Connect with us

Hi, what are you looking for?


Risk Management

Hundreds of Devices With Internet-Exposed Management Interface Found in US Agencies

Censys identified hundreds of devices within US federal agencies’ networks that expose their management interface to the internet.

Attack surface management firm Censys has identified hundreds of devices residing within federal networks that have internet-exposed management interfaces.

During an analysis of more than 50 federal civilian executive branch (FCEB) organizations and sub-organizations, Censys discovered more than 13,000 distinct hosts across 100 autonomous systems.

A deep dive into these hosts, which were accessible via IPv4 addresses, revealed hundreds of devices that have management interfaces exposed to the public internet, and which fall within the scope of CISA’s Binding Operational Directive (BOD) 23-02.

Meant to help federal agencies mitigate the risks associated with internet-exposed management interfaces, BOD 23-02 provides guidance on how to secure remotely accessible interfaces, which often fall victim to malicious attacks.

According to CISA, threat actors are targeting specific classes of devices that support network infrastructures, to evade detections. After compromising these devices, the attackers often gain full access to a network.

“Inadequate security, misconfigurations, and out of date software make these devices more vulnerable to exploitation. The risk is further compounded if device management interfaces are connected directly to, and accessible from, the public-facing internet,” CISA’s BOD 23-02 reads.

Devices that Censys searched for include access points, firewalls, routers, VPNs, and other remote server management appliances. The company identified over 250 hosts with exposed interfaces that were running remote protocols such as SSH and Telnet.

Advertisement. Scroll to continue reading.

“Among these were various Cisco network devices with exposed Adaptive Security Device Manager interfaces, enterprise Cradlepoint router interfaces exposing wireless network details, and many popular firewall solutions such as Fortinet Fortiguard and SonicWall appliances,” Censys says.

Furthermore, the company identified exposed remote access protocols (FTP, SMB, NetBIOS, and SNMP), out-of-band remote server management devices, managed file transfer tools (including MOVEit, GoAnywhere, and SolarWinds Serv-U), HTTP services exposing directory listings, Nessus vulnerability scanning servers, physical Barracuda Email Security Gateway appliances, and more than 150 instances of end-of-life software.

Vulnerabilities in all these are known to have been targeted by threat actors, often with dire consequences for hundreds of organizations, as was the case with the SolarWinds, GoAnywhere, and MOVEit attacks. Vulnerable Barracuda, Fortinet, SonicWall, and Cisco appliances are also frequent targets in malicious attacks.

Related: CISA Instructs Federal Agencies to Secure Internet-Exposed Devices

Related: Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers

Related: 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...