Loader

SolarWinds Sunburst/Supernova Mitigations

 

Introduction

Document Number

ENG-0012904

Purpose

The purpose of this document is to describe the SolarWinds Sunburst/Supernova vulnerability, its possible downstream impacts to Tellabs Systems and recommended mitigations against any future compromises of SolarWinds or other network surveillance tools.

Applies To

All Tellabs OLTs.

CVE/Vulnerability Description

It is our understanding that the SolarWinds Orion platform was affected by two vulnerabilities that have been exploited within networks, the SUNBURST and SUPERNOVA vulnerabilities.    SUNBURST is a vulnerability that was inserted into SolarWinds Orion 2019.4 HF5, 2020.2 with no hotfix, and 2020.2 HF 1 by a what appears to be a nation state actor.    This compromised file was likely pushed to over 18,000 customers and likely exists on many sites.  Once the SUPERNOVA vulnerability was used on a subset of customers and was installed on systems in a SolarWinds DLL it allowed the compromise of the server on which SolarWinds runs.     The SUPERNOVA vulnerability is separate malware that was inserted onto target systems after a compromised version of SolarWinds was executed and allowed downloading of further malware and further compromise of systems.  The SolarWinds site should be consulted to get the latest and most accurate details about this vulnerability.

Vulnerability Statement

Surveillance of Tellabs OLAN equipment is sometimes performed using the SolarWinds Orion toolset.  It does this via SNMP.  There is no evidence that any attempt was made to compromise the SNMP interface of Solar Winds.  The attacks attempted to gain access to the server itself and use that to escalate privileges and gain access to other systems.  At this time, it does not appear that the networks were a target and no compromise of Tellabs systems have been reported by any customer.  

Once a SolarWinds instance is compromised, if credentials are compromised, it is possible to manually make changes to systems using valid credentials if the SNMP user has not been configured to be readonly.  It is recommended that all mitigations be implemented to minimize an attackers ability to affect downstream systems once a SolarWinds instance is compromised.  

Recommended Mitigations for SolarWinds compromises

While the current compromise of SolarWinds does not appear to affect any networking equipment managed by Solar Winds, Tellabs recommends the following mitigations to protect any against possible future compromise of the SolarWinds tool and similar tools within the network.

1) Ensure that your SolarWinds installation is up to date and has all security patches and all SolarWinds security directives have been followed.

2) Follow STIG recommendations of least privilege necessary being assigned to roles and make the SNMP user a readonly user.  The Tellabs OLAN equipment does support the capability to Admin ports up or down for both UNI and NNI ports via SNMP.  SolarWinds supports the capability to use the SNMP write capability to  do this.  Changing the SNMP user role to readonly on the OLT will ensure that SolarWinds cannot change the state of any port.  It is rare that this capability is used, typically ports are enable/disabled from the Tellabs Panorama software.  NAC appliances typically do not use SNMP to Admin ports up or down.  This is configured by going to the OLT, select Properties from the right click menu, then select the role of ReadUser.  This can be seen in the dialog shown below.

3) Ensure that you are using the SNMPv3 interface for any SNMP access to Tellabs OLTs as recommended by STIGs and Tellabs deployment guides.

SNMPv3 configuration is accessed by right clicking on the OLT in Panorama PON, selecting the SNMP tab and then pressing Manage SNMP User.  SNMPv3 is formally known as USM or User Security Model.  Selecting USM enables SNMP for access and enforces encryption of both credentials(AUTH) and SNMP accesses(PRIV or Privacy).  Full instructions on SNMP setup and SNMPv3 configuration of Tellabs equipment along with SolarWinds setup examples can be found here.

4) If you believe you have a vulnerable version of SolarWinds and suspect any possibility of compromise, ensure that you change your SNMP passwords on Solar Winds and the Tellabs OLT to ensure the SNMP credentials are not compromised.  The password fields are highlighted for the SNMP users in the dialog above.    Also have users change the Panorama EMS passwords and OLT CLI passwords to ensure that all user and SNMP credentials are secure.

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.

On this page

light-box Image