Security Alert: Exploitation of Ellucian Banner System Vulnerability

The U.S Department of Education has acquired information about the exploitation of a previously known vulnerability in the Ellucian Banner software system. This exploitation occurs in Ellucian Banner Web Tailor versions 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4, and has already affected 62 institutions, with criminals searching for other institutions to exploit this vulnerability on as well.

As the Department of Education writes: “According to National Institute of Standards and Technology (NIST) advisory CVE-2019-8978, attackers can leverage a known vulnerability in these versions of these applications to log in to the Banner system with an institutional account. Access to operational areas and functions within the system would depend upon the administrative privileges granted to the affected account, but this information does not appear to be specifically detailed in the NIST advisory.”

“Victimized institutions have indicated that the attackers exploit the vulnerability and then leverage scripts in the admissions or enrollment section of the affected Banner system to create multiple student accounts. It has been reported that at least 600 fake or fraudulent student accounts were created within a 24-hour period, with the activity continuing over multiple days resulting in the creation of thousands of fake student accounts. Some of these accounts appear to be leveraged almost immediately for criminal activity.”

The Department advises the following course of action if your institution uses Ellucian Banner Web Tailor version 8.8.3, 8.8.4, or 8.9 and/or Banner Enterprise Identity Services version 8.3, 8.3.1, 8.3.2, or 8.4:

Source/Full Article: TECHNOLOGY SECURITY ALERT – Exploitation of Ellucian Banner System Vulnerability