Tenable Research: February and March Vulnerability Disclosure Roundup
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them.
This post provides an overview of all the vulnerabilities discovered by Tenable Research in February and March.
You can access all Tenable Research advisories here.
|
EMC VASA Virtual Appliance Default Credentials and Arbitrary File Upload |
|
CVE ID: CVE-2018-1216, CVE-2018-1215 Nessus Plugin ID: 106849 Tenable Research Advisory: TRA-2018-03 Risk Factor: Critique |
|
What do you need to know? Tenable Research has discovered two vulnerabilities in the EMC VASA Virtual Appliance SE web application. The first vulnerability is a default account. The default account does not have access to the web UI, but exploitation permits an attacker to obtain a valid session ID to execute further commands. The second vulnerability permits an authenticated attacker to upload an arbitrary file to any location on the web server. What’s the attack vector? Exploitation of the default credentials requires only unauthenticated network access. Even though the default credentials do not have privileges for the web UI, after authenticating, the attacker can extract a valid session ID from a local cookie and use it to execute remote commands. What’s the business impact? Combining both vulnerabilities can permit an attacker to gain full unauthorized access to the system. What’s the solution? EMC has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerabilities using Plugin ID 106849. |
|
Micro Focus Operations Orchestration Information Disclosure and Remote Denial-of-Service Vulnerabilities |
|
CVE ID: CVE-2018-6490 Nessus Plugin ID: 107094 Tenable Research Advisory: TRA-2018-05 Risk Factor: Élevée |
|
What do you need to know? Tenable Research has discovered information disclosure and denial-of-service vulnerabilities in Micro Focus Operations Orchestration version 10.X. These can be used to disclose sensitive runtime information and shut down the JMiniX JMX console used for administrative web-based access. You can read a full analysis here. What's the attack vector? Exploitation requires remote unauthenticated network access and is trivial to exploit. What's the business impact? Malicious attackers can gather sensitive runtime information for reconnaissance. Even worse, a malicious attacker can remotely shut down the JMiniX JMX console that provides access to the web user interface. Micro Focus Operations Orchestration is used by IT and DevOps operation teams to automate IT processes (e.g., incident and disaster recovery and hybrid cloud provisioning and configuration). What's the solution? Micro Focus has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107094. |
|
Check Point Gaia OS Privilege Escalation Vulnerability |
|
CVE ID: - Nessus Plugin ID:107072 Tenable Research Advisory: TRA-2018-04 Risk Factor: Moyenne |
|
What do you need to know? Tenable Research has discovered a Privilege Escalation vulnerability in Check Point’s Gaia OS, versions R77.20, R77.30 and R80.10, deployed on Check Point’s Security Gateway, Security Management and Scalable Platforms Appliances. The vulnerability can be used by a malicious user to execute arbitrary bash shell commands. What’s the attack vector? Exploitation requires an authenticated user session. Arbitrary bash shell commands can be executed with the proper formatting despite a restricted shell. What’s the business impact? The business impact is considered Low. Exploitation requires a malicious insider, or the theft or phishing of credentials. Arbitrary commands require careful crafting to execute successfully. What’s the solution? Check Point has released a software update and advisory. Affected users should apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107072. |
|
Cisco IOS and IOS XE Multiple Memory Corruption Vulnerabilities |
|
CVE ID: CVE-2018-0172, CVE-2018-0173, CVE-2018-0174 Nessus Plugin ID: - Tenable Research Advisory: TRA-2018-06 Risk Factor: Élevée |
|
What do you need to know? Tenable Research has discovered denial-of-service vulnerabilities in the DHCP relay agent in Cisco’s IOS and IOS-XE operating systems. What's the attack vector? The attacks are performed by sending malicious DHCP requests to the relay agent on the router. What's the business impact? The business impact is medium. An attacker could use this attack to stop clients from obtaining IP addresses. What's the solution? Cisco has released software updates and an advisory for each vulnerability (see below). Affected users should patch their systems as soon as possible. |
Articles connexes
Foreshadow: Speculative Execution Attack Targets Intel SGX
August 14, 2018A flaw in Intel’s Software Guard Extensions implementation allows an attacker to access data stored in memory of other applications running on the same host, without the need for privilege escalation....
Advisory: Red Hat DHCP Client Command Injection Trouble
May 17, 2018On May 15, Red Hat disclosed a critical vulnerability in a script included in NetworkManager for the Dynamic Host Configuration Protocol (DHCP) client on Red Hat Enterprise Linux (RHEL). The vulnerabi...
Advisory: Intel...Simply Misunderstood?
May 11, 2018To close numerous security gaps, Microsoft, Adobe, Apple, Red Hat, Xen, VMware and other vendors have released a number of patches in the first 10 days of May. We discussed some of these in our recent...
Cybersecurity Snapshot: Attackers Pounce on Unpatched Vulns, DBIR Says, as Critical Infrastructure Orgs Benefit from CISA’s Alert Program
May 3, 2024Verizon’s DBIR found that hackers are having a field day exploiting vulnerabilities to gain initial access. Plus, a CISA program is helping critical infrastructure organizations prevent ransomware attacks. In addition, check out what Tenable’s got planned for RSA Conference 2024. And get the latest on the Change Healthcare breach. And much more!
As Pro-Russia Hactivists Target OT Systems, Here’s What You Need To Know
May 2, 2024U.S. and international cybersecurity and law enforcement agencies this week issued a joint fact sheet to highlight and safeguard against the continued malicious cyber activity conducted by pro-Russia hacktivists against operational technology (OT) devices in North America and Europe. Read on to get all the details and learn what actions to take today.
Tenable Bolsters Its Cloud Security Arsenal with Malware Detection
May 1, 2024Tenable Cloud Security is enhancing its capabilities with malware detection. Combined with its cutting-edge, agentless vulnerability-scanning technology, including its ability to detect anomalous behavior, this new capability makes Tenable Cloud Security a much more complete and effective solution. Read on to find out how.
- Plugins