Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from October that should be immediately patched or addressed if present in your environment. Detailed writeups below:
A Broken Access Control issue could lead to unauthorized administrative access and potential data exfiltration. This vulnerability has a NIST CVSSv3 base score rating not provided in the information and it affects Atlassian Confluence Data Center and Server versions 8.0.0 through 8.5.1. The vulnerability allows unauthenticated remote threat actors to create unauthorized Confluence administrator accounts, by triggering a vulnerability via a request on the unauthenticated /server-info.action endpoint, subsequently accessing the /setup/setupadministrator.action endpoint to create a new administrator user. Attacks utilizing this CVE require no user interaction as it can be exploited remotely. Exploit details and proof of concepts have been observed in open source publications as of October 10, 2023. The recommended mitigation is to immediately upgrade to fixed versions as per Atlassian’s upgrading instructions. If upgrading is not immediately feasible, restricting untrusted network access is advised until upgrades can be applied. For more technical details or proof of concept, refer to Atlassian’s security advisory for CVE-2023-22515 and the CISA advisory AA23-289A.
A Sensitive Information Disclosure issue, nicknamed Citrix Bleed, could lead to unauthorized access to sensitive data. This vulnerability has a NIST CVSSv3 base score rating of 9.4/10 and it affects Citrix NetScaler ADC and NetScaler Gateway versions: 14.1 before 14.1-8.50, 13.1 before 13.1-49.15, 13.0 before 13.0-92.19, 13.1-FIPS before 13.1-37.164, 12.1-FIPS before 12.1-55.300, and 12.1-NDcPP before 12.1-55.300. The vulnerability allows malicious actors to disclose sensitive information if the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Exploits of CVE-2023-4966 on unmitigated appliances have been observed. The recommended mitigation is to install the relevant updated versions of NetScaler ADC and NetScaler Gateway. For more information, refer to this Citrix Security Bulletin or the NVD.
A Buffer Overflow issue, nicknamed Looney Tunables, could lead to local privilege escalation. This vulnerability has a NIST CVSSv3 base score rating of 7.8/10 and it affects GNU C Library (glibc) version 2.34 and specific backported versions in RHEL-8.5 and onwards. The vulnerability arises from a buffer overflow in the GNU C Library’s dynamic loader ld.so while processing the
GLIBC_TUNABLES environment variable, which could allow a local attacker, by crafting malicious
GLIBC_TUNABLES environment variables when launching binaries with SUID permission, to execute code with elevated privileges. The attack complexity is Low and requires Low privileges but does not require user interaction. There have been mitigations provided such as a SystemTap script to prevent setuid programs from being invoked with
GLIBC_TUNABLES in the environment, requiring users to unset or clear the
GLIBC_TUNABLES envvar to invoke the setuid program. This mitigation will need to be re-applied upon system reboot. Once the glibc package is updated to a version containing the fix, the systemtap generated kernel module can be removed. For more technical details or proof of concept, refer to this link from the NVD.
A Critical Authentication Bypass issue could lead to remote code execution (RCE) by unauthenticated attackers. This vulnerability has a NIST CVSSv3 base score rating of 9.8/10 and it affects F5 BIG-IP, specifically the Traffic Management User Interface (TMUI). The vulnerability allows attackers to send arbitrary requests to bypass authentication and execute system commands with full administrative privileges. An attack utilizing CVE-2023-46747 does not require user interaction. No proof of concept has been released as of October 27, however, past vulnerabilities in BIG-IP have seen prompt exploitation and release of PoCs by researchers. The recommended mitigation is to apply patches provided by F5 for affected versions of BIG-IP as soon as possible. In case patching cannot be performed immediately, F5 has provided some mitigation guidance in article K000137353, though this comes with certain warnings regarding its applicability. For more technical details or proof of concept, refer to the NVD.
A Remote Code Execution (RCE) issue could lead to unauthorized access and execution of commands. This vulnerability has a NIST CVSSv3 base score rating of N/A as the score is not yet provided. It affects Mirth Connect versions prior to 4.4.1. The vulnerability allows attackers to execute arbitrary code on the system due to an incomplete patch for a previous vulnerability (CVE-2023-37679). The attack complexity has not been provided but does require no user interaction as it’s an unauthenticated vulnerability. There’s no publicly available technical details or exploits as of now. The recommended mitigation is to upgrade to Mirth Connect version 4.4.1. For more technical details, check out this link from the NVD.
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –