Recently, many organizations around the world have been affected by a new networked cyber-attack similar to “WannaCry” or “WannaCrypt” known as “Petya” or “NotPetya”. This malware targets unpatched Windows computers on a public or private network using a set of known vulnerabilities.
Avigilon believes that when running in their default configuration, Avigilon NVRs and HDVAs shipped in the last three years are not vulnerable to a network-based attack leveraging CVE-2017-0143 through CVE-2017-0148, inclusively. Please note:
For Windows 7 based images, the relevant vulnerable connection is firewalled by default, because file and print sharing are disabled. This means that if the default configuration is or was ever changed to enable file and print sharing, or to disable the Windows firewall, unpatched machines may become vulnerable.
For Windows Server 2012 based images, although file and print sharing was enabled on some of the images shipped, this version of Windows has extra layers of defense and, based on our analysis, Avigilon believes that exploitation of these images is difficult. Nonetheless, unpatched machines may become vulnerable at some point in the relatively near future.
In addition, on all Windows based ACC installations, to protect against future attacks that could use file and print sharing services as an attack vector, customers may wish to consider the following optional steps:
Disable file and print sharing services on all Windows based Avigilon server and client machines. File and print sharing services are not required for Avigilon Control Center™ server or client software to work properly. This will help to protect these servers from this type of infection.
To help to protect file and print servers in their organization from future attacks targeting SMBv1 specifically, customers may also choose to disable SMBv1 (and leave only SMBv2 and SMBv3 enabled) throughout their network. In this case, video archiving from ACC ES Analytics Appliances, ACC ES HD Recorder appliances, and ACC ES H4A cameras will no longer work until an update currently scheduled for July 2017 is released (shortly after our ACC 6.4 software is released). Archiving from Windows-based ACC servers with current software will not be affected.
Please note, the above analysis and recommendations contained in this letter are intended as suggested guidelines and for informational purposes only. Avigilon does not guarantee that any of its products are immune from a potential cyber-attack, and adhering to any of the advice contained in this letter may still result in a virus infecting your Avigilon product. In general, Avigilon recommends keeping all software and firmware up to date as best practice from an information security perspective.