Fix now: High risk vulnerabilities at large, May 2020
Netgear
Following the last blog in April on high risk CVEs we are seeing more home router problems, with Netgear once again being the targets of hacker interest!
| CVE | Product | CVSSv3 | likelihood |
|---|---|---|---|
| CVE-2017-18774 | Certain Netgear devices | 7.1 | 38.46 |
| CVE-2017-18771 | Certain Netgear devices | 5.2 | 38.46 |
| CVE-2017-18760 | Certain Netgear devices | 5.6 | 38.46 |
| CVE-2017- 18753 | Certain Netgear devices | 8.2 | 24.34 |
The affected Netgear product list is fairly large, and so, for any of you concerned your staff may be running affected devices take a look at the Netgear KB articles and as with last week to ensure those working from home apply the latest firmware (if they haven’t already been covered through previous recommendations)
Saltstack
Now let’s focus on a couple of recent newsworthy vulnerabilities, the recent Saltstack Salt vulnerabilities that are making the rounds in the media.
| CVE | Product | CVSSv3 | likelihood |
|---|---|---|---|
| CVE-2020-11651 | Saltstack Salt (before 2019.2.4 and 3000 before 3000.2.) | TBD | 15.85 |
| CVE-2020-11652 | Saltstack Salt (before 2019.2.4 and 3000 before 3000.2.) | TBD | 5.15 |
At time of writing (6th May 2020) neither of these vulnerabilities had received a CVSS 3.1 score from NVD. There are several claims suggesting threat actors are currently scanning the internet for unpatched vulnerable systems, with lineageOS being one such targeted OS. As you can see from the likelihood scores, these are trending as likely to be exploited and we expect these values to increase quickly over the coming days as these claims are ratified in the hacking community. The message to readers is to patch affected systems now. Head over to here to grab the release notes and the patch.
Updated May 29, 2020: Six Cisco servers have since been compromised exploiting this security flaw https://www.scmagazine.com/home/security-news/six-cisco-servers-compromised-when-hackers-exploited-saltstack-salt-flaws/
Wordpress
| CVE | Product | CVSSv3 | likelihood |
|---|---|---|---|
| CVE-2020-11029 | Wordpress before 5.4.1 | 4.9 | 38.46 |
This is a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. Affecting most versions before 5.4.1 a minor update has been pushed to address a large list of older versions. It’s strongly recommended that you keep auto updates enabled on your word press sites to allow these minor updates to be installed to keep your websites protected.
Martin Jartelius, our CSO at Outpost24, commented in SC Media UK this week – “depending on your preferred risk you can opt to use this and be kept safe from most attacks that follow a security fix, but this choice comes with the potential impact of a possible downtime should parts of your site not be compatible with an update. For most organisations, using the automatic update feature is advised, and using something else than WordPress may be advisable for sites where the potential downtime is not acceptable. In this specific case, any organisation who applied automatic security fixes were patched well in advance of any wider exploitation.”
Mobile devices not immune
We often focus on PC or server infrastructure and ignore the fact that mobile devices can also be affected by vulnerabilities. (see our Internet of Evil Things report if you want to explore more). After more than a billion Android devices are found to be at risk of being hacked last month here’s another vulnerability for Apple devices.
| CVE | Product | CVSSv3 | likelihood |
|---|---|---|---|
| CVE-2020-3878 | IOS platforms | 7.8 | 38.46 |
Affecting several IOS platform this vulnerability can allow a maliciously crafted image to lead to arbitrary code execution. Patched in IOS 13.3.1. WatchOS6.1.2 Catalina 10.15.3 and tvOS 13.3.1. A reminder to ensure all your IOS devices are kept up to date with automatic updates where possible.
RSA Archer
For our customers (and readers of this blog) who are using RSA Archer GRC platform, no less than seven (7) new vulnerabilities have been announced recently affecting versions prior to 6.7 P3 (6.7.0.3). The platform consolidates risk data from organizations and leverages risk analytics to provide an integrated and comprehensive picture of risk, which many businesses are using right now to manage their organizatinal risk during the global health crisis.
| CVE | Product | CVSSv3 | likelihood |
|---|---|---|---|
| CVE-2020-5337 | RSA Archer prior to 6.7 P3 | 4.6 | 4.07 |
| CVE-2020-5336 | RSA Archer prior to 6.7 P3 | 4.6 | 10.73 |
| CVE-2020-5335 | RSA Archer prior to 6.7 P3 | 5.0 | 7.79 |
| CVE-2020-5333 | RSA Archer prior to 6.7 P3 | 4.3 | 10.85 |
| CVE-2020-5334 | RSA Archer prior to 6.7 P | 8.2 | 6.38 |
| CVE-2020-5331 | RSA Archer prior to 6.7 P3 | 8.8 | 10.91 |
| CVE-2020-5332 | RSA Archer prior to 6.7 P3 | 7.2 | 2.89 |
All of these vulnerabilities are trending above the average (1.0) and whilst no exploits exist currently, we suggest organizations using Archer to get ahead of any potential threats and patch as soon as possible.
Wrap up
As cyber security professionals are having extra pressures placed on them to help secure remote workforce, and threat actors continue to leverage the Covid-19 mayhem to send phishing attacks , focusing on vulnerabilities that will likely be exploited allows a more pragmatic, and aggressive risk strategy to keep you business safe. We hope these vulnerabilities, a small handful of interesting ones that caught our eye, help you to better understand how risk based vulnerability prioritization can play a significant part in more efficient use of those stretched resources when it comes to remediating vulnerabilities that will truly be a risk.
