Tenable Research: February and March Vulnerability Disclosure Roundup
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them.
This post provides an overview of all the vulnerabilities discovered by Tenable Research in February and March.
You can access all Tenable Research advisories here.
|
EMC VASA Virtual Appliance Default Credentials and Arbitrary File Upload |
|
CVE ID: CVE-2018-1216, CVE-2018-1215 Nessus Plugin ID: 106849 Tenable Research Advisory: TRA-2018-03 Risk Factor: Crítica |
|
What do you need to know? Tenable Research has discovered two vulnerabilities in the EMC VASA Virtual Appliance SE web application. The first vulnerability is a default account. The default account does not have access to the web UI, but exploitation permits an attacker to obtain a valid session ID to execute further commands. The second vulnerability permits an authenticated attacker to upload an arbitrary file to any location on the web server. What’s the attack vector? Exploitation of the default credentials requires only unauthenticated network access. Even though the default credentials do not have privileges for the web UI, after authenticating, the attacker can extract a valid session ID from a local cookie and use it to execute remote commands. What’s the business impact? Combining both vulnerabilities can permit an attacker to gain full unauthorized access to the system. What’s the solution? EMC has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerabilities using Plugin ID 106849. |
|
Micro Focus Operations Orchestration Information Disclosure and Remote Denial-of-Service Vulnerabilities |
|
CVE ID: CVE-2018-6490 Nessus Plugin ID: 107094 Tenable Research Advisory: TRA-2018-05 Risk Factor: Alta |
|
What do you need to know? Tenable Research has discovered information disclosure and denial-of-service vulnerabilities in Micro Focus Operations Orchestration version 10.X. These can be used to disclose sensitive runtime information and shut down the JMiniX JMX console used for administrative web-based access. You can read a full analysis here. What's the attack vector? Exploitation requires remote unauthenticated network access and is trivial to exploit. What's the business impact? Malicious attackers can gather sensitive runtime information for reconnaissance. Even worse, a malicious attacker can remotely shut down the JMiniX JMX console that provides access to the web user interface. Micro Focus Operations Orchestration is used by IT and DevOps operation teams to automate IT processes (e.g., incident and disaster recovery and hybrid cloud provisioning and configuration). What's the solution? Micro Focus has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107094. |
|
Check Point Gaia OS Privilege Escalation Vulnerability |
|
CVE ID: - Nessus Plugin ID:107072 Tenable Research Advisory: TRA-2018-04 Risk Factor: Media |
|
What do you need to know? Tenable Research has discovered a Privilege Escalation vulnerability in Check Point’s Gaia OS, versions R77.20, R77.30 and R80.10, deployed on Check Point’s Security Gateway, Security Management and Scalable Platforms Appliances. The vulnerability can be used by a malicious user to execute arbitrary bash shell commands. What’s the attack vector? Exploitation requires an authenticated user session. Arbitrary bash shell commands can be executed with the proper formatting despite a restricted shell. What’s the business impact? The business impact is considered Low. Exploitation requires a malicious insider, or the theft or phishing of credentials. Arbitrary commands require careful crafting to execute successfully. What’s the solution? Check Point has released a software update and advisory. Affected users should apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107072. |
|
Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities |
|
CVE ID: CVE-2018-0172, CVE-2018-0173, CVE-2018-0174 Nessus Plugin ID: - Tenable Research Advisory: TRA-2018-06 Risk Factor: Alta |
|
What do you need to know? Tenable Research has discovered denial-of-service vulnerabilities in the DHCP relay agent in Cisco’s IOS and IOS-XE operating systems. What's the attack vector? The attacks are performed by sending malicious DHCP requests to the relay agent on the router. What's the business impact? The business impact is medium. An attacker could use this attack to stop clients from obtaining IP addresses. What's the solution? Cisco has released software updates and an advisory for each vulnerability (see below). Affected users should patch their systems as soon as possible. |
Artículos relacionados
Cybersecurity Snapshot: CISA Tells Tech Vendors To Squash Command Injection Bugs, as OpenSSF Calls on Developers To Boost Security Skills
July 12, 2024Check out CISA’s call for weeding out preventable OS command injection vulnerabilities. Plus, the Linux Foundation and OpenSSF spotlight the lack of cybersecurity expertise among SW developers. Meanwhile, GenAI deployments have tech leaders worried about data privacy and data security. And get the latest on FedRAMP, APT40 and AI-powered misinformation!
How Risk-based Vulnerability Management Boosts Your Modern IT Environment's Security Posture
July 11, 2024Vulnerability assessments and vulnerability management sound similar – but they’re not. As a new Enterprise Strategy Group white paper explains, it’s key to understand their differences and to shift from ad-hoc vulnerability assessments to continuous, risk-based vulnerability management (RBVM). Read on to check out highlights from this Tenable-commissioned study and learn how RBVM helps organizations attain a solid security and risk posture in hybrid, complex and multi-cloud environments.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
July 9, 2024Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
- Plugins