server via the AOE Server Admin user account. Such compromised servers are consequently vulnerable to ransomware attacks, posing a significant security risk.
Affected Products: The following products are within the scope of this vulnerability:
- 4150000G1 Services Management Kit for New Install
- 4150100G1 Services Management Kit for Maintenance Install
- 4150800G1 AOE Services Management Package
- 4150800G10 AOE Services Management Replacement
To mitigate the risk associated with this vulnerability, Adtran recommends the following actions:
Immediate Disconnection: Adtran strongly advises the removal of any non-secured AOE servers. AOE requires the use of a properly configured firewall, VPN, or private network. Firewalls may allow traffic from known safe sources through specific firewall rules, for example a port forwarding rule allowing incoming traffic on a specific port from a specific IP address for OSS or Mosaic One communication. General or open access is not recommended. If you are uncertain about the server's connection status or security status, consider one of the following steps and contact Adtran Support (details below) for how to secure your server:
- Shut down the Virtual Machine (VM) running the AOE application. Physically power off the server or disconnect the Ethernet port on the bare-metal server where the AOE application is hosted. The primary objective is to eliminate potential access points.
- Isolate Compromised Servers: If a server has been compromised, it is crucial to promptly remove the server from the network and decommission the server. Additionally, close any firewall openings that were specifically created for AOE server access.
- Incident Response Plan: Additional directions or actions will be updated to [https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2023002-AOE-RCE/ta-p/38758.](https://supportcommunity.adtran.com/t5/Security-Advisories/ADTSA-2023002-AOE-)
Adtran is asking organizations to take immediate action to address these recommendations to minimize the potential risks associated with this vulnerability.