Control Gap Vulnerability Roundup: December 31st to January 6th
This week saw the publication of 425 new CVE IDs. Of those, 240have not yet been assigned official CVSS scores, however, of the ones that were,...
3 min read
Zach Matthews : Mar 16, 2023 2:32:38 PM
This week saw the publication of 442 new CVE IDs. Of those, 258 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 14% were of critical severity, 39% were high, 47% were medium, and 0% were low. Listed below are the vulnerabilities that caught our attention:
The modern threat landscape represents an ever-changing vista of vulnerabilities, tools, tactics, and procedures which pose an existential threat to the security of organizations’ IT infrastructures. A key part of an evergreen security program is to maintain an up-to-date knowledge base of actionable threat intelligence that an organization can leverage to improve its security posture. Where dozens of novel threats and vulnerabilities become public each week, it can be challenging for IT professionals to keep pace. Control Gap intends to separate the signal from the noise by highlighting in this weekly segment newly disclosed vulnerabilities that have been assigned a CVE ID and which may be exceedingly novel, widespread, critical, or otherwise noteworthy.
The available threat intelligence at time of writing is documented below. Updates will be clearly marked.
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits No |
ArubaOS is a network management software made by Aruba Networks (a Hewlett Packard company) for their networking devices. This week a total of 21 vulnerabilities for the ArubaOS web management and command line interface were disclosed, ranging from authenticated cross-site scripting to authenticated arbitrary command injection. All of these vulnerabilities appear to have been disclosed by multiple security researchers through Aruba’s bug bounty program. These CVEs were publicly disclosed alongside Aruba’s product security advisory available here. These vulnerabilities highlight a recurring issue with product vendors hardening the perimeter of their products and not enforcing the same security standards on aspects which are assumed to be secure (such as authenticated functions). A full list of the vulnerabilities, along with Aruba’s workarounds / mitigations can be found in the product security advisory. A more succinct list provided by NIST can be found here.
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits Yes |
ClamAV is a Cisco open source highly customizable anti-virus engine that is commonly used by cyber security professionals to evaluate and detect proprietary or sensitive malware. This past week two vulnerabilities were disclosed which could allow for information disclosure or remote code execution on the affected system if the tool is used to analyze a crafted file of a specific filetype. Both vulnerabilities were identified by security researcher Simon Scannel and a patch has been released with multiple versions for the Cisco products which integrate ClamAV. Specific patched versions and mitigation information can be found on the Cisco security advisory pages, available here and here. The vulnerabilities are tracked as CVE-2023-20052 and CVE-2023-20032. The vulnerabilities are of particular concern as ClamAV often handles sensitive files or is operated by organizations involved in the cyber security industry. A compromise of a ClamAV system could potentially lead to the disclosure of confidential information or the compromise of a high value network.
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits No |
WAGO is a German electrical automation company that mainly produces hardware and programmable logic controllers (“PLCs”). A vulnerability affecting the web-based management portion of the firmware for PLCs was disclosed this week which would allow an unauthenticated attacker to write arbitrary data to the file system in the context of the root account. The vulnerability stems from the backend of the management interface not enforcing authentication, which means that an attacker with knowledge of how to interact with the backend of the interface could potentially take over the entire affected system. The vulnerability is being tracked as CVE-2022-45140. The vulnerability is patched with FW22 Patch 1 or FW24 and mitigations for those who cannot immediately update include deactivating the web-based management interface or restricting access to the affected device. More information can be found on the cert.vde.com site.
|
Real-World Exploitability High |
Exploited in the Wild No |
Available Public Exploits No |
Two vulnerabilities affecting Cisco’s web-based management interface of its IP phones have been disclosed which could allow for remote code execution on the affected devices. The vulnerabilities are tracked as CVE-2023-20078 and CVE-2023-20079, and affect multiple versions of Cisco phones including: 6800 series, 7800 series, 8800 series and other conferencing models. Specific details can be found in Cisco’s security advisory. These vulnerabilities can be particularly concerning as threat actors commonly seek out simple, network-based exploits after breaching the perimeter of a network. Compromising simple network devices, such as an IP phone, can result in persistent, covert access to a network and could potentially circumvent logging or detection solutions.
This week saw the publication of 425 new CVE IDs. Of those, 240have not yet been assigned official CVSS scores, however, of the ones that were,...
1 min read
This week saw the publication of 652 new CVE IDs. Of those, 240 have not yet been assigned official CVSS scores, however, of the ones that were,...
1 min read
This week saw the publication of 788 new CVE IDs. Of those, 526 have not yet been assigned official CVSS scores, however, of the ones that were,...