A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw.
The botnet, dubbed EwDoor by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices.
EdgeMarc appliances support high-capacity VoIP and data environments, bridging the gap between enterprise networks and their service providers, in this case, the AT&T carrier.
However, this also requires the devices to be publicly exposed to the Internet, increasing their exposure to remote attacks.
360 Netlab spotted the botnet on October 27 when the first attacks targeting Internet-exposed Edgewater Networks’ devices unpatched against the critical CVE-2017-6079 vulnerability started.