Podcast Detail

SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9754.mp3

previous
next
Podcast Logo
IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
00:00

Risks of OOB Access via IP KVM Devices
Recently, cheap IP KVMs have become popular. But their deployment needs to be secured.
https://isc.sans.edu/diary/Risks%20of%20OOB%20Access%20via%20IP%20KVM%20Devices/32598

Tailsnitch
Tailsnitch is a tool to review your Tailscale configuration for vulnerabilities
https://github.com/Adversis/tailsnitch

Net-SNMP snmptrapd vulnerability
A new vulnerability in snmptrapd may lead to remote code execution
https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq

Podcast Transcript

 Hello and welcome to the Tuesday, January 6, 2026
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ullrich, recording today from
 Jacksonville, Florida. And this episode is brought to you
 by the SANS.edu gradutate certificate program in
 cybersecurity engineering. And just thought about a little
 sort of contest for the beginning of the year. Let's
 see how often I'll say 2025 in the introduction. I avoided it
 today, but we'll sort of revive something I've done in
 the past. If you do find a mistake in the podcast, as
 simple as me mentioning the wrong year, I'll actually give
 away some Internet Storm Center stickers. Just send me
 an email or a message via the Internet Storm Center contact
 form, and I'll set you up with a claim code for a sticker.
 And the diary today was about something that I've observed
 more and more in recent months, and that's people
 deploying nano KVMs. Nano KVMs, they have become popular
 last year. I think beginning last year is when they sort of
 first became available. And it's a very handy device in
 that it allows you remote access to a machine via the
 web browser. That's equivalent to having physical access to
 the machine, including doing things like reboots, but
 definitely sort of getting a keyboard and the mouse and the
 screen access to the remote machine. So real handy device.
 What's the problem? Well, the problem is sort of your
 typical IoT problem that these devices, of course, are now
 starting
 sort of around $35. Some of the older devices like the Pi
 KVM will set you back almost 10 times as much, sort of in
 the $200 range to get that fully set up. Never mind
 things like Dell, DRack cards and things like that, that of
 course provide much more sophisticated access to
 specific servers. So the problem here is that since
 these devices are meant to give you sort of emergency
 access to your devices, they're often exposed to the
 internet. And that's like with all IoT devices where the
 problems start. So summarized a couple tips here in how to
 better secure them. Probably the most useful thing here.
 And luckily the Nano KVM and some of the competitors like
 Pi KVM and such also support it. And that's TailScale.
 That's a VPN solution that's specifically designed sort of
 for home systems and systems with dynamic IP addresses to
 give you easy and straightforward access to
 those remote systems in a reasonably secure manner.
 Anyway, if you have one of these devices, if you have any
 other feedback, let me know. There has also been quite a
 bit of talk about the overall security of the software stack
 in these devices and whether or not there may be some
 hidden back doors. I don't really think there are any
 intentional back doors, but I think at this point this is
 really sort of a matter of opinion. And if you do give
 any device like this, this very direct physical access to
 your systems, well, you better trust it. And that's really a
 decision that you have to make yourself. I linked to some of
 the other works of looking at the secure of these devices in
 the diary. And since I just mentioned TailScale, I also
 ran today into an interesting GitHub project, TailSnitch.
 The purpose of TailSnitch is to audit your TailScale
 configuration. So if you're relying on TailScale to secure
 access to your resources, then that's definitely a script
 that you probably should take a quick look at and see if
 anything within your TailScale setup is misconfigured. There
 are a couple of issues that you can run into, like things,
 for example, systems configured as routers or such
 that may give access to the rest of your network. Not 100%
 sure yet. I still have to run it to see what TailSnitch is
 exactly looking for here. But they're saying they're
 checking for about 50 different configuration issues
 within TailScale. Let me have a vulnerability that I've
 actually not really seen covered much. And that's a
 vulnerability in the SNMP trap demon. That's a very commonly
 used piece of open source software that is collecting
 information from SNMP traps. Sadly, it suffers from a
 buffer overflow that then can lead to a remote code
 execution. It has a CVSS score of 9.8. So definitely
 something that you should address. As I say so often,
 this should not be really exposed to the outside of your
 network. But even internally, a vulnerability like this can
 often cause quite substantial damage because this SNMP trap
 demon is often running also on basically network monitoring
 systems and such. So it may actually give an attacker
 access to a more valuable system that they can then
 abuse to, for example, get additional SNMP configurations
 and passwords and such that allow them to then actually
 affect the rest of your network. So certainly think
 that this is something that you need to pay attention to.
 And thanks to the listener who actually alerted me of this
 vulnerability. I would not have seen it otherwise. Well,
 and that's it for today. So thanks for listening. Thanks
 for liking and recommending this podcast and talk to you
 again tomorrow. Bye.