October 1, 2023

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

Description

Cisco has issued a warning regarding an ongoing attempt to exploit a security vulnerability present in its IOS Software and IOS XE Software. If successful, this exploit could enable a remote attacker who has already authenticated themselves to execute code on the targeted systems from a remote location. The company has reported a weakness that has the potential to grant an authenticated, remote attacker with administrative control over either a group member or a key server the ability to execute arbitrary code on a vulnerable device or even trigger a system crash. It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and it could be weaponized by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker.

Infected Technology

IOS and IOS XE Software

Source

https://thehackernews.com/2023/09/cisco-warns-of-vulnerability-in-ios-and.html

Recommendation

Check for security patches and updates provided by the vendor (in this case, Cisco) to address the vulnerability. Apply these patches as soon as they become available. This is often the most effective way to fix the issue.

CVE

CVE-2023-20109

Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Description

Google rolled out fixes to address a new actively exploited zero-day in the Chrome browser. The vulnerability has been described as a “Heap-Based Buffer Overflow” in VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). The exploitation of this buffer overflow flaw can result in program crashes or execution of arbitrary code with the loss of availability and data integrity. This vulnerability has been tracked as CVE-2023-5217 after the Google’s Threat Analysis Group discovered and reported on September. Futher details have not been disclosed other than to acknowledge that exploits for CVE-2023-5217 exists in the wild.

Infected Technology

Google Chrome and Chromium based browsers(Microsoft Edge, Brave, Opera and Vilvadi)

Source

https://thehackernews.com/2023/09/update-chrome-now-google-releases-patch.html

Recommendation

• To upgrade to Chrome version 117.0.5938.132 for Windows, macOS, and Linux
• Users of Chromium-based browsers are also advised to apply the fixes as and when they become available.

CVE ID

CVE-2023-5217

Critical Cisco WAN Manager Vulnerabilities Let Attacker Conduct DoS Attack

Description

Cisco, a prominent player in the world of networking and cybersecurity, has issued a critical security advisory concerning multiple vulnerabilities in their Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage. These vulnerabilities could potentially open doors for cyber attackers to access affected systems or cause a significant (DoS) situation.

CVE-2023-20252: Cisco Catalyst SD-WAN Manager Unauthorized Access Vulnerability A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.

CVE-2023-20253: Cisco Catalyst SD-WAN Manager Unauthorized Configuration Rollback Vulnerability A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with read-only privileges to bypass authorization and roll back controller configurations, which could then be deployed to the downstream routers.

CVE-2023-20034: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability A vulnerability in the access control implementation for Elasticsearch that is used in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to access the Elasticsearch database of an affected system with the privileges of the Elasticsearch user.

CVE-2023-20254: Cisco Catalyst SD-WAN Manager Authorization Bypass Vulnerability A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.

CVE-2023-20262: Cisco Catalyst SD-WAN Manager Denial of Service Vulnerability A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.

Infected Technology

Cisco Catalyst SD-WAN Manager

Source

https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/cisco-wan-manager-vulnerabilities/amp/

Recommendation

Cisco has released free software updates that addresses these vulnerabilities. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.

CVE ID

CVE-2023-20252, CVE-2023-20253, CVE-2023-20034, CVE-2023-20254, and CVE-2023-20262

ZYXEL Buffer Overflow vulnerability Let Attacker Launch DoS Attack

Description

Buffer Overflow vulnerability has been found in ZYXEL’s ZYXEL-PMG2005-T20B device, which might lead to a denial-of-service scenario. Because the user-supplied input on their HTTP request was not properly sanitized, this circumstance exists.By submitting a specially written script to the uid argument in the cgi-bin/login.asp, a threat actor can exploit this vulnerability and finally trigger the DoS scenario. The severity of this issue, which has been given the CVE code CVE-2023-43314, is being examined. When the number of admin in the uid exceeds the maximum threshold of 50, the ZYXEL-PMG2005-T20B product develops this vulnerability, which causes the application to crash when processed in the backend. A SESSIONID parameter is also included to the HTTP request’s COOKIE header in order to establish a functional session with the ZYXEL product. However, more investigation showed that, in accordance with the ZyXEL website, the ZYXEL-PMG2005-T20B product has achieved End-of-Life.

Infected Technology

ZYXEL

Source

https://gbhackers.com/zyxel-buffer-overflow-vulnerability/amp/

Recommendation

Employing “Trustifi” AI-Powered Email Security Solutions may protect your company from the most hazardous email threats of the present, including Email Tracking, Blocking, Modifying, Phishing, Account Takeover, Business Email Compromise, Malware & Ransomware.

CVE ID

CVE-2023-43314

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Description

A critical security vulnerability (CVE-2023-42793) in JetBrains TeamCity CI/CD software could be exploited by unauthenticated attackers to achieve remote code execution, potentially leading to source code theft, service secrets exposure, and supply chain compromise. The flaw has been patched in TeamCity version 2023.05.4, but it only affects on-premise versions. JetBrains recommends immediate upgrades and has released a security patch plugin for older versions. Additionally, two high-severity flaws in Atos Unify OpenScape products (CVE-2023-36618 and CVE-2023-36619) have been disclosed and patched, allowing attackers to execute commands and access configuration scripts. Sonar also highlighted critical XSS vulnerabilities in encrypted email solutions recently.

Infected Technology

JetBrains TeamCity

Source

https://thehackernews.com/2023/09/critical-jetbrains-teamcity-flaw-could.html

Recommendation

Upgrade TeamCity to versions 8.0