Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing the outside attack surface. Netizen’s Security Operations Center (SOC) has compiled five vulnerabilities from January that should be immediately patched or addressed if present in your environment. Detailed writeups below:
A Buffer Overflow vulnerability in NetScaler ADC and NetScaler Gateway could lead to Unauthenticated Denial of Service. This vulnerability has diverging NIST CVSSv3 base score ratings, with NIST rating it as 7.5/10 and Citrix Systems, Inc. rating it as 8.2/10, both considered HIGH. It affects NetScaler Application Delivery Controller versions from 12.1 up to 12.1-55.302, 13.0 up to 13.0-92.21, 13.1 up to 13.1-51.15, and 14.1 up to 14.1-12.35, as well as NetScaler Gateway versions from 13.0 up to 13.0-92.21, 13.1 up to 13.1-51.15, and 14.1 up to 14.1-12.35. The vulnerability arises due to improper restriction of operations within the bounds of a memory buffer, leading to potential exploitation without user interaction (UI:N). The attack complexity is low (AC:L), and no privileges are required for exploitation (PR:N). This CVE is listed in CISA’s Known Exploited Vulnerabilities Catalog, indicating a higher risk and urgency. Mitigation measures include applying vendor-recommended mitigations or discontinuing the use of the product if mitigations are unavailable. For more technical details or proof of concept, refer to Citrix’s security bulletin at https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549.
This vulnerability pertains to Improper Control of Generation of Code (‘Code Injection’) in NetScaler ADC and NetScaler Gateway, allowing an attacker with access to NSIP, CLIP, or SNIP with management interface to perform Authenticated (low privileged) remote code execution on the Management Interface. The severity scores for this vulnerability show significant variation, with NIST assigning a base score of 8.8/10 (HIGH) and Citrix Systems, Inc. rating it at 5.5/10 (MEDIUM). The discrepancy arises due to differences in the assessment of attack vector, impact on confidentiality, integrity, and availability. The vulnerability affects various versions of NetScaler Application Delivery Controller and NetScaler Gateway, specifically versions from 12.1 up to 12.1-55.302, 13.0 up to 13.0-92.21, 13.1 up to 13.1-51.15, and 14.1 up to 14.1-12.35. The technical aspect of the vulnerability involves code injection due to improper control in the generation of code, classified under CWE-94. The attack complexity is low (AC:L), requiring low-level privileges (PR:L), and does not need user interaction (UI:N). The impacts are considered high on confidentiality, integrity, and availability in the NIST assessment, indicating a significant threat if exploited. As this CVE is listed in CISA’s Known Exploited Vulnerabilities Catalog, it underscores the urgency and existing risk. The recommended mitigation is to apply vendor-specified mitigations or discontinue the use of the product if no mitigations are available, as per the advisory dated 01/17/2024 with an action due date of 01/24/2024. For more detailed information and mitigation instructions, refer to Citrix’s security bulletin at https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549.
This vulnerability involves Out-of-Bounds Memory Access in the V8 engine of Google Chrome. It affects versions of Google Chrome prior to 120.0.6099.224. A remote attacker could potentially exploit this vulnerability to cause heap corruption through a crafted HTML page. This issue has been classified with high severity by Chromium’s security team. The NIST CVSSv3 base score for this vulnerability is 8.8/10, indicating a HIGH severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, meaning the vulnerability can be exploited remotely (AV:N), with low attack complexity (AC:L), without requiring privileges (PR:N) but needing user interaction (UI:R). The scope is unchanged (S:U), and the impacts on confidentiality, integrity, and availability are high (C:H/I:H/A:H). The specific technical weakness is categorized under CWE-787 (Out-of-bounds Write), where the software writes data past the end, or before the beginning, of the intended buffer, leading to memory corruption. This CVE is listed in CISA’s Known Exploited Vulnerabilities Catalog, suggesting that it has been actively exploited and emphasizing the importance of timely mitigation. Google Chrome users are urged to update to version 120.0.6099.224 or later as soon as possible. Failure to apply the necessary updates may leave systems vulnerable to attacks. For detailed information and specific update instructions, users should refer to the Google Chrome Release Notes available at https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html and follow any additional guidelines provided by Google or relevant cybersecurity advisories.
This vulnerability is an out-of-bounds write issue found in the vCenter Server’s implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server could potentially exploit this vulnerability to execute remote code. This vulnerability is critical, with VMware assigning it a CVSS base score of 9.8/10, and NIST concurring with this assessment. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. It indicates that the vulnerability can be exploited remotely (AV:N), with low attack complexity (AC:L), without requiring any user privileges (PR:N) or user interaction (UI:N). The scope of the vulnerability is unchanged (S:U), and it has a high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). This vulnerability falls under CWE-787 (Out-of-bounds Write), where the software writes data past the end or before the beginning of the intended buffer. This could lead to memory corruption, possibly enabling remote code execution. The CVE is listed in CISA’s Known Exploited Vulnerabilities Catalog, which underscores the criticality and the known active exploitation of the vulnerability. The affected software versions are various configurations of VMware vCenter Server, including a wide range of versions from 4.0 up to the latest in the 8.0 series. The required action for mitigating this vulnerability, as per CISA’s directive, is to apply the recommended mitigations per VMware’s instructions or discontinue use of the product if mitigations are unavailable. The due date for these actions is set for 02/12/2024. For detailed guidance and mitigation steps, users and administrators are advised to consult VMware’s security advisory at https://www.vmware.com/security/advisories/VMSA-2023-0023.html. It is crucial to address this vulnerability promptly due to its high severity and the potential for active exploitation.
This critical vulnerability is found in the Java OpenWire protocol marshaller, affecting Apache ActiveMQ. The vulnerability allows remote attackers with network access to either a Java-based OpenWire broker or client to execute arbitrary shell commands. This is achieved by manipulating serialized class types in the OpenWire protocol, leading to the instantiation of any class on the classpath. As a result, it could lead to remote code execution. The severity of this vulnerability is underscored by the differing CVSS scores provided by NIST and the Apache Software Foundation (CNA). NIST rates it with a base score of 9.8/10 (CRITICAL), while Apache rates it even higher at 10.0/10 (CRITICAL). The discrepancy is due to different evaluations of the scope; NIST considers the scope unchanged (S:U), whereas Apache assesses it as changed (S:C). Both agree on the high impact on confidentiality, integrity, and availability (C:H/I:H/A:H), low attack complexity (AC:L), and no requirement for privileges or user interaction (PR:N/UI:N). The technical issue is classified under CWE-502 (Deserialization of Untrusted Data), where the software deserializes data that an attacker can modify, leading to an execution of malicious code. Affected Apache ActiveMQ versions are up to and including 5.15.16, 5.16.0 to 5.16.7, 5.17.0 to 5.17.6, and 5.18.0 to just before 5.18.3. The issue also affects the Apache ActiveMQ Legacy OpenWire Module. To mitigate this vulnerability, users are advised to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which contain fixes for this issue. Considering this CVE is in CISA’s Known Exploited Vulnerabilities Catalog, the urgency for addressing this vulnerability is high. The required action, as per CISA, is to apply mitigations as per vendor instructions or discontinue use of the product if mitigations are not available, with a due date set for 11/23/2023. For more information and detailed guidance, users and administrators should refer to the vendor advisory provided by Apache at https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt and follow any additional guidelines or advisories from relevant cybersecurity sources.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –