Ceragon Siklu MultiHaul and EtherHaul Series

Risk Summary

Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment.

CVEs (1)

Remediations

• Ceragon has released a software update for the affected models:
• Affected users should install firmware version R2.4.0 for affected MultiHaul models.
• Affected users should install firmware version R10.8.1 for the affected EH-8010FX model.
• Affected users should install firmware version R7.7.12 for other affected EtherHaul models.
• Additionally Ceragon has provided the following security recommendations for mitigating the listed vulnerability. To prevent exposure, management access must follow standard operator security guidelines:
• Management IP addresses must use private subnets (RFC 1918)
• Management networks must be protected by: *-* Firewalls *-* Access Control Lists *-* Network Access Translation / Secure management domains
• Firewalls
• Access Control Lists
• Network Access Translation / Secure management domains
• Public exposure of management IP Addresses is not supported nor recommendedCeragon requests that affected users please verify that all affected radio units:
• Use private management IP addresses only
• Are placed behind internal security controls
• Follow your organization's authentication and access-control policies
• Please visit the Ceragon portal here: https://portal.ceragon.com/ (login required) for further information.

Affected Vendors

Affected Products (15)

Affected Sectors

Communications