Endpoint Protection

 View Only

  • 1.  SID:29634 Wed Attack :Zynos information disclosed detection

    Posted May 24, 2017 10:52 PM
      |   view attached

    My Mdaemon server is running on Windows Server 2008R2 installed with Symantec endpoint protection version 14 (14.0 MP1) BUILD 2349 (14.0.2349.0100).

    I notice my server always prompt out a message SID:29634 Wed Attack: ZyNOS information disclosed detected.

    What is this actually? Will it be serious or effect my office network? How to resolve this issue?

     



  • 2.  RE: SID:29634 Wed Attack :Zynos information disclosed detection

    Posted May 24, 2017 10:55 PM

    SEP IPS did it's job by blocking an attack attempt so you should be fine. You may want to review the security and look at the remote IP and have it blocked at your gateway firewall.



  • 3.  RE: SID:29634 Wed Attack :Zynos information disclosed detection

    Broadcom Employee
    Posted May 24, 2017 11:54 PM

    https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=29634

    ZyNOS is an operating system used in routers. ZyNOS suffers from an information disclosure vulnerability that may lead to compromise of the device its running on.

    Update the ZyNOS software with the latest version and patches.



  • 4.  RE: SID:29634 Wed Attack :Zynos information disclosed detection

    Posted May 25, 2017 12:05 AM

    Hey Pete,

     

    just out of curiouscity , as you said te ZyNOS is used in router and how is the attacker trying to exploit this vulnarability in windows 2008 server ? 



  • 5.  RE: SID:29634 Wed Attack :Zynos information disclosed detection

    Broadcom Employee
    Posted May 25, 2017 01:14 AM

    with the logs it would be easier to identify the remote host. since the signature matches the vulnerability associated with the router the details can be found by cpaturing network traffic.