Important Reports
According to a U.S. Department of Education technology security alert, at least 62 universities have been attacked using a vulnerability in Ellucian’s Banner System. The vulnerability (CVE-2019-8978) can be used to log into the Banner system with an institutional account, providing access based on the administrative privileges tied to that account.
Attackers are actively scanning the internet to find institutions that are susceptible to this kind of attack, and they then use the vulnerability to “leverage scripts in the admissions or enrollment section of the affected Banner system to create multiple student accounts,” sometimes creating up to 600 fake accounts in one day and thousands over the course of just a few days. The attackers then use the accounts to gain access to and manipulate grades, course registration, and financial aid systems and payment.
New versions of the Banner system are not affected by the issue, but any institution that is using Ellucian Banner Web Tailor versions 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4 need to update as soon as possible.
While it is unclear exactly who discovered the issue and when, NIST’s advisory references a December 2018 GitHub post from Joshua Mulliken, a member of IT staff at the University of South Carolina. In the GitHub post, Mulliken’s disclosure timeline shows that Ellucian took several months to acknowledge the issue.
Ellucian still denies the flaw is the cause of the attacks. Josh Sosnin, chief information security officer a Ellucian, said “Ellucian has confirmed internally that the two issues outlined in the Department of Education Report are separate, unrelated issues. There is no connection between these issues and Ellucian has communicated this to the Department of Education.
For more information:
TECHNOLOGY SECURITY ALERT – Exploitation of Ellucian Banner System Vulnerability
NIST Advisory for CVE-2019-8978
Ellucian Banner Data Breach Draws Federal Concern
At Least 62 Colleges Were Exploited by a Software Vulnerability. Here’s What You Need to Know.
Contact Us
2715 E. Tenth Street
Bloomington, IN 47408
812-856-0717
info@ren-isac.net
Member of the Indiana University Cybersecurity Community
24-Hour CSIRT Watch Desk
+1 317-274-7228
soc@ren-isac.net
Report a Vulnerability
