“With the right kind of code, any internet facing server that has this on it could potentially be exploited; threat actors could take full control of that device,” Shipley explained. Once they land in a network, attackers can then go anywhere the equipment is allowed to access, based on network configuration and firewalls, and can look for other unpatched devices to do even more damage, he said.
Arctic Wolf identified a number of impacted applications, including those from Ericsson, Cisco, National Instruments, Broadcom, EMQ Technologies, Apache Software Foundation, Riak Technologies, and Very Technology.
Affected versions of Erlang/OTP SSH include Erlang/OTP-27.3.2 and earlier, Erlang/OTP-26.2.5.10 and earlier and Erlang/OTP-25.3.2.19 and earlier. Customers should update them immediately. For those enterprises unable to immediately upgrade, Arctic Wolf recommends disabling the SSH server or restricting access via firewall rules.
