VyOS Vulnerability?

Hi, I’ve see this vulnerability : https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
do you know if is patched ? And if yes, wich version ?

Thanks :slight_smile:

I haven’t fully understood those vulnerabilities myself other than reading the summaries, but from what I understand this has little to nothing to do with VyOS. It looks like it’s something that should be filtered in the browser, and updates seems to be available for all major browsers.

One way you could reduce impact would be to segment your network and limit access between them. I think. :slight_smile:

Looking through that link it seems related to ALG (i.e. conntrack helpers). Another way to help mitigate the attack would be to disable conntrack helpers unless they are absolutely necessary for your environment/setup. E.g.

set system conntrack modules ftp disable
set system conntrack modules gre disable
set system conntrack modules h323 disable
set system conntrack modules nfs disable
set system conntrack modules pptp disable
set system conntrack modules sip disable
set system conntrack modules sqlnet disable
set system conntrack modules tftp disable

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.