This article is contributed. See the original author and article here.
CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.
CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity.
This article is contributed. See the original author and article here.
Notification
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
This document is marked TLP:WHITE–Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.
Summary
Description
CISA received one unique file for analysis. This file is a malicious 32-bit Windows Portable Executable (PE). During runtime, this malware attempts to overwrite the victim user’s files with null bytes. The malware also attempts to overwrite the Master Boot Record of attached drives with null bytes, thereby corrupting them and rendering it impossible for the victim to access the victim’s stored data.
This file is a 32 bit Windows PE that has been identified as a variant of the malware family known as Caddy Wiper. Static analysis of this application indicates its primary purpose is to destroy victim user data. First the malware attempts to enumerate all files in the directory “C:Users”. The malware will then attempt to recursively overwrite files that it can access in this directory with null bytes, effectively “zeroing” the files out.
The malware will then attempt to access drives attached to the target system, starting with the drive “D:”, and recursively “zero” out all the files it can access on those drives too. Finally, the malware attempts to use the API DeviceIoControl to directly access the physical memory of attached drives. If it is able to access these drives, the malware will zero out the first 1920 bytes of the physical drives, effectively wiping its Master Boot Record and corrupting the drive.
Screenshots
Figure 1. – This screenshot illustrates the main structure of the malware. As illustrated, the malware’s main purpose is to recursively overwrite victim user’s files and physical drives with null bytes.
Figure 2. – Structure that malware uses to build null buffer. This buffer is utilized to overwrite the victim user’s target files.
Figure 3. – Malware trying to zero out .PHYSICALDRIVE7
Figure 4. – Malware trying to zero out .PHYSICALDRIVE4
Figure 5. – Malware trying to zero out .PHYSICALDRIVE3
Figure 6. – Malware attempting to zero out first 1920 bytes of a physical drive attached to the target system.
Recommendations
CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.
Maintain up-to-date antivirus signatures and engines.
Keep operating system patches up-to-date.
Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
Enforce a strong password policy and implement regular password changes.
Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
Disable unnecessary services on agency workstations and servers.
Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
Scan all software downloaded from the Internet prior to executing.
Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).
Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, “Guide to Malware Incident Prevention & Handling for Desktops and Laptops”.
Contact Information
CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.cisa.gov/forms/feedback/
Document FAQ
What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.
Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or CISA Service Desk.
Can I submit malware to CISA? Malware samples can be submitted via three methods:
CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA’s homepage at www.cisa.gov.
This article is contributed. See the original author and article here.
On March 15, Synaptiq and Microsoft issued a press release announcing a new Machine Vision pilot program for hospitals. In collaboration with Microsoft, Synaptiq built a demo solution to proactively inform care teams of potential Central Line dressing compliance issues.
The pilot program is designed to help reduce preventable injuries from hospital-borne Central Line-Associated Bloodstream Infections (CLABSIs) and improve speed of care and patient outcomes. It also helps providers standardize care for new and existing staff, identify education opportunities, and decrease documentation time.
According to the NIH, CLABSIs are largely preventable infections that occur in more than 400,000 patients annually in the United States alone, resulting in over 28,000 deaths and costing U.S. hospitals $2 billion. A key piece of preventing CLABSIs is maintaining Central Line dressings as clean and intact as possible.
Machine vision is a type of artificial intelligence (AI) that enables computers to derive information from visual inputs. It is able to collect more precise visual data than human vision ever could, and uses processing power to analyze the visual data faster and more thoroughly than the human mind.
Because visual cues play such a vital role in ensuring patient safety and preventing CLABSIs, machine vision has the potential to exponentially enhance care teams’ ability to recognize and respond to possible infections – before the human eye can even detect a problem is present.
I am truly excited to provide our Voices of Healthcare viewers with a first-look at this incredibly important pilot. I had the opportunity to assist in building the demo solution alongside Synaptiq and cannot wait to see how it helps save many, many lives in the years to come.
For this session on May 11, 2022, Synaptiq’s CEO Stephen Sklarew and Mariana Gattegno, Quality and Patient Safety consultant at Volpini Solutions LLC, will discuss the current status of Central Line dressing maintenance in hospitals today, review the pilot program details, and demo the solution. They will also answer questions and discuss how hospitals joining this effort will benefit.
Synaptiq’s solution to assess Central Line dressings using Microsoft Technologies
Synaptiq’s Machine Vision Pilot Program for Central Line Dressing Maintenance is an example of how Microsoft Cloud for Healthcare can rapidly deliver a machine vision application that works seamlessly with care teams to help provide superior patient experiences.
We see many benefits, such as:
Hospitals in the pilot program will have an exclusive early adopter opportunity to test the solution first-hand, and their care teams will be able to help design the future solution that best meets their needs.
It is powered by Microsoft Cloud for Healthcare and leverages many Microsoft technologies that are already licensed by most major hospital systems in the United States.
There are three applications that are part of the solution that support this process: The Central Line Assessment app (Microsoft PowerApps); CLABSI Prevention Team (Microsoft Teams); and Central Line Maintenance dashboard (Microsoft Power BI)
The Central Line Assessment app runs on a smartphone for convenient bedside access and is used to capture and analyze photos of patients’ dressings. If a potential compliance issue is identified, the care team is alerted to take action. Over time, data from the provider’s electronic medical record (EMR) system accumulates information from the Central Line Assessment app and the patient’s medical record, and the Central Line Maintenance dashboard provides canned reports and ad hoc analysis capabilities to identify trends.
Most importantly, Synaptiq’s Pilot Program for this solution is an example of how Microsoft Cloud for Healthcare can rapidly deliver a machine vision application that works seamlessly with care teams to help provide superior patient experience – and help save lives.
Come join us to hear how this hospital pilot program will work and how your organization can get involved.
This session will be on May 11th at 11:00 PT / 12:00 MT/ 1:00 CT / 2:00 ET
As always, we will record the session and post the recording afterward for future consumption. We have a new landing page for this series, so favorite or follow https://aka.ms/VoicesofHealthcareCloud to make sure you never miss a future session.
Please follow the aka.ms/HLSBlog for all this great content.
This article is contributed. See the original author and article here.
Healthcare providers around the world are accelerating their digital journey and embracing secure solutions that empower health team collaboration and boost clinician productivity. Embracing mixed realitya set of technologies that superimposes digital data and images in the physical worldbrings new opportunities for healthcare providers to work together more effectively, optimize operations, and accelerate learning all while improving patient care.
With HoloLens 2 and mixed reality, health professionals can connect with remote experts, and call up patient data and go beyond x-rays to consult Magnetic Resonance Imaging (MRI) images in 3D at the point of care. Microsoft’s comprehensive ecosystem of mixed reality solutions, including Microsoft HoloLens 2, Microsoft Dynamics 365 Remote Assist, and Microsoft Dynamics 365 Guides, empower teams to cooperate more effectively and reduce time-to-care.
The benefits of adopting mixed reality in healthcare are significant. According to the commissioned Total Economic Impact of Mixed Reality Using Microsoft HoloLens 2 (“HoloLens 2 TEI study”), Forrester found that healthcare organizations experienced the following benefits:
Improved efficiency to complete ward rounds by 30 percent at an average savings of $41 per hour.
Reduced training time by 30 percent, at an average savings of $63 per labor hour.
Reduced average annual PPE costs by 75 percent, saving $954 per employee.
Forrester also estimates an ROI of 177 percent and a net present value of $7.6 million over three years with a payback of 13 months with HoloLens 2 and mixed reality.
Adapt to the speed of change and improve clinical operations
Dynamics 365 mixed reality on HoloLens 2 is enabling healthcare providers to train medical staff more effectively and efficiently with holographic step-by-step guidance. Dynamics 365 Guides on HoloLens 2 enables medical institutions to provide continuous learning and widespread knowledge sharing while removing the need for subject matter experts to be physically present. Simply use your PC and the HoloLens app to author instructions and easily place 2D and 3D content in the real-world environment, showing users how and where to complete tasks.
Dynamics 365 Guides on HoloLens 2 empowers doctors, nurses, and technicians to train and to practice using hands-on, simulated learningensuring the entire organization keeps pace with the technological advances in science and technology. According to the HoloLens 2 TEI study, Healthcare providers reduced 80 hours of training time by 30 percent, at an average savings of $63 per labor hour.
When the pandemic hit, like many hospitals, Sheba Medical Center, a comprehensive hospital in the Middle East, sought solutions that would allow it to scale its workforce and expedite task shifting. With Dynamics 365 Guides on HoloLens 2, Sheba Medical Center deployed a self-serve training solution that supported staff to learn to operate physical ventilators quickly and easily. With holographic instructions overlaid in their physical environment, hospital staff were able to walk through a guided training simulation proficiently and successfully without requiring a supervisor. As a result, Sheba Medical Center was able to expedite task shifting across medical staff and meet staffing demands, enabling over 60 members of its staff to learn how to operate new devices in just 20 minutes.
“One of the key advantages of the technology is that it works on several layers of the brain you hear it talk, see the presentation in front of you, and also physically touch the ventilator. The more senses involved simultaneously, the better the brain can recall. I ‘tested’ myself later to check what my brain remembered, and it was incredible. It also gave me a sense of empowerment that I can learn and embrace new technologies.”Shiraz Shushan, Neonatal Intensive Care Unit (NICU) nurse, Sheba Medical Center. Learn more about how Sheba Medical Center optimized staff training.
Empower care teams to collaborate effectively and securely from anywhere
Multidisciplinary care teams encompassing specialized clinicians, clinical staff, and healthcare administrators often span multiple hospitals or locations, adding time, cost, and complexity to patient care. Enable care teams to collaborate remotely and conduct virtual patient consultations with real-time spatial information to accelerate diagnoses and reduce time-to-treatment with HoloLens 2 and Dynamics 365 mixed reality solutions.
Using Dynamics 365 mixed reality solutions on HoloLens 2, medical staff can consult colleagues’ heads-up, hands-free through an interactive collaborative experience from anywhere in the world. Additionally, healthcare providers can improve access and care delivery to aging and underserved populations with remote assisted care consultations. These remote consultations also lead to major cost savingsthe HoloLens 2 TEI study shows that healthcare providers reduced ward round time by 30 percent saving $41 per hour.
Each year, Imperial College Healthcare NHS Trust provides acute and specialist healthcare in northwest London for over a million and a half people. Like many healthcare providers around the world, when the COVID-19 pandemic started, Imperial College Healthcare NHS Trust rapidly began to redeploy and retrain its staff while at the same time coping with an increasing number of affected patients. With Dynamics 365 Remote Assist on HoloLens 2, Imperial College Healthcare NHS Trust was able to successfully conduct virtual ward rounds and treat very ill patients while limiting staff exposure to the deadly virus. Imperial College Healthcare NHS Trust reduced ward rounds from four doctors to one doctor by holding video calls with colleagues and experts from anywhere in the world heads-up, hands free. Doctors were also able to simultaneously access patient data such as medical notes, X-rays, and MRIs to effectively treat patients.
“What it means is that you have all the information, all the specialist care you need at the patient’s bedside there and then and it’s all in one headset.”Dr. James Kinross, consultant surgeon and senior lecturer, Imperial College Healthcare NHS Trust. Learn more about how Imperial College NHS Trust enabled virtual ward rounds.
Preparing the next generation of healthcare professionals while reducing costs
According to World Health Organization (WHO), to achieve the goal of universal health coverage by 2030, the world needs nine million more nurses and midwives.2 Dynamics 365 mixed reality and HoloLens 2 are advancing the learning of nurses and removing location barriers of in-person training while reducing costs.
Dynamics 365 Guides on HoloLens 2 enables healthcare providers and institutions to enhance the upskilling of nurses and reduce PPE costs with continuous, hands-on learning experiences remotely. Instructors and supervisors can track and monitor student and faculty progress with Power BI dashboards that pull in real-time performance data to maximize participant development and identify areas for operational improvements. The HoloLens TEI study reports that healthcare providers reduced annual PPE costs by 75 percent, saving $954 per employee.
The pandemic disrupted the operations of institutions around the world casting a clear gap in the effectiveness of hybrid learning tools. The School of Nursing at the University of Michigan (the University) turned to Dynamics 365 Guides on HoloLens 2 to support hybrid learning because of its ability to provide hands-on skills to nursing students remotely. The University piloted a program allowing students to conduct simulated, repeatable augmented medical procedures one step at a time. Dynamics 365 Guides on HoloLens 2 enabled students to follow the guided training heads-up, hands-free and simultaneously perform the procedures on mannequins. The University is continuing to develop and scale the program for more advanced nursing procedures.
“Once we were introduced to HoloLens 2 we learned about Dynamics 365 Guides, and it was pretty exciting because we realized that we could use the guides to create training tools to teach the nursing students how to do these necessary, rudimentary, required skills, and procedures that they have to do in order to move to the next level and go out and practice.”Deborah Lee, clinical assistant professor, School of Nursing at the University of Michigan. Learn more about how University is transforming nursing education.
Next steps
Our customer evidence stories, in addition to the material ROI showcased above, demonstrate that Microsoft offers not only innovative results, but long-term and sustainable solutions for healthcare organizations and beyond.
Request a Dynamics 365 Mixed Reality demo on Microsoft HoloLens 2. Book an appointment with our Microsoft Stores team today. Select ‘Other’ under Choose topic and reference HoloLens 2 demo in “What can we help with”.
This article is contributed. See the original author and article here.
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.
Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.
To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.
Top 15 Routinely Exploited Vulnerabilities
Table 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include:
CVE-2021-44228. This vulnerability, known as Log4Shell, affects Apache’s Log4j library, an open-source logging framework. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows a cyber actor to take full control over the system. The actor can then steal information, launch ransomware, or conduct other malicious activity.[1] Log4j is incorporated into thousands of products worldwide. This vulnerability was disclosed in December 2021; the rapid widespread exploitation of this vulnerability demonstrates the ability of malicious actors to quickly weaponize known vulnerabilities and target organizations before they patch.
CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065. These vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination (i.e., “vulnerability chaining”) allows an unauthenticated cyber actor to execute arbitrary code on vulnerable Exchange Servers, which, in turn, enables the actor to gain persistent access to files and mailboxes on the servers, as well as to credentials stored on the servers. Successful exploitation may additionally enable the cyber actor to compromise trust and identity in a vulnerable network.
CVE-2021-34523, CVE-2021-34473, CVE-2021-31207. These vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft’s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers.
CVE-2021-26084. This vulnerability, affecting Atlassian Confluence Server and Data Center, could enable an unauthenticated actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a POC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021.
Three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021
Additional Routinely Exploited Vulnerabilities
In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021.
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.
Table 2: Additional Routinely Exploited Vulnerabilities in 2021
Vulnerability and Configuration Management
Update software, operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching known exploited vulnerabilities, especially those CVEs identified in this CSA, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. For patch information on CVEs identified in this CSA, refer to the appendix.
If a patch for a known exploited or critical vulnerability cannot be quickly applied, implement vendor-approved workarounds.
Use a centralized patch management system.
Replace end-of-life software, i.e., software that is no longer supported by the vendor. For example, Accellion FTA was retired in April 2021.
Organizations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs). Reputable MSPs can patch applications—such as webmail, file storage, file sharing, and chat and other employee collaboration tools—for their customers. However, as MSPs and CSPs expand their client organization’s attack surface and may introduce unanticipated risks, organizations should proactively collaborate with their MSPs and CSPs to jointly reduce that risk. For more information and guidance, see the following resources.
Identity and Access Management
Enforce multifactor authentication (MFA) for all users, without exception.
Enforce MFA on all VPN connections. If MFA is unavailable, require employees engaging in remote work to use strong passwords.
Regularly review, validate, or remove privileged accounts (annually at a minimum).
Configure access control under the concept of least privilege principle.
Ensure software service accounts only provide necessary permissions (least privilege) to perform intended functions (non-administrative privileges).
Properly configure and secure internet-facing network devices, disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices.
Harden commonly exploited enterprise network services, including Link-Local Multicast Name Resolution (LLMNR) protocol, Remote Desktop Protocol (RDP), Common Internet File System (CIFS), Active Directory, and OpenLDAP.
Manage Windows Key Distribution Center (KDC) accounts (e.g., KRBTGT) to minimize Golden Ticket attacks and Kerberoasting.
Strictly control the use of native scripting applications, such as command-line, PowerShell, WinRM, Windows Management Instrumentation (WMI), and Distributed Component Object Model (DCOM).
Segment networks to limit or block lateral movement by controlling access to applications, devices, and databases. Use private virtual local area networks.
Continuously monitor the attack surface and investigate abnormal activity that may indicate lateral movement of a threat actor or malware.
Use security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools. Consider using an information technology asset management (ITAM) solution to ensure your EDR, SIEM, vulnerability scanner etc., are reporting the same number of assets.
Monitor the environment for potentially unwanted programs.
Reduce third-party applications and unique system/application builds; provide exceptions only if required to support business critical functions.
Implement application allowlisting.
Resources
Disclaimer
The information in this report is being provided “as is” for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
Purpose
This document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
ADC and Gateway version 13.0 all supported builds before 13.0.47.24
NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12
SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b
Recent Comments