Fix now: High risk vulnerabilities at large, September 29th
Zerologon
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-1472 | Netlogin elevation of privilege | 10.00 | 38.46 | 2020-09-28 |
Let’s start with Zerologon. This vulnerability provides a means for an attacker to establish a vulnerable Netlogon secure channel connection to a domain controller and gain an elevation of privilege. With a number of in the wild exploits and confirmed use by threat actors, organizations should be patching this as a matter of urgency. Information on the vulnerability and remediation can be found here.
WordPress Cross Site Scripting Vulnerability
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2015-5714 | XSS vuln in WordPress before 4.3.1 | 6.1 | 38.46 | 2020-09-26 |
This old, but clearly not forgotten, vulnerability affecting WordPress versions before 4.3.1 exposed organizations to a XSS vulnerability, that allows threat actors to inject arbitrary web script (Or HTML) by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. This vulnerability had been holding steady at 10.91 likelihood until earlier this year when we saw a significant jump in both activity and risk.
This highlights that, despite its age, threat actors will continue to look at any unpatched vulnerabilities to use in exploitation of web applications and this one is no different - proven exploitation and in the wild attacks have been seen as recently at the 26th of September 2020, five years after it was first reported in 2015.
Patch information can be found here. We strongly recommend organizations running such old versions of WordPress to update to a more recent release such as the current one 5.5.1 which can be downloaded from this link. If you’re reading this and are not sure what versions of WordPress you are using, then reach out to Outpost24 and we would be delighted to run your web application through our Scout attack surface discovery tool to help pinpoint your application risk and identify the components you are running.
Brocade Fabric RestAPI vulnerability
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-15704 | Brocade Fabric RestAPI reflected input | TBD | 11.99 | 2020-09-25 |
For those organizations using Brocade Fabric versions 8.2.1 through versions before 8.2.2c, there are several reflected input vulnerabilities in the RestAPI. Currently trending as a 11.99 likelihood, with no current known exploits in the wild, we recommend customers reviewing and upgrading Brocade fabric infrastructure where possible. Details on the vulnerability and patch information can be found on the Brocade website here.
Wrap up
This last week has been dominated by the Zerologon vulnerability, with plenty of media attention being given to the vulnerability, the issues it can cause and of course remediation. When vulnerabilities are given ‘cool names’ and high media attention, we can be easily distracted into focusing on that and that vulnerability alone as we try to determine how we are affected and the impact to the organization.
As we have shown this week in our brief foray, threat actors don’t really care about vulnerability names, press coverage or its age. With a number of vulnerabilities from 2015 and 2016 making an interesting comeback in the threat actor community, it’s more important than ever to keep up your security hygiene.
And finally we closed out on a reminder that our infrastructure assets, routers, switches, firewalls – the very network fabric that keeps the company digitally connected, can also be vulnerable and become potential targets for threat actors.
We hope you’ve enjoyed this week’s entry. Let’s see what October brings us.
