Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from July that should be immediately patched or addressed if present in your environment. Detailed writeups below:
Use-after-free condition could lead to a potentially exploitable crash. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and it affects Mozilla Firefox & Firefox ESR in versions prior to 115.0.2 as well as Mozilla Thunderbird in versions prior to 115.0.1. The vulnerability allows a use-after-free condition to occur which can potentially create a memory problem during the operation of a program causing an exploitable crash. The attack complexity is low but does require user interaction. There are no public technical details or exploits available.
On Warpgate, when logged in as a user with SSO enabled an attacker can authenticate as another user. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. Warpgate is an SSH, HTTPS, and MySQL bastion host (A server that manages access to an internal or private network from an external network) for Linux and it doesn’t need special client apps. This is an improper authentication vulnerability where the software does not sufficiently authenticate an identity that is provided by an attacker. If a user account does not have MFA enabled, the account can be compromised. The suggested mediation is to upgrade to a newer version. A proof of concept is located at this Github website: https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4
A command injection vulnerability in the configuration parser of the Zyxel ATP could allow an unauthenticated, LAN-based attacker to execute some OS commands. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and affects the GRE Configuration Handler of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2. The vulnerability allows an attacker to execute OS command injections leading to a system compromise. There is a high impact on the CIA Triad.
A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v188.8.131.52. This vulnerability has a NIST CVSSv3 base score rating of 8.1/10. A manipulation of the Network Request Handler component can lead to a buffer overflow [the amount of data in the buffer exceeds the storage capacity of the buffer] exploit leading to unauthorized access to a system. The complexity of this attack is rated high, privileges are not required and there is no user interaction required. The technical details and public exploit are known and a proof of concept is available at Talos Intelligence: https://vuldb.com/?advisory_url.233143
Milesight UR32L v184.108.40.206 misconfiguration vulnerability in the urvpn_client functionality can lead to increased privileges. This vulnerability has a NIST CVSSv3 base score rating of 8.1/10. There is a vulnerability in the urvpn_client function which can lead to a certificate authority [a trusted entity that issues SSL certificates] vulnerability. A man-in-the-middle attack [an attacker is in between a victim and an application/website to listen in or impersonate to steal information such as credentials] can trigger the vulnerability which leads to privilege escalation. This vulnerability requires user interaction and there is a low impact to confidentiality and integrity.
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact