2021-078: Apache HTTP Server Critical VulnerabilityThursday, December 23, 2021 2:15:00 PM CET
On Monday 20 December 2021, The Apache Software Foundation has released Apache HTTP Server 2.4.52. This version fixes two vulnerabilities:
- CVE-2021-44790: critical severity, CVSS base score of 9.8.
- CVE-2021-44224: high severity, CVSS base score of 8.2.
While the vulnerabilities affect optional modules, the risk is substantial if these modules are used in specific configurations, as the attack does not require authentication and could potentially lead to remote code execution. At the time of this writing, no publicly available exploits are known to exist and the vulnerabilities are not under active attack yet.
2021-077: Windows Domain Takeover VulnerabilityTuesday, December 21, 2021 10:03:00 AM CET
During the November Patch Tuesday, Microsoft released a set of fixes for various vulnerabilities affecting several of its products. On December 20th, Microsoft released a Security Advisory about two of these vulnerabilities (CVE-2021-42287, and CVE-2021-42278) which, when combined, could lead to Windows domain takeover. Proofs-of-concept have been released publicly starting from December 11th.
2021-076: Fortinet Critical VulnerabilitySaturday, December 18, 2021 4:33:00 PM CET
On December 15th, Fortinet PSIRT updated its advisory related to CVE-2021-44228 and CVE-2021-45046 affecting Fortinet products. While these CVE affect the Java logging library "log4j", all products using this library are vulnerable to Unauthenticated Remote Code Execution.
2021-075: VMWare Critical VulnerabilitySaturday, December 18, 2021 4:20:00 PM CET
On December 17th, VMWare updated its security advisory related to CVE-2021-44228, and CVE-2021-45046 affecting many of its products. While these CVE affect the Java logging library log4j, all products using this library are vulnerable at least to Unauthenticated Remote Code Execution.
2021-074: CISCO Critical VulnerabilitySaturday, December 18, 2021 4:05:00 PM CET
On December 16th, CISCO updated its security advisory related to CVE-2021-44228 affecting many of its products. While this CVE affects the Java logging library log4j, all products using this library are vulnerable to at least Unauthenticated Remote Code Execution.
2021-073: Adobe ColdFusion Critical VulnerabilityFriday, December 17, 2021 4:07:00 PM CET
On December 16th, Adobe updated its security advisory related to CVE-2021-44228 affecting ColdFusion products. While this CVE affects the Java logging library log4j, all products using this library are vulnerable to Unauthenticated Remote Code Execution.
2021-072: ArcGIS Critical VulnerabilityThursday, December 16, 2021 8:20:00 PM CET
On December 16th, Esri updated its blog post related to CVE-2021-44228 affecting ArcGIS products, especially ArcGIS Enterprise and ArcGIS Server. While this CVE affects the Java logging library "log4j", all products using this library are vulnerable to Unauthenticated Remote Code Execution.
ArcGIS Enterprise components contain the vulnerable log4j library. However, Esri specifies in its blog post that there is no known exploit available for any version of a base ArcGIS Enterprise deployment or stand-alone ArcGIS Server at this time. Still, ESRI released a Log4Shell mitigation scripts that fully address CVE-2021-44228.
2021-071: UPDATE: Palo Alto Critical VulnerabilityThursday, December 16, 2021 4:43:00 PM CET
On December 16th, Palo Alto updated its advisory related to CVE-2021-44228 affecting PAN-OS for Panorama. While this CVE affects the Java logging library "log4j", all products using this library are vulnerable at least to Unauthenticated Remote Code Execution.
On December 17th, Palo Alto included in its advisory the Exact Data Matching CLI to the list of the affected products.
On December 21st, Palo Alto released fixes for various versions of its products.
2021-070: MobileIron Critical VulnerabilityThursday, December 16, 2021 11:12:00 AM CET
On December 15th, Ivanti updated its advisory related to "CVE-2021-44228" vulnerability affecting MobileIron products. While this CVE affects the Java logging library "log4j", all products using this library are vulnerable to Unauthenticated Remote Code Execution.
2021-069: Windows AppX Installer Spoofing VulnerabilityWednesday, December 15, 2021 2:54:00 PM CET
On December 14th, Microsoft released an advisory to address a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890. It can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction. Attacks attempting to exploit this vulnerability has been already observed in the wild.
2021-068: Fortinet Fortiweb VulnerabilityMonday, December 13, 2021 11:57:00 AM CET
On December 7th, Fortinet PSIRT released an advisory to address a heap-based buffer overflow vulnerability in FortiWeb. This vulnerability (CVE-2021-43071) allows an attacker to execute arbitrary code and commands on the affected product.
2021-067: UPDATE: Java Logging Package RCE VulnerabilityFriday, December 10, 2021 12:35:00 PM CET
On December 9th, information about a critical unauthenticated RCE vulnerability (CVE-2021-44228) that is affecting the well-known Java logging package Log4j used by many popular applications and web services was tweeted along with a proof-of-concept (PoC) posted on GitHub. This vulnerability could allow the attacker a full control of the affected server, if a user-controlled string is logged. Since it is easy to be exploited, the impact of this vulnerability is quite severe. Reports from online users show that this is being actively exploited in the wild!
Furthermore, an additional vulnerability was subsequently found (CVE-2021-45046) impacting also certain non-default configurations of version 2.15.0 and below of Log4j library. On December 17th, the severity rating of the CVE-2021-45046 vulnerability has changed from 3.7 to 9 out of 10. Initially described as a Denial-of-Service (DoS), the vulnerability impact assessment has changed and could lead to Remote Code Execution under certain conditions.
A third vulnerability (CVE-2021-45105) has been found on December 17th impacting also certain non-default configurations of version 2.16 and below of the Log4j library. This vulnerability, with a severity score of 7.5 out of 10, could lead to additional DoS conditions.
Another vulnerability (CVE-2021-4104), with a severity score 8.1 out of 10, has been discovered on December 14th affecting a non-default configuration of the version 1.2 of the Log4j library. This vulnerability could lead to remote code execution.
On December 16th, security researchers documented also a new attack vector, using WebSockets, that expends the attack surface for these vulnerabilities. Anyone running a vulnerable version of Log4j library on its machine or in the local network could browse a website and potentially trigger the vulnerability. This includes services running Log4j and listening only on "localhost" port.
On December 28th, new fixes have been released to address the vulnerability "CVE-2021-44832" with a severity score 6.6 out of 10. This vulnerability could allow an attacker, with control over the configuration file, to achieve remote code execution on the server.
Finally, recently, on January 18th 2022, Apache released information about vulnerabilities affecting "log4j" library version 1. Since Log4j 1 is no longer maintained none of the issues will be fixed.
2021-066: SonicWall Critical VulnerabilitiesFriday, December 10, 2021 11:28:00 AM CET
On December 7th, SonicWall released security patches to address several security vulnerabilities. This list includes a critical unauthenticated stack-based buffer overflow vulnerability (CVE-2021-20038) with a CVSS score of 9.8 out of 10. If exploited, it could allow a remote unauthenticated attacker to execute code as a "nobody" user in the appliance.
There is another group of vulnerabilities, collectively tracked as CVE-2021-20045, which has a combined critical CVSS score of 9.4 out of 10. They could allow a remote unauthenticated attacker to cause heap-based and stack-based buffer overflow that would result in code execution as the "nobody" user.
According to SonicWall, there is no evidence that this vulnerability is being exploited in the wild.
2021-065: Vulnerabilities in VMware ProductsThursday, November 25, 2021 9:55:00 AM CET
On November 23, VMWare has released the VMSA-2021-0027 advisory that addresses two vulnerabilities in vCenter Server and Cloud Foundation. An attacker could exploit these vulnerabilities to read sensitive files ("CVE-2021-21980" - unauthorised arbitrary file read vulnerability) or to induce the server to make connections to arbitrary destinations ("CVE-2021-22049" - SSRF vulnerability).
2021-064: Critical Vulnerability in Palo Alto Security AppliancesThursday, November 11, 2021 10:58:00 PM CET
On November 10, Palo Alto issued an advisory about a critical vulnerability, named "CVE-2021-3064" and scored 9.8 out of 10, affecting some versions of its security appliances running PAN-OS.
Palo Alto is not aware of any malicious exploitation of the vulnerability although working exploits exist.
2021-063: RCE Vulnerability in Microsoft Exchange ServerWednesday, November 10, 2021 3:03:00 PM CET
On November 9, Microsoft released Exchange Server Security Updates fixing several vulnerabilities, one of which identified as "CVE-2021-42321" has a CVSS3.1 score of 8.8 out of 10. This is a post-authentication vulnerability that could allow an attacker to execute remote code on Exchange 2016 and 2019.
This vulnerability affects on-premises Microsoft Exchange Server, including servers used in Exchange Hybrid mode. Exchange Online customers are already protected and do not need to take any action.
Microsoft is aware of limited targeted attacks by using this vulnerability. CERT-EU recommendation is to install these updates immediately.
2021-062: NPM Libraries HijackedFriday, November 5, 2021 2:12:00 PM CET
On November 4, malicious code was discovered in two popular NPM libraries after unexpected releases have been published for the "coa" library. Hours after these new releases, the "rc" library was also found hijacked. The first library is a parser for command-line options, while the second is used as a configuration loader for applications. Malicious releases were all published on November 4, versions "2.0.3", "2.0.4", "2.1.1", "2.1.3", "3.1.3" for the "coa" library, and versions "1.2.9", "1.3.9", "2.3.9" for the "rc" library.
2021-061: Critical Vulnerabilities in FortiWebFriday, November 5, 2021 11:33:00 AM CET
On November 2, 2021, a critical vulnerability was announced by Fortinet PSIRT. The vulnerability is tracked as CVE-2021-36186. Very little additional details are available about this vulnerability at this time.
2021-060: Critical Vulnerabilities in GitLabWednesday, November 3, 2021 5:23:00 PM CET
On April 14, 2021, GitLab published a security release to address CVE-2021-22205, a critical remote code execution vulnerability in the service’s web interface. In the meantime, it was proven that the vulnerability can be exploited unauthenticated. Moreover, recently it was announced that at least 50% of the 60,000 internet-facing GitLab installations are not patched against this critical RCE flaw.
2021-059: Multiple Vulnerabilities in Apple ProductsFriday, October 29, 2021 2:35:00 PM CEST
On October 25, Apple released multiple security updates fixing vulnerabilities on various Apple Operating Systems including macOS and iOS. These security updates address several vulnerabilities in Apple products, some of which could be exploited by an attacker to elevate privileges, execute arbitrary code with kernel privileges, or gain control access on the vulnerable products.
2021-058: Multiple Severe Vulnerabilities in Cisco ProductsFriday, October 29, 2021 2:30:00 PM CEST
On October 27, Cisco released multiple security fixes about vulnerabilities affecting their products, including nine with a high CVSS score. These vulnerabilities affect the open source Snort3 project, Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD) and Firepower Management Center software (FMC).
2021-057: NPM library UA-Parser-JS hijackedTuesday, October 26, 2021 10:37:00 AM CEST
On October 22, CISA published an alert about malware discovered in the popular NPM library, "ua-parser-js". The hackers hijacked the library to infect Linux and Windows devices with cryptominers and password-stealing trojans in a supply-chain attack. This library is used to parse a browser's user agent to identify a visitor's browser, engine, OS, CPU, and Device type/model. Moreover, it has a lot of dependent libraries. The attackers hijacked the account of the developer on October 22, and published three malicious versions of the library, the "0.7.29", "0.8.0", and "1.0.0".
2021-056: Critical Vulnerability in Microsoft Exchange ServerWednesday, October 20, 2021 4:40:00 PM CEST
On October 12, Microsoft released in the monthly Patch Tuesday a new batch of patches fixing several vulnerabilities, one of which could lead to remote code execution on certain versions of Microsoft Exchange servers. The vulnerability, identified as "CVE-2021-26427", has a CVSS3 score of 9 out of 10 and could allow an attacker to execute remote code on on-premise exchange servers. According to Microsoft, the attack vector for this vulnerability is adjacent, which means that the attacker needs to be in the same local network as the server to be able to exploit it.
No active exploitation of this vulnerability is known yet.
2021-055: RCE in Mattermost DesktopMonday, October 11, 2021 6:53:00 PM CEST
On 11th of October 2021, a security researcher published on Twitter the upcoming release of information about the remote code execution vulnerability that is affecting the Mattermost Desktop earlier than 4.6.2. This is confirmed by the existing reference MMSA-2021-0057 that has been addressed on 23rd of June 2021 by Mattermost.
Since the release of these details may have as result an active exploitation of the vulnerability, CERT-EU recommends the update to the latest versions as soon as possible.
2021-054: UPDATE: Vulnerabilities in Apache HTTP ServerWednesday, October 6, 2021 10:08:00 AM CEST
On October 4, Apache released updates to address a couple of security vulnerabilities. One of the vulnerabilities, the "CVE-2021-41773", is actively exploited in the wild. The "CVE-2021-41773" allows a remote attacker to perform directory traversal attacks. Additionally, this flaw could be leveraged by attackers to execute arbitrary code.
On October 8, Apache released version 2.4.51 after discovering that the previous fix for the "CVE-2021-41773" was incomplete. This new flow is tracked as "CVE-2021-42013".
2021-053: Critical Vulnerabilities in Cisco SoftwareFriday, September 24, 2021 6:24:00 PM CEST
On Wednesday, September 22, 2021, Cisco Product Security Incident Response Team (PSIRT) has released 31 security advisories (3 Critical, 13 High, 15 Medium) to address multiple vulnerabilities in Cisco IOS XE software or products running with a specific configuration. At this time, the Cisco (PSIRT) is not aware of any public announcements or malicious use of the critical vulnerabilities CVE-2021-34770, CVE-2021-34727 and CVE-2021-1619.
2021-052: UPDATE: Critical Vulnerabilities in VMware ProductsWednesday, September 22, 2021 2:59:00 PM CEST
On Tuesday, September 21, 2021, VMware has released VMSA-2021-0020 advisory to address multiple vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent and critical is a file upload vulnerability CVE-2021-22005 that can be used to execute commands and software on the vCenter Server Appliance.
On Tuesday, September 24, 2021 VMware updated the advisory VMSA-2021-0020.1 and confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code.
2021-051: Critical Vulnerabilities in Azure OMI AgentsWednesday, September 15, 2021 1:59:00 PM CEST
On 14th of September 2021, Microsoft released information about four vulnerabilities that affects Open Management Infrastructure (OMI) agent.
One vulnerability - CVE-2021-38647 - is critical with CVSSv3 Score 9.8. If the HTTP/S port listening to OMI is exposed, it could allow remote code execution by sending a specially-crafted message from remote.
The other three vulnerabilities - CVE-2021-38645, CVE-2021-38648 and CVE-2021-38649 - are related to privilege escalation that enables attackers to gain the "root" privileges on a machine with OMI installed.
The OMI agent is automatically deployed by certain Azure services. These parent services should handle the upgrade of the agents, however this has to be double checked. CERT-EU recommends to perform the upgrade as soon as possible.
2021-050: Critical Vulnerability in Citrix ShareFileWednesday, September 15, 2021 10:22:00 AM CEST
On September 14, Citrix released a Security Bulletin to address a critical security issue identified in Citrix ShareFile storage zones controller. If the vulnerability identified as CVE-2021-22941 is exploited, it could allow an unauthenticated attacker to remotely compromise the storage zones controller.
Citrix recommends to upgrade the affected product as soon as possible.
2021-049: Multiple Zero-Day Vulnerabilities in Apple ProductsTuesday, September 14, 2021 10:59:00 AM CEST
On September 13, Apple has released multiple security updates to address two zero-day vulnerabilities tracked as CVE-2021-30858 and CVE-2021-30860 in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. One vulnerability is known to be used to install the Pegasus spyware on iPhones and Apple is aware of a report that this issue may have been actively exploited.
2021-048: Vulnerabilities in PaloAlto SoftwareSaturday, September 11, 2021 10:21:00 AM CEST
On September 8, Palo Alto published security advisories about three vulnerabilities rated as high, CVE-2020-10188, CVE-2021-3051 and CVE-2021-3052 affecting respectively PanOS telnet-based administrative management service, Cortex XSOAR and PAN-OS web interface.
2021-047: UPDATE: RCE Vulnerability in Microsoft MSHTMLWednesday, September 8, 2021 9:49:00 AM CEST
On 7th of September 2021, Microsoft released information about a vulnerability (CVE-2021-40444) in MSHTML that affects Microsoft Windows that could be exploited by sending specially-crafted Microsoft Office documents to potential victims. The severity of this vulnerability is high, with CVSSv3 Score 8.8.
However, the attack is prevented by Protected View mode or Application Guard for Office 365, if Microsoft Office runs with the default configuration. The attacker would then have to mislead the user to open the malicious document and enable the active content.
Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
On the 14th of September, Microsoft has released security updates to address this vulnerability.
2021-046: Critical Vulnerability in ConfluenceWednesday, September 1, 2021 4:27:00 PM CEST
On 25th of August 2021, Atlassian released a Confluence Security Advisory regarding Confluence Server Webwork OGNL injection. Atlassian rates the severity level of this vulnerability as critical. There is no CVSS score provided yet.
2021-045: Microsoft - Cosmos DB VulnerabilityTuesday, August 31, 2021 1:57:00 PM CEST
On the 26th of August 2021, a cloud security company Wiz announced a vulnerability in Microsoft Azure managed database service - Cosmos DB. When exploited, it gives read/write access to Cosmos DB credentials, including primary key, which provide complete and unrestricted remote access to Microsoft Azure databases and accounts.
2021-044: Critical Vulnerabilities Affecting F5 DevicesFriday, August 27, 2021 10:36:00 AM CEST
On the 24th or August 2021, F5 released several security advisories affecting multiple versions of BIG-IP and BIG-IQ devices. Among them, there is one critical vulnerability - CVE-2021-23031 - that is affecting BIG-IP Advanced Web Application Firewall and BIG-IP Application Security Manager. It allows an authenticated user to perform a privilege escalation.
2021-043: Multiple Vulnerabilities in Cisco ProductsThursday, August 5, 2021 2:44:00 PM CEST
On August 4, Cisco released multiple security updates to address several security vulnerabilities. This list includes critical and high-severity vulnerabilities affecting Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers and high-severity vulnerabilities affecting:
- Cisco Small Business RV160 and RV260 Series VPN Routers.
- Cisco Network Services Orchestrator CLI Secure Shell Server.
- ConfD CLI Secure Shell Server.
The vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to execute arbitrary code, cause a denial of service (DoS) condition and execute arbitrary commands. Moreover, a vulnerability in Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
The vulnerability affecting both Cisco Network Services Orchestrator CLI Secure Shell Server and ConfD CLI Secure Shell Server could allow an authenticated, local attacker to execute arbitrary commands.
2021-042: Critical Vulnerability in Microsoft Hyper-VThursday, July 29, 2021 9:23:00 PM CEST
On May 11, Microsoft published a security update guide about a critical Hyper-V Remote Code Execution Vulnerability, tracked as "CVE-2021-28476" with a CVSS score of 9.9. The exploitation of this vulnerability can lead to denial of service conditions or remote code execution. A proof of concept for this vulnerability is now publicly available.
2021-041: Critical Vulnerability in Jira ProductsFriday, July 23, 2021 12:22:00 PM CEST
A critical vulnerability (CVE-2020-36239) in many versions of Jira Data Center and Jira Service Management Data Center products can lead to arbitrary code execution.
2021-040: Privilege Escalation Vulnerability in Linux KernelThursday, July 22, 2021 10:49:00 PM CEST
A vulnerability (CVE-2021-33909) in the Linux kernel filesystem layer may allow local, unprivileged user to gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. The vulnerability is dubbed Sequoia.
2021-039: Cisco Intersight Virtual Appliance Forwarding VulnerabilitiesThursday, July 22, 2021 7:56:00 PM CEST
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.
2021-038: UPDATE: Windows Elevation of Privilege VulnerabilityThursday, July 22, 2021 7:50:00 PM CEST
An elevation of privilege vulnerability exists in Windows because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could do privilege escalation and run arbitrary code with SYSTEM privileges.
2021-037: Critical Vulnerabilities in Oracle WebLogic ServerThursday, July 22, 2021 4:24:00 PM CEST
Within the Critical Patch Update for July 2021 addressing hundreds of vulnerabilities across multiple products, Oracle released information about critical vulnerabilities affecting WebLogic Server.
2021-036: High Severity Vulnerability in FortiManager and FortiAnalyzerThursday, July 22, 2021 4:14:00 PM CEST
On 19th of July 2021, Fortinet released information about a vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer that could be exploited remotely by non-authenticated attackers to execute unauthorized / malicious code as "root". The severity of this vulnerability is high, with CVSSv3 Score 7.5.
2021-035: Multiple Palo Alto VulnerabilitiesThursday, July 15, 2021 3:01:00 PM CEST
On July 14, Palo Alto published security advisories about two vulnerabilities rated as high, CVE-2021-3042 and CVE-2021-3044, affecting respectively Cortex XDR Agent and Prisma Cloud.
2021-034: Vulnerabilities in Cisco ProductsFriday, July 9, 2021 7:29:00 AM CEST
On July 7, Cisco released security updates to address several security vulnerabilities. This list includes vulnerabilities rated High affecting Cisco Business Process Automation (BPA) with a CVSS score of 8.8 out of 10 and a vulnerability rated Medium affecting Cisco Adaptive Security Device Manager (ASDM) with a CVSS score of 7.5 out of 10.
Vulnerabilities in Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. The vulnerability affecting Cisco Adaptive Security Device Manager (ASDM) could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system.
2021-033: UPDATE: Vulnerabilities in Microsoft Print SpoolerWednesday, June 30, 2021 5:19:00 PM CEST
On the 8th of June 2021, Microsoft - as part of the Patch Tuesday release - has issued updates that addressed multiple vulnerabilities including the Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-1675 with CVSS score 7.8. This vulnerability was initially rated as a low-importance elevation-of-privilege vulnerability, but on the 21st of June Microsoft reviewed the issue and labeled it as a remote code execution flaw. Proof-of-concept exploit code for the CVE-2021-1675 flaw has been published online, the flaw impacts the Windows Print Spooler service and could be exploited to compromise Windows systems ( the Github page is not available anymore). On the 30th of June 2021, further analysis proved that the exploit - nicknamed PrintNightmare - still works on a fully patched domain controller or systems that have the Point and Print configured with the "NoWarningNoElevationOnInstall" option configured.
On the 2nd of July 2021, Microsoft announced a second vulnerability - CVE-2021-34527 - related to PrintNightmare remote code execution. This vulnerability is similar, but distinct from the vulnerability that is assigned CVE-2021-1675. On the 6th of July 2021, Microsoft released an update for several versions of Windows to address this new vulnerability. Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. On the 7th of July 2021, Microsoft released the updates for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 versions.
On the 14th of July 2021, Microsoft announced a third vulnerability: CVE-2021-34481 with a CVSS base score of 7.8. The researcher who discovered this flaw does not consider it to be a variant of PrintNightmare. Nevertheless it is also related to Microsoft Print Spooler.
Despite the updates provided by Microsoft in July, various security researchers still found possibilities to exploit the Point and Print feature to install malicious print drivers that allowed low-privileged users to gain SYSTEM privileges in Windows.
On the 10th of August, Microsoft released new updates that fix CVE-2021-34481. These updates, and later ones, will require, by default, administrative privilege to install drivers.
On the 11th of August, Microsoft updated the CVSS score of the CVE-2021-34481 from 7.8 to 8.8. Microsoft discovered a remote path to exploit this vulnerability that was, at first, local. On the same day, Microsoft issued an advisory about this a vulnerability named CVE-2021-36958.
As part of September 2021 Patch Tuesday, Microsoft has released a new security update that fixes CVE-2021-36958. However, networking printing problems were reported from the community after deploying the patches.
2021-031: Critical Vulnerability in DELL BIOSConnectTuesday, June 29, 2021 9:27:00 AM CEST
On 24th of June 2021, Dell released a client platform security update for multiple vulnerabilities in the BIOSConnect and HTTPS Boot features as part of the Dell Client BIOS. The chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate "dell.com" and gain arbitrary code execution at the BIOS/UEFI level of the affected device. This would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls.
2021-030: Critical Vulnerability in Vmware ProductThursday, June 24, 2021 2:00:00 PM CEST
On 22nd of June 2021, VmWare released an advisory to address an authentication bypass vulnerability in VMware Carbon Black App Control (AppC). Severity of this vulnerability is critical with a CVSSv3.1 Base Score: 9.4.
2021-029: Critical Vulnerability in PaloAlto CortexThursday, June 24, 2021 10:38:00 AM CEST
On the 22nd of June 2021, PaloAlto released Security Advisory to address a vulnerability in Palo Alto Networks Cortex XSOAR. Severity is critical with a CVSSv3.1 Base Score: 9.8.
2021-028: High Vulnerabilities in Cisco ProductsThursday, June 17, 2021 5:05:00 PM CEST
On 16th of June 2021, Cisco released security updates to address several security flaws. The list includes two significant vulnerabilities. The first one is affecting Cisco Email Security Appliance and Cisco Web Security Appliance and it could allow man-in-the-middle (MitM) attack. The second one is affecting Cisco AnyConnect Secure Mobility Client for Windows and it allows a local user to escalate privileges on the system.
2021-027: Multiple Vulnerabilities in CitrixThursday, June 10, 2021 8:28:00 PM CEST
On the 8th of June, Citrix released a Security Update about CVE-2020-8299 (medium severity) and CVE-2020-8300 (high severity) vulnerabilities. The medium severity vulnerability is a network-based denial-of-service. The high severity vulnerability is a SAML authentication hijacking caused by an improper access control.
2021-026: SAP - Critical VulnerabilitiesWednesday, June 9, 2021 2:56:00 PM CEST
On 8th of June 2021, SAP released 17 Security Notes. There were two updates to previously released Patch Day Security Notes.
Among the vulnerabilities there are two rated critical, with a CVSS above 9:
- CVE-2021-27602 - Remote Code Execution vulnerability in Source Rules of SAP Commerce
- CVE-2021-27610 - Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform
2021-025: UPDATE: Critical Vulnerability in VMWare vCenter ServerWednesday, May 26, 2021 11:26:00 AM CEST
On the 25th of May 2021, VMware has revealed two vulnerabilities in vSphere Client (HTML5) with the updates to address these vulnerabilities. One of the vulnerabilities (CVE-2021-21985) has a critical CVSSv3 score. It may allow an attacker to execute command with unrestricted privileges on the operating system that hosts vCenter Server.
As of the beginning of June, 2021, a proof-of-concept of a RCE exploit targeting the critical vulnerability has been published. This indicates imminent exploitation of this vulnerability in the wild.
2021-024: Critical Vulnerabilities in Adobe Acrobat SoftwareWednesday, May 12, 2021 6:03:00 PM CEST
Adobe has released 12 updates addressing 44 vulnerabilities in Experience Manager, InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop, Media Encoder, After Effects, Medium, and Animate. The most critical of them - CVE-2021-28550 - may allow attackers to remotely execute code.
2021-023: Critical Vulnerabilities in Cisco ProductsThursday, May 6, 2021 11:29:00 AM CEST
On 5th of March 2021, Cisco released several security updates to address several security flaws. The list includes two critical vulnerabilities affecting Cisco SD-WAN vManage and HyperFlex HX software that could allow privilege escalation, command injection or unauthorised access to applications.
2021-022: Insufficient Access Control Vulnerability in the Dell DriverWednesday, May 5, 2021 12:30:00 PM CEST
On the 5th of May 2021, Dell has released a security advisory to address multiple vulnerabilities. Those could be exploited by attackers to access driver functions and execute malicious code with kernel-mode privileges.
2021-021: UPDATE: Critical Vulnerability in Pulse Connect SecureWednesday, April 21, 2021 5:13:00 PM CEST
On April 20, 2021, Ivanti has announced that a vulnerability (CVE-2021-22893) was discovered in their Pulse Connect Secure (PCS) product. While initially a patch was not available, the vendor released information on how to mitigate the vulnerability. Furthermore, on 3 May 2021, Ivanti has released PCS version 9.1R11.4, which fixes the initially identified vulnerability along with three others. Three of the identified vulnerabilities have a critical CVSS score, the first of which has been observed to be exploited in the wild. These vulnerabilities pose significant risks and have been widely reported on.
On May 14, 2021, Ivanti has released another security advisory addressing yet another vulnerability (CVE-2021-22908) also affecting the recently released version 9.1R11.4 which fixes the aforementioned ones. The newly discovered vulnerability is a buffer overflow with a CVSS score of 8.5. At the time the vendor provided mitigation measures to apply until the vulnerability is patched.
On June 11, 2021, PCS version 9.1R11.5 was released, which provides the security hardening required to patch this latest vulnerability.
On August 5, 2021, Ivanti has published another security advisory addressing multiple vulnerablities affecting Pulse Connect Secure versions prior to 9.1R12. This last release fixes all vulnerabilities and also includes enhanced features such as the incorporation of the Pulse Security Integrity Checker Tool directly into the product.
2021-020: SAP - Critical VulnerabilitiesThursday, April 15, 2021 10:33:00 AM CEST
On the 13th of April 2021, SAP released 14 Security Notes on the Security Patch Day. Security Note #3040210 addresses a critical vulnerability CVE-2021-27602 affecting the SAP Commerce. Another critical vulnerability CVE-2021-21481 in Security note #3022422 is affecting the MigrationService, which is part of SAP NetWeaver.
Security Note #2622660 refers to a vulnerability that impacts SAP Business Client, a user interface that acts as an entry point to various SAP business applications. The security risk resides not in the product itself, but in the browser control (Chromium) that comes with it. There are no details about the issue, except that it has been rated with a the maximum severity score, 10 out of 10.
2021-019: New Critical Vulnerabilities in Microsoft Exchange ServerWednesday, April 14, 2021 1:30:00 PM CEST
On the 13th of April 2021, Microsoft released a software update to mitigate critical vulnerabilities that affect on-premises Exchange Servers 2013, 2016, and 2019. An attacker could use these vulnerabilities to gain access and maintain persistence on the target host. These new vulnerabilities are different from the ones disclosed and fixed in March 2021, therefore the security updates released in March 2021 will not remediate against these vulnerabilities.
No active exploitation of these vulnerabilities is known yet, however, because of the increased impact of the vulnerabilities and the fact that the amount of potentially sensitive information that is stored in Exchange servers, it is highly recommended to apply the patches as soon as possible.
2021-018: Critical Vulnerabilities in Cisco SD WAN vManage SoftwareThursday, April 8, 2021 10:02:00 AM CEST
Cisco has published an advisory about several vulnerabilities affecting Cisco SD-WAN software. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.
2021-017: Straightforward Rules for Perfect Cyber SecurityThursday, April 1, 2021 9:06:00 AM CEST
Throughout several years, CERT-EU has been investigating thousands of cybersecurity incidents. These ranged from simple cases of phishing, through compromise of internet-facing IT assets, and up to highly sophisticated Advanced Persistent Threats (APTs). Based on this large volume of examples, CERT-EU has been able to perform a very careful and in-depth analysis of the underlying reasons that lead to these cyber-incidents.
Thanks to this groundbreaking, Human Intelligence powered research, CERT-EU managed to identify basic and straightforward rules that - once implemented - will allow anyone to achieve perfect cybersecurity in any organisation:
- Rule no. 1: Use only secure software.
- Rule no. 2: Install efficient filtering solutions.
- Rule no. 3: Allow users to perform safe actions only.
These rules are extremely simple to implement and do not require significant budget or resources. It is also trivial to ensure compliance requirements as well as save money on any other (completely unnecessary) security provisions.
2021-016: Critical Vulnerabilities in Cisco ProductsThursday, March 25, 2021 11:43:00 AM CET
On 24th of March 2021, Cisco released several security updates to address several security vulnerabilities. The list includes a critical one, affecting Cisco Jabber Desktop and Mobile Client Software: CVE-2021-1411 with a CVSS score of 9.9 out of 10.
Vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition.
2021-015: UPDATE: Critical Vulnerabilities Affecting F5 DevicesThursday, March 11, 2021 9:30:00 AM CET
On the 10th or March 2021, F5 released several security advisories, including four identified as critical.
One of the vulnerabilities allows an unauthenticated attacker with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services.
Another of the vulnerabilities may allow either a bypass of URL-based access control or remote code execution (RCE) if a request is incorrectly handled by Traffic Management Microkernel (TMM) URI normalisation.
A Proof-Of-Concept for the iControl vulnerability (CVE-2021-22986) has been released by a security researcher. The attacker needs access to the management interface to use the exploit.
2021-014: Vulnerabilities in Microsoft DNS ServerWednesday, March 10, 2021 10:39:00 PM CET
On the 9th or March 2021, Microsoft released several security advisories for Windows DNS Server. Five of those vulnerabilities would allow a remote attacker to execute code on the target if the DNS service is exposed. One of them is considered as critical by Microsoft (CVE-2021-26897).
No proof-of-concept or ongoing exploitation of these vulnerabilities are public yet. However, because of the potential impact of the vulnerabilities and the fact that to be vulnerable, a DNS server would need to have dynamic updates enabled, which is the default configuration, it is highly recommended to apply the patches as soon as possible.
Enabling Secure Zone Updates would protect from attacks on public-facing interfaces, but not from an attacker with a foothold on the network (domain-joined computer).
2021-013: UDATE: Zero-Day Vulnerabilities in Microsoft ExchangeWednesday, March 3, 2021 10:23:00 AM CET
Several Zero Day vulnerabilities affecting Microsoft Exchange servers were observed exploited in the wild. Vulnerabilities are critical, so it is extremely important to apply the patches as soon as possible.
It has been confirmed that the attacks have started before the patch was available and thousands of Exchange installation have been compromised. At this stage, simply patching is not sufficient. Proper investigation has to be performed to asses the potential compromise.
Microsoft has now released a mitigation tool that can help security teams.
2021-012: Critical Vulnerabilities in Cisco ProductsThursday, February 25, 2021 3:01:00 PM CET
On 24th of February 2021, Cisco released several security updates to address security vulnerabilities including three critical ones: an authentication bypass (CVE-2021-1388), an unauthenticated arbitrary file actions (CVE-2021-1361), and an unauthorised access (CVE-2021-1393).
2021-011: UPDATE: Critical Vulnerabilities in VMwareWednesday, February 24, 2021 9:46:00 AM CET
On 24th of February 2021, VMware has released a security advisory to address multiple vulnerabilities including a critical (CVSS Score 9.8) remote code execution (RCE) vulnerability in the vCenter Server management platform. The vulnerabilities may allow attackers to potentially take control of affected systems. Updates are available to remediate these vulnerabilities in affected VMware products.
On the same day, PT Swarm published an article covering more technical details and the proof-of-concept (PoC) for the RCE vulnerability. The availability of the PoC indicates that wide spread exploitation of this vulnerability may start very soon. Immediate patching is strongly advised!
2021-010: Severe Vulnerability in Cisco IOS XR SoftwareFriday, February 12, 2021 11:11:00 AM CET
Cisco has published an advisory about severe vulnerability affecting Cisco Cisco IOS XR Software. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Cisco is not aware of any malicious exploit in the wild.
2021-009: Critical Vulnerabilities in Cisco ProductsThursday, February 4, 2021 9:35:00 PM CET
Cisco has published an advisory about several vulnerabilities affecting various Cisco Products. These vulnerabilities could lead to remote code execution, privilege escalation, directory traversal, file overwrite or denial of service. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.
2021-008: Critical Vulnerabilities in SolarWinds Orion PlatformThursday, February 4, 2021 9:26:00 AM CET
Three critical vulnerabilities have been found in SolarWinds Orion platform. Two of them could be exploitable by a local attacker and a third one, the most severe of all, allows a remote, unprivileged actor to take control of the platform. These vulnerabilities are separate and not directly related to the earlier reported Sunburst attack.
2021-007: UPDATE: Sudo Heap-based Buffer OverflowTuesday, February 2, 2021 11:46:00 AM CET
On the 26th of January 2021, Sudo in coordination with Qualys released a security advisory regarding a vulnerability in Sudo allowing any local user on Unix-based system to execute code as root without authentication (privilege escalation).
The vulnerability is exploitable via "sudoedit -s" commands on most systems and several proof-of-concepts were published by security researchers.
The potential impact of this vulnerability is high, as an attacker with a low privilege access to any Unix-based system can easily elevate its privileges to completely own the system.
2021-006: UPDATE: SonicWall 0-day VulnerabilitiesTuesday, February 2, 2021 10:28:00 AM CET
On January 22nd, SonicWall has disclosed that it has been hacked in an attack that exploited zero-day vulnerabilities in several of its own VPN software products, SMA 100 series. On February 3rd, SonicWall has released a new firmware update that fixes the vulnerability.
2021-005: Use of Remote Desktop Protocol in DDoS AttacksTuesday, January 26, 2021 8:37:00 PM CET
DDoS attacks were observed recently, where Microsoft Remote Desktop Protocol (RDP) was abused in order to reflect and amplify the amount of bandwidth involved. This is not a vulnerability by itself, but an abuse of the RDP protocol design. Attacks using this technique were observed with sizes range from 20-750 Gbps.
2021-004: Critical Vulnerability in SAP Solution ManagerFriday, January 22, 2021 2:30:00 PM CET
On the 10th of March 2020, SAP released several patches for their products. One of them fixes a critical vulnerability in SAP Solution Manager - User-Experience Monitoring. This vulnerability could lead to remote code execution on every system connected to the Solution Manager. Last week, a proof-of-concept has been publicly released, thus increasing the compromise possibility. Applying the patch is highly recommended.
2021-003: Critical Vulnerabilities in Cisco SD WANThursday, January 21, 2021 12:32:00 PM CET
Cisco has published an advisory about several vulnerabilities affecting Cisco SD-WAN software. These vulnerabilities could lead to remote code execution, denial of service, or authtication bypass. While Cisco is not aware of any malicious exploit in the wild, it is highly recommended to patch the affected products.
2021-002: Critical Vulnerabilities in Multiple Oracle ProductsWednesday, January 20, 2021 3:04:00 PM CET
Oracle has published an advisory about hundreds of critical vulnerabilities are affecting several of its products. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching of the affected products is highly recommended.
2021-001: Microsoft Defender Remote Code Execution VulnerabilityWednesday, January 13, 2021 3:10:00 PM CET
On 12th of January 2021, Microsoft released several security advisories to address security vulnerabilities. One of the reported vulnerabilities - a remote code execution - affects Microsoft Defender and is actively exploited in the wild.