Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities
We Keep you Connected
Weekly Vulnerability Recap – October 2, 2023 – WS_FTP, Exim, Cisco and Other Exploited Vulnerabilities
Chad Kime
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. Vulnerabilities carrying high severity scores require urgent attention, and many of this week’s critical vulnerabilities are no exception. A host of zero-dayvulnerabilities, several under active attack, will require immediate attention for patching or mitigation.
However, as valuable as ratings can be, they don’t tell the whole story. 25-year-old RSA description vulnerabilities defy the CSV ratings due to their complexity, and of the eight Cisco IOSvulnerabilities, it is their second-lowest-rated vulnerability under attack in the wild.
As always, our pressured IT and securityteams will need to use severity ratings in combination with a risk analysis of assets potentially exposed by vulnerabilities to determine priorities and schedules.
Many IT and securityteams struggle to keep up with vulnerability management and patch management. Yet, once an attacker begins to actively exploitvulnerabilities, the risk becomes exponentially higher and these vulnerabilities must be prioritized for patching or mitigation.
This week, the following active exploits of older vulnerabilities were announced: See also: Top Patch and Vulnerability Management products Type of attack:Attackers can obtain a free Cloudflare account to bypass Cloudflare protections to launch distributed denial of service (DDoS) attacks on Cloudflare customers with shared security certificates. The problem:Researchers discovered a flaw in the way Cloudflare trusts Cloudflare customers. When customers request a private key and certificate signing request through Cloudflare, Cloudflare uses a shared certificate for all such customers. This shared certificate is then abused to bypass Cloudflare DDoSsecurity and launch DDoSattacks against known server IP addresses. The fix: Until tenant-specific certificates are available, Cloudflare customers should use their own custom certificates. Type of attack: The “Marvin Attack,” detailed by RedHat, uses a timing attack to target weakness in padding error management to perform side-channel attacks to decrypt ciphertexts, forge signatures, and possibly decrypt TLS server sessions. The problem: Most asymmetric cryptographic algorithms, such as Open SSL, GnuTLS, NSS, and M2Crypto are found to be vulnerable in some fashion in these types of attacks. No vulnerability rating is possible due to the variety and complexity of the implementation of these algorithms in specific products. The fix: Researchers advise against using RSA PKCS#1 v1.5 encryption and to contact vendors about possible issues and fixes for their encryption algorithms. No single patch is universally available. Type of attack: Details are not available, but targeted attacks on the graphic processing unit (GPU) kernel driver can gain access to data retained in already freed memory. The problem:Google researchers reported targeted exploitation of vulnerable GPU kernel drivers in Arm’s Mali GPU chips to steal data from memory. This vulnerability exposes mobile phones using the Mali GPU chip such as the Samsung Galaxy S20/S20 FE, Motorola Edge 40, or Xiaomi Redmi K30/K40. These flaws require local access, which will most commonly be obtained when a victim downloads other malware to their phone. The fix:Patches are available, but may take time to work their way through the device makers. Organizations should examine the affected model list and scrutinize installed software on affected devices until patches are available. Type of attack:Attackers can exploit unpatched vulnerabilities to perform remote code execution (RCE), directory traversal, cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), and file enumeration attacks. The problem: The key vulnerability, CVE-2023-40044, affects potentially thousands of WS_FTP servers worldwide with an RCE vulnerability in the Ad Hoc Transfer module. This vulnerability receives the maximum 10.0 rating under CVSS v3.1 because the attacks are simple to perform and need no interaction with legitimate users or credentials.
The other vulnerabilities range between 9.9 (Critical) and 5.3 (Medium). Considering the active ransomware activity with vulnerabilities in Progress Software’s other file transfer software, MOVEit, WS_FTP server maintenance teams should patch ASAP. The fix: Progress Software issued patches for all vulnerabilities and recommends immediate action to patchsystems. Type of attack:Attackers can cause software crashes or remote code execution (RCE), or read information from vulnerable Exim mail servers. The problem:VulnerabilityCVE-2023-42115, rated critical (9.8 under CVSS v3.1) stems from an out-of-bounds write weakness in the simple mail transfer protocol (SMTP) service. The other five vulnerabilities are less serious, but still rated medium to high:
The popular Exim mail transfer agent (MTA) provides default MTA for the Debian Linux distribution and more than 3.5 million servers appear to be exposed to the internet which makes them vulnerable to these attacks. The fix:Some fixes have been made available to Exim distribution maintainers, but the developer has yet to receive sufficient information to resolve all vulnerabilities. Servers should be isolated from internet access until patches for all vulnerabilities are available. Type of attack: Unauthenticated Access, Unauthenticated Configuration Rollback, Information Disclosure, Authorization Bypass, Domain of Service The problem: The most severe of the five vulnerabilities, CVE-2023-20252, is rated 9.8 under CVSS v3.1 and allows an attacker to access or cause a denial of service to affected versions of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The fix: Cisco has released a chart of the various vulnerabilities and the minimum upgrade necessary to mitigate the vulnerabilities within their vulnerability disclosure. Type of attack: Out-of-Bounds Write Vulnerability (under exploit), Command Injection, Denial of Service, Command Authorization Bypass The problem: Cisco disclosed eight IOS and IOS XE vulnerabilities with ratings between 6.1 and 8.8 under CVSS v3.1. Ironically, it is a medium vulnerability with only a 6.6 rating, CVS-2023-20109, that is the vulnerability actively exploited to compromise an installed key server or modify the configuration of a group member.
To exploit CVS-2023-20109, requires admin control of a key server or a group member. This should be difficult, so thus this vulnerability only earns a medium rating. The fact that this is the exploitedvulnerability should give all organizations a reason to review, and possibly reset, admin privileges. The fix: Cisco has already issued patches, so those with IOS or IOS XE can upgrade their software. Organizations without time to install upgrades promptly should consider resetting admin passwords. Type of attack: A heap buffer overflow weakness in the video codec library can cause app crashes or enable arbitrary code execution (ACE) The problem:Attackers currently exploitCVE-2023-5217 to install spyware. The fix: Cisco has already released an update, so browsers may be updated immediately. This is the third zero-dayvulnerabilitypatched in September and the eighth patched this year. Users that do not have automatically-updating Chrome should be forced to update ASAP. Type of attack: Elevation of Privilege (EoP), Remote Code Execution (RCE) The problem:CVE-2023-29357 allows for elevation of privilege within Microsoft Sharepoint through spoofed JSON Web Tokens, which can then be used to exploitCVE-2023-24955 for remote code execution. The fix: This attack proves the exploitability of vulnerabilitiespatched in May 2023 (CVE-2023-24955) and June 2023 (CVE-2023-29357). With an announced proof of concept, IT departments should prioritize these Sharepoint patches. Read next:
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.
Previous article
Next article
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
Enhanced Expertise: Co-Managed services bring in specialized expertise to complement your IT team, helping them tackle complex issues and projects more effectively.
Resource Augmentation: It's not about replacing your IT department but augmenting their resources. This allows your IT team to focus on strategic initiatives while routine tasks are handled externally.
Scalability: Co-Managed services are scalable, so you can adjust the level of support as per your needs, ensuring efficient resource allocation.
Cybersecurity Boost: Co-Managed services often provide advanced cybersecurity solutions, which help protect your organization from cyber threats and vulnerabilities.
Cost-Efficiency: By outsourcing routine tasks and maintenance, your IT department can allocate resources more efficiently, potentially reducing overall IT costs.
Improved Compliance: Co-Managed services can assist with compliance management, ensuring your organization adheres to industry regulations and standards.
Risk Mitigation: Shared responsibility for IT operations means shared risk. Co-Managed services providers work alongside your IT team to minimize potential risks.
Strategic Partnerships: Partnering with experienced Co-Managed service providers can enhance your organization's reputation by showcasing a commitment to innovation and efficiency.
Faster Issue Resolution: Co-Managed services often have access to advanced tools and resources, enabling quicker problem-solving and issue resolution.
Customized Solutions: Tailored solutions mean that your IT department has more control over the services provided and can align them with your organization's specific needs.
Flexibility: Your IT team retains control and can collaborate closely with Co-Managed service providers, ensuring a seamless partnership.
Catering to All IT Issues So You Can Stay Connected Securely
The Network Company has been based in South Orange County, CA, for over 27 years and provides “Managed IT Services.” We support your company’s network, computers, software, and users; and make sure your system is always running smoothly. Our topmost priority is to ensure that your users and customers get the most from your IT investment.
GET YOUR FREE, NO-OBLIGATION NETWORK HEALTH CHECK! We know you’re so busy running your business that sometimes you may forget to think about the security and health of your computer network. In fact, many business owners do NOT perform regular IT and Security maintenance, leaving the door wide open for spyware, viruses and other malicious threats that can infect their networks. This can lead to the loss of irreplaceable business data and hours of downtime. This is where we can help with Professional IT services, no matter what industry your business is in.
We don’t want this to happen to you! We’re offering you a FREE, no-strings-attached Network Health Check, which includes an inventory of your current environment, along with recommended improvements to keep your network healthy.
What’s the catch? You must be wondering why we are willing to give this away for free. We are simply offering this Network Health Check as a risk-free way to “get to know us” while helping you identify areas of vulnerability.
How does it work? To get your free Network Health Check, simply click here to complete the online request form. After we receive your request, we will contact you to schedule a specialist to perform the assessment.
Following the assessment, you will receive a complimentary recommended action plan and estimate for correcting any existing issues.
