Skip to the main content.
Contact
Contact

3 min read

Control Gap Vulnerability Roundup: October 1st to October 7th

Control Gap Vulnerability Roundup: October 1st to October 7th

This week saw the publication of 237 new CVE IDs. Of those, 94 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 22% were of critical severity, 38% were high, 36% were medium, and 4% were low. Listed below are the vulnerabilities that caught our attention:

  • A zero-day reincarnation of 2021’s ProxyShell Microsoft Exchange vulnerabilities dubbed “ProxyNotShell” which could allow authenticated attackers to execute arbitrary code on effected Exchange products has been published. Initial mitigations were found to be ineffective, and Microsoft is urging administrators to take further remedial action.
  • An authentication bypass vulnerability affecting multiple Fortinet products was disclosed this week. Due to its ability to be exploited remotely, Fortinet is urging customers to act immediately.
  • Veritas NetBackup had multiple high impact vulnerabilities published this week prompting Veritas to release 4 separate security advisories.
  • ZKteco ZKBioSecurity, biometric security solutions had two vulnerabilities published this week, including an escalation of privilege vulnerability which allows authenticated users to create admin accounts.

The modern threat landscape represents an ever-changing vista of vulnerabilities, tools, tactics, and procedures which pose an existential threat to the security of organizations’ IT infrastructures. A key part of an evergreen security program is to maintain an up-to-date knowledge base of actionable threat intelligence that an organization can leverage to improve its security posture. Where dozens of novel threats and vulnerabilities become public each week, it can be challenging for IT professionals to keep pace. Control Gap intends to separate the signal from the noise by highlighting in this weekly segment newly disclosed vulnerabilities that have been assigned a CVE ID and which may be exceedingly novel, widespread, critical, or otherwise noteworthy.

The available threat intelligence at time of writing is documented below. Updates will be clearly marked.


Microsoft Exchange ProxyNotShell

CG_Critical_sm-1

Real-World Exploitability

High

Exploited in the Wild

Yes

Available Public Exploits 

Unknown

 

Two zero-day vulnerabilities affecting Microsoft Exchange products were disclosed this week. The two vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, are an evolution of the 2021 ProxyShell vulnerabilities which allowed for the execution of arbitrary code on affected Exchange Servers. The two new vulnerabilities dubbed “ProxyNotShell” allow an authenticated user with minimal privileges to compromise the affected Exchange Server. Microsoft has released multiple security advisories, patches and potential work arounds. The initial guidance from Microsoft was found to be ineffective at mitigating the vulnerabilities and has been updated in the latest Microsoft documentation. Microsoft is urging all administrators to take further remedial action.


Fortinet Multiple Products Authentication Bypass

CG_Critical_sm-1

Real-World Exploitability

High

Exploited in the Wild

Yes

Available Public Exploits 

No

 

An authentication bypass vulnerability affecting multiple Fortinet products has been disclosed by Fortinet, in private customer communications which were later leaked, the company is advising admins of all the following products to apply prescribed workarounds or upgrade to non-vulnerable versions:

  • FortiOS versions 7.0.0 to 7.0.6 and 7.2.0 to 7.2.1
  • FortiProxy versions 7.0.0 to 7.0.6 and 7.2.0
  • FortiSwitchManager versions 7.0.0 to 7.2.0

The vulnerability is being tracked with the following CVE ID, however, the CVE has not been officially published: CVE-2022-40684. Fortinet has released a PSIRT advisory on the vulnerability. As the vulnerability can be remotely exploited to interact with the affected devices in an admin context, Fortinet is recommended customers to take remedial actions immediately.


Veritas NetBackup Multiple vulnerabilities

CG_Critical_sm-1

 

Real-World Exploitability

High

Exploited in the Wild

Unknown

Available Public Exploits

No

 

Veritas NetBackup is a cloud-based backup solution which allows for “agentless backup, instant access, and reliable granular data recovery in the cloud that can scale with [a] virtual machine environment”. The product page claims that the solution has 100 exabytes of information currently under management. This week saw 10 unique vulnerabilities released for multiple versions of the product including XXE injection, arbitrary file deletion, denial of service, path traversal, and SQL injection. Veritas has released multiple security advisories available at the following links: VTS22-010, VTS22-011, VTS22-012, VTS22-013. The CVE IDs for all related vulnerabilities are as follow:



ZKteco ZKBioSecurity Multiple Vulnerabilities

CG_Critical_sm-1

 

Real-World Exploitability

High

Exploited in the Wild

Unknown

Available Public Exploits

Yes

 

ZKteco ZKBioSecurity is a biometric access control and security solutions company operating out of Shenzhen, China. The company’s website claims that the organizations products have multinational reach and operated in more than 100 countries. The two vulnerabilities tracked as CVE-2022-36634 and CVE-2022-36635 affect multiple versions of the ZKBioSecurity V5000 product. CVE-2022-36634 is an SQL injection vulnerability affecting version 4.1.3. CVE-2022-36635 is a privilege escalation vulnerability affecting version 3.0.5_r and allows an authenticated user with minimal privileges to create admin accounts. ZKteco has not released an official advisory pertaining to the vulnerabilities.

Control Gap Vulnerability Roundup: October 8th to October 14th

1 min read

Control Gap Vulnerability Roundup: October 8th to October 14th

This week saw the publication of 632 new CVE IDs. Of those, 134 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More
Control Gap Vulnerability Roundup: October 22nd to October 28th

1 min read

Control Gap Vulnerability Roundup: October 22nd to October 28th

This week saw the publication of 360 new CVE IDs. Of those, 74 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More
Control Gap Vulnerability Roundup: October 29th to November 4th

Control Gap Vulnerability Roundup: October 29th to November 4th

This week saw the publication of 517 new CVE IDs. Of those, 9 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More