Feed aggregator

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sqlinj


Security Impact Rating: Medium
CVE: CVE-2019-12619
Categories: Security Alerts

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.

The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sql-inject


Security Impact Rating: Medium
CVE: CVE-2019-12628
Categories: Security Alerts

Cisco SD-WAN Solution Local Privilege Escalation Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc


Security Impact Rating: High
CVE: CVE-2020-3115
Categories: Security Alerts

Cisco SD-WAN vManage Command Injection Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject


Security Impact Rating: Medium
CVE: CVE-2019-12629
Categories: Security Alerts

Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss


Security Impact Rating: Medium
CVE: CVE-2020-3121
Categories: Security Alerts

Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface.

The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos


Security Impact Rating: High
CVE: CVE-2019-16029
Categories: Security Alerts

Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition.

The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes


Security Impact Rating: High
CVE: CVE-2019-16018
Categories: Security Alerts

Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities

Cisco Security Advisories - Wed, 2020-01-22 16:00

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition.

The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn


Security Impact Rating: High
CVE: CVE-2019-16019,CVE-2019-16020,CVE-2019-16021,CVE-2019-16022,CVE-2019-16023
Categories: Security Alerts

Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process.

The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos


Security Impact Rating: High
CVE: CVE-2019-16027
Categories: Security Alerts

Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition.

The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos


Security Impact Rating: Medium
CVE: CVE-2019-15989
Categories: Security Alerts

Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-hcm-f-csrf


Security Impact Rating: Medium
CVE: CVE-2020-3124
Categories: Security Alerts

Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Cisco Security Advisories - Wed, 2020-01-22 16:00

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device.

The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth


Security Impact Rating: Critical
CVE: CVE-2019-16028
Categories: Security Alerts

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

US-CERT - Mon, 2020-01-20 06:54
Original release date: January 20, 2020<br/><h3>Summary</h3><p>On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable versions of Citrix ADC, Gateway, and SD-WAN WANOP appliances through January 24, 2020. (See Mitigations for update schedule).<a href="https://support.citrix.com/article/CTX267027">[1]</a></p> <p>A remote, unauthenticated attacker could exploit CVE-2019-19781 to perform arbitrary code execution.<a href="https://support.citrix.com/article/CTX267027">[2]</a> This vulnerability has been detected in exploits in the wild.<a href="https://www.ncsc.gov.uk/news/citrix-alert">[3]</a></p> <p>The Cybersecurity and Infrastructure Agency (CISA) strongly recommends that all users and administrators upgrade their vulnerable appliances as soon as possible once the appropriate firmware update becomes available.</p> <h4>Timeline of Specific Events</h4> <ul> <li>December 17, 2019 – Citrix releases Security Bulletin CTX267027 with mitigations steps.</li> <li>January 8, 2020 – The CERT Coordination Center (CERT/CC) releases Vulnerability Note VU#619785: Citrix Application Delivery Controller and Citrix Gateway Web Server Vulnerability, <a href="https://www.kb.cert.org/vuls/id/619785/">[4]</a> and CISA releases a Current Activity entry.<a href="https://www.us-cert.gov/ncas/current-activity/2020/01/08/citrix-application-delivery-controller-and-citrix-gateway">[5]</a></li> <li>January 10, 2020 – The National Security Agency (NSA) releases a Cybersecurity Advisory on CVE-2019-19781.<a href="https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF">[6]</a></li> <li>January 11, 2020 – Citrix releases blog post on CVE-2019-19781 with timeline for fixes.<a href="https://www.citrix.com/blogs/2020/01/11/citrix-provides-update-on-citrix-adc-citrix-gateway-vulnerability/">[7]</a></li> <li>January 13, 2020 – CISA releases a Current Activity entry describing their utility that enables users and administrators to test whether their Citrix ADC and Citrix Gateway firmware is susceptible to the CVE-2019-19781 vulnerability.<a href="https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability">[8]</a>&nbsp;</li> <li>January 16, 2020 – Citrix announces that Citrix SD-WAN WANOP appliance is also vulnerable to CVE-2019-19781.</li> <li>January 19, 2020 – Citrix releases firmware updates for Citrix ADC and Citrix Gateway versions 11.1 and 12.0 and blog post on accelerated schedule for fixes.<a href="https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/">[9]</a></li> <li>January 24, 2020 – Citrix expects to release firmware updates for Citrix ADC and Citrix Gateway versions 10.5, 12.1, and 13.0 and Citrix SD-WAN WANOP release 10.2.6 and 11.0.3.</li> </ul> <h3>Technical Details</h3><h4>Impact</h4> <p>On December 17, 2019, Citrix reported vulnerability CVE-2019-19781. A remote, unauthenticated attacker could exploit this vulnerability to perform arbitrary code execution. This vulnerability has been detected in exploits in the wild.</p> <p>The vulnerability affects the following appliances:</p> <ul> <li>Citrix NetScaler ADC and NetScaler Gateway version 10.5 – all supported builds</li> <li>Citrix ADC and NetScaler Gateway version 11.1 – all supported builds before 11.1.63.15</li> <li>Citrix ADC and NetScaler Gateway version 12.0 – all supported builds before 12.0.63.13</li> <li>Citrix ADC and NetScaler Gateway version 12.1 – all supported builds</li> <li>Citrix ADC and Citrix Gateway version 13.0 – all supported builds</li> <li>Citrix SD-WAN WANOP firmware and appliance models 4000, 4100, 5000, and 5100 – all supported builds. (Citrix SD-WAN WANOP is vulnerable because it packages Citrix ADC as a load balancer).</li> </ul> <h4>Detection Measures</h4> <p>CISA has released a utility that enables users and administrators to detect whether their Citrix ADC and Citrix Gateway firmware is susceptible to CVE-2019-19781.<a href="https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability">[10] </a>CISA encourages administrators to visit CISA’s <a href="https://github.com/cisagov/check-cve-2019-19781">GitHub page</a> to download and run the tool.</p> <p>See the National Security Agency’s Cybersecurity Advisory on CVE-2020-19781 for other detection measures.<a href="https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF">[11]</a></p> <h3>Mitigations</h3><p>CISA strongly recommends users and administrators update Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP once the appropriate firmware updates become available.</p> <p>The fixed builds can be downloaded from Citrix Downloads pages for <a href="https://www.citrix.com/downloads/citrix-adc/">Citrix ADC</a> and <a href="https://www.citrix.com/downloads/citrix-gateway/">Citrix Gateway</a>.</p> <p>Until the appropriate update is accessible, users and administrators should apply Citrix’s interim mitigation steps for CVE-2019-19781.<a href="https://support.citrix.com/article/CTX267679">[12]</a> Verify the successful application of the above mitigations by using the tool in <a href="https://support.citrix.com/article/CTX269180">CTX269180 – CVE-2019-19781 – Verification ToolTest</a>.<strong> Note:</strong> these mitigation steps apply to Citrix ADC and SD-WAN WANOP deployments.<a href="https://support.citrix.com/article/CTX267027">[13]</a></p> <p>Refer to table 1 for Citrix’s planned fix schedule.<a href="https://support.citrix.com/article/CTX267027">[14]</a></p> <p><strong>Table 1. Fix schedule for Citrix appliances vulnerable to CVE-2019-19781</strong></p> <table border="1" cellpadding="1" cellspacing="1" class="general-table" style="width: 600px; height: 312px;"> <thead> <tr> <th scope="col"><strong>Vulnerable Appliance</strong></th> <th scope="col"><strong>Firmware Update</strong></th> <th scope="col"><strong>Release Date</strong></th> </tr> <tr> <td scope="col" style="text-align: left;">Citrix ADC and Citrix Gateway version 10.5</td> <td scope="col" style="text-align: left;">Refresh Build 10.5.70.x</td> <td scope="col" style="text-align: left;">January 24, 2020 (Expected)</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix ADC and Citrix Gateway version 11.1</td> <td scope="col" style="text-align: left;">Refresh Build 11.1.63.15</td> <td scope="col" style="text-align: left;">January 19, 2020</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix ADC and Citrix Gateway version 12.0</td> <td scope="col" style="text-align: left;">Refresh Build 12.0.63.13</td> <td scope="col" style="text-align: left;">January 19, 2020</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix ADC and Citrix Gateway version 12.1</td> <td scope="col" style="text-align: left;">Refresh Build 12.1.55.x</td> <td scope="col" style="text-align: left;">January 24, 2020 (Expected)</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix ADC and Citrix Gateway version 13.0</td> <td scope="col" style="text-align: left;">Refresh Build 13.0.47.x</td> <td scope="col" style="text-align: left;">January 24, 2020 (Expected)</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix SD-WAN WANOP Release 10.2.6</td> <td scope="col" style="text-align: left;">Citrix ADC Release 11.1.51.615</td> <td scope="col" style="text-align: left;">January 24, 2020 (Expected)</td> </tr> <tr> <td scope="col" style="text-align: left;">Citrix SD-WAN WANOP Release 11.0.3</td> <td scope="col" style="text-align: left;">Citrix ADC Release 11.1.51.615</td> <td scope="col" style="text-align: left;">January 24, 2020 (Expected)</td> </tr> </thead> </table> <p>&nbsp;</p> <p>Administrators should review NSA’s <a href="https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF">Citrix Advisory</a> for other mitigations, such as applying the following defense-in-depth strategy:</p> <p>“Consider deploying a VPN capability using standardized protocols, preferably ones listed on the National Information Assurance Partnership (NIAP) Product Compliant List (PCL), in front of publicly accessible Citrix ADC and Citrix Gateway appliances to require user authentication for the VPN before being able to reach these appliances. Use of a proprietary SSLVPN/TLSVPN is discouraged.”</p> <h3>References</h3> <ul> <li><a href="https://support.citrix.com/article/CTX267027">[1] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway </a></li> <li><a href="https://support.citrix.com/article/CTX267027">[2] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway </a></li> <li><a href="https://www.ncsc.gov.uk/news/citrix-alert">[3] United Kingdom National Cyber Secrity Centre (NCSC) Alert: Actors exploiting Citrix products vulnerability </a></li> <li><a href="https://www.kb.cert.org/vuls/id/619785/">[4] CERT/CC Vulnerability Note VU#619785 </a></li> <li><a href="https://www.us-cert.gov/ncas/current-activity/2020/01/08/citrix-application-delivery-controller-and-citrix-gateway">[5] CISA Current Activity: Citrix Application Delivery Controller and Citrix Gateway Vulnerability </a></li> <li><a href="https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF">[6] NSA Cybersecurity Advisory: Mitigate CVE-2019-19781: Critical Vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway </a></li> <li><a href="https://www.citrix.com/blogs/2020/01/11/citrix-provides-update-on-citrix-adc-citrix-gateway-vulnerability/">[7] Citrix blog: Citrix provides update on Citrix ADC, Citrix Gateway vulnerability </a></li> <li><a href="https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability">[8] CISA Current Activity: CISA Releases Test for Citrix ADC and Gateway Vulnerability GitHub: CISAgov – check-cve-2019-19781 </a></li> <li><a href="https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/">[9] Citrix Blog: Vulnerability Update: First permanent fixes available, timeline accelerated </a></li> <li><a href="https://www.us-cert.gov/ncas/current-activity/2020/01/13/cisa-releases-test-citrix-adc-and-gateway-vulnerability">[10] CISA Current Activity: CISA Releases Test for Citrix ADC and Gateway Vulnerability GitHub: CISAgov – check-cve-2019-19781 </a></li> <li><a href="https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF">[11] NSA Cybersecurity Advisory: Mitigate CVE-2019-19781: Critical Vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway </a></li> <li><a href="https://support.citrix.com/article/CTX267679">[12] Citrix Security Bulletin CTX267679, Mitigation Steps for CVE-2019-19781 </a></li> <li><a href="https://support.citrix.com/article/CTX267027">[13] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway </a></li> <li><a href="https://support.citrix.com/article/CTX267027">[14] Citrix Security Bulletin CTX267027, Vulnerability in Citrix Application Delivery Controller and Citrix Gateway </a></li> </ul> <h3>Revisions</h3> <ul> <li>January 20, 2020: Initial Version</li> </ul> <hr /> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
Categories: Security Alerts

Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability

Cisco Security Advisories - Thu, 2020-01-16 15:25

A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device.

The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi


Security Impact Rating: High
CVE: CVE-2019-1889
Categories: Security Alerts

AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

US-CERT - Tue, 2020-01-14 09:46
Original release date: January 14, 2020
Summary

New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections:

  • CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects all machines running 32- or 64-bit Windows 10 operating systems, including Windows Server versions 2016 and 2019. This vulnerability allows Elliptic Curve Cryptography (ECC) certificate validation to bypass the trust store, enabling unwanted or malicious software to masquerade as authentically signed by a trusted or trustworthy organization. This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.
  • Multiple Windows RDP vulnerabilities – CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611: These vulnerabilities affect Windows Server 2012 and newer. In addition, CVE-2020-0611 affects Windows 7 and newer. These vulnerabilities—in the Windows Remote Desktop client and RDP Gateway Server—allow for remote code execution, where arbitrary code could be run freely. The server vulnerabilities do not require authentication or user interaction and can be exploited by a specially crafted request. The client vulnerability can be exploited by convincing a user to connect to a malicious server.

The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of these vulnerabilities. However, because patches have been publicly released, the underlying vulnerabilities can be reverse-engineered to create exploits that target unpatched systems.

CISA strongly recommends organizations install these critical patches as soon as possible—prioritize patching by starting with mission critical systems, internet-facing systems, and networked servers. Organizations should then prioritize patching other affected information technology/operational technology (IT/OT) assets.

Technical DetailsCryptoAPI Spoofing Vulnerability – CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates ECC certificates.

According to Microsoft, “an attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.” Additionally, “a successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.”[1]

A cyber attacker could exploit CVE-2020-0601 to obtain sensitive information, such as financial information, or run malware on a targeted system; for example:

  • A maliciously crafted certificate could appear to be issued for a hostname that did not authorize it, preventing a browser that relies on Windows CryptoAPI from validating its authenticity and issuing warnings. If the certificate impersonates a user’s bank website, their financial information could be exposed.
  • Signed malware can bypass protections (e.g., antivirus) that only run applications with valid signatures. Malicious files, emails, and executables can appear legitimate to unpatched users.

The Microsoft Security Advisory for CVE-2020-0601 addresses this vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

Detection Measures

The National Security Agency (NSA) provides detection measures for CVE-2020-0601 in their Cybersecurity Advisory: Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers.[2]

Windows Remote Desktop Server Vulnerabilities – CVE-2020-0609/CVE-2020-0610

According to Microsoft, “A remote code execution vulnerability exists in the Windows Remote Desktop Protocol (RDP) Gateway Server when an unauthenticated attacker sends specially crafted requests to a targeted server.”[3],[4]

CVE-2020-0609/CVE-2020-0610:

  • Affects all supported Windows Server versions (Server 2012 and newer; support for Server 2008 ends January 14, 2020);
  • Occurs pre-authentication; and
  • Requires no user interaction to perform.

The Microsoft Security Advisories for CVE-2020-0609 and CVE-2020-0610 address these vulnerabilities.

Windows Remote Desktop Client vulnerability – CVE-2020-0611

According to Microsoft, “A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.”[5]

CVE-2020-0611 requires the user to connect to a malicious server via social engineering, DNS poisoning, a man-in the-middle attack, or by the attacker compromising a legitimate server.

The Microsoft Security Advisory for CVE-2020-0611 addresses this vulnerability.

IMPACT

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • Temporary or permanent loss of sensitive or proprietary information,
  • Disruption to regular operations,
  • Financial losses relating to restoring systems and files, and
  • Potential harm to an organization’s reputation.

 

Mitigations

CISA strongly recommends organizations read the Microsoft January 2020 Release Notes page for more information and apply critical patches as soon as possible—prioritize patching by starting with mission critical systems, internet-facing systems, and networked servers. Organizations should then prioritize patching other affected IT/OT assets.

General Guidance

  • Review Guide to Enterprise Patch Management Technologies, NIST Special Publication 800-40 Revision 3. Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. This publication is designed to assist organizations in understanding the basics of enterprise patch management technologies. It explains the importance of patch management and examines the challenges inherent in performing patch management. It provides an overview of enterprise patch management technologies, and also briefly discusses metrics for measuring the technologies’ effectiveness.
  • Review CISA Insights publications. Informed by U.S. cyber intelligence and real-world events, each CISA Insight provides background information on particular cyber threats and the vulnerabilities they exploit, as well as a ready-made set of mitigation activities that non-federal partners can implement. Printable materials can be found by visiting: https://www.cisa.gov/publication/cisa-insights-publications.
  • Review CISA’s Cyber Essentials. CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. Essentials are the starting point to cyber readiness. To download the guide, visit: https://www.cisa.gov/publication/cisa-cyber-essentials.
References Revisions
  • January 14, 2020: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: Security Alerts

Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

Cisco Security Advisories - Mon, 2020-01-13 16:15

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-pi-xss-12713


Security Impact Rating: Medium
CVE: CVE-2019-12713
Categories: Security Alerts

AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

US-CERT - Fri, 2020-01-10 03:45
Original release date: January 10, 2020
Summary

Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become compromised in an attack. [1]

Although Pulse Secure [2] disclosed the vulnerability and provided software patches for the various affected products in April 2019, the Cybersecurity and Infrastructure Security Agency (CISA) continues to observe wide exploitation of CVE-2019-11510. [3] [4] [5]

CISA expects to see continued attacks exploiting unpatched Pulse Secure VPN environments and strongly urges users and administrators to upgrade to the corresponding fixes. [6]

Timelines of Specific Events
  • April 24, 2019 – Pulse Secure releases initial advisory and software updates addressing multiple vulnerabilities.
  • May 28, 2019 – Large commercial vendors get reports of vulnerable VPN through HackerOne.
  • July 31, 2019 – Full RCE use of exploit demonstrated using the admin session hash to get complete shell.
  • August 8, 2019 – Meh Chang and Orange Tsai demonstrate the VPN issues across multiple vendors (Pulse Secure) with detailed attack on active VPN exploitation.
  • August 24, 2019 – Bad Packets identifies over 14,500 vulnerable VPN servers globally still unpatched and in need of an upgrade.
  • October 7, 2019 – The National Security Agency (NSA) produces a Cybersecurity Advisory on Pulse Secure and other VPN products being targeted actively by advanced persistent threat actors.
  • October 16, 2019 – The CERT Coordination Center (CERT/CC) releases Vulnerability Note VU#927237: Pulse Secure VPN contains multiple vulnerabilities.
  • January 2020 – Media reports cybercriminals now targeting unpatched Pulse Secure VPN servers to install REvil (Sodinokibi) ransomware.   
Technical DetailsImpact

A remote, unauthenticated attacker may be able to compromise a vulnerable VPN server. The attacker may be able to gain access to all active users and their plain-text credentials. It may also be possible for the attacker to execute arbitrary commands on each VPN client as it successfully connects to the VPN server.

Affected versions:

  • Pulse Connect Secure 9.0R1 - 9.0R3.3
  • Pulse Connect Secure 8.3R1 - 8.3R7
  • Pulse Connect Secure 8.2R1 - 8.2R12
  • Pulse Connect Secure 8.1R1 - 8.1R15
  • Pulse Policy Secure 9.0R1 - 9.0R3.1
  • Pulse Policy Secure 5.4R1 - 5.4R7
  • Pulse Policy Secure 5.3R1 - 5.3R12
  • Pulse Policy Secure 5.2R1 - 5.2R12
  • Pulse Policy Secure 5.1R1 - 5.1R15
Mitigations

This vulnerability has no viable workarounds except for applying the patches provided by the vendor and performing required system updates.

CISA strongly urges users and administrators to upgrade to the corresponding fixes. [7]

References Revisions
  • January 10, 2020: Initial Version

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: Security Alerts

Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability

Cisco Security Advisories - Wed, 2020-01-08 16:00

A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition.

The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack


Security Impact Rating: Medium
CVE: CVE-2019-16007
Categories: Security Alerts

Cisco Webex Video Mesh Node Command Injection Vulnerability

Cisco Security Advisories - Wed, 2020-01-08 16:00

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system.

The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video


Security Impact Rating: High
CVE: CVE-2019-16005
Categories: Security Alerts

Cisco Webex Centers Denial of Service Vulnerability

Cisco Security Advisories - Wed, 2020-01-08 16:00

A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition.

The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-centers-dos


Security Impact Rating: Medium
CVE: CVE-2020-3116
Categories: Security Alerts

Pages

Subscribe to Willing Minds aggregator