CISA Issues Warning on Critical Ruckus Bug Exploited by DDoS Botnet
May 12, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical remote code execution (RCE) vulnerability (CVE-2023-25717) in the Ruckus Wireless Admin panel. This flaw is actively being exploited by a recently discovered Distributed Denial-of-Service (DDoS) botnet. Although the security bug was addressed in early February, many Wi-Fi access point owners have not yet applied the patch. Additionally, no patch is available for end-of-life models affected by this issue.
Attackers are taking advantage of the vulnerability to infect Wi-Fi access points with AndoryuBot malware, which was first spotted in February 2023. The infection process involves unauthenticated HTTP GET requests. Once the devices are compromised, they are added to a botnet designed to launch DDoS attacks. The malware supports 12 DDoS attack modes, including tcp-raw, tcp-socket, tcp-cnc, tcp-handshake, udp-plain, udp-game, udp-ovh, udp-raw, udp-vse, udp-dstat, udp-bypass, and icmp-echo.
Cybercriminals looking to carry out DDoS attacks can now rent the firepower of the AndoryuBot botnet, as its operators are offering their services to others. Payments for this service are accepted through the CashApp mobile payment service or in various cryptocurrencies, such as XMR, BTC, ETH, and USDT.
CISA has set a deadline of June 2nd for U.S. Federal Civilian Executive Branch Agencies (FCEB) to secure their devices against the critical CVE-2023-25717 RCE bug, which was added to its list of Known Exploited Vulnerabilities on Friday. This is in line with a November 2021 binding operational directive requiring federal agencies to check and fix their networks for all security flaws listed in CISA's KEV catalog. Although the catalog primarily focuses on U.S. federal agencies, private companies are also strongly advised to prioritize addressing vulnerabilities listed in the KEV list, as threat actors actively exploit them, thus exposing public and private organizations to increased risks of security breaches.
In addition to the Ruckus Wireless vulnerability, CISA ordered federal agencies on Tuesday to patch a Windows zero-day (CVE-2023-29336) by May 30th. This vulnerability allows attackers to elevate privileges to gain SYSTEM user permissions on compromised Windows systems. Microsoft has confirmed that the Win32k Kernel driver bug has been exploited in attacks but has not yet provided details on the method of exploitation.
Related News
- Microsoft's May 2023 Patch Tuesday Addresses 3 Zero-Days and 38 Flaws
- AndoryuBot DDoS Botnet Exploits Ruckus Wireless Admin Vulnerability
Latest News
- FBI Warns of Bl00dy Ransomware Targeting Education Sector via PaperCut Vulnerability
- Rockwell Automation Products Plagued by Over a Dozen Vulnerabilities
- Details Unveiled for Exploit Chain Targeting Netgear Routers
- Zero-Click Windows Vulnerability Allows NTLM Credential Theft
- Microsoft Addresses Secure Boot Zero-Day Exploited by BlackLotus Malware
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.