Critical Vulnerability Discovered in Pulse Connect Secure VPN

May 25, 2021

Ivanti, the provider of Pulse Secure VPN appliances, has issued a security advisory regarding a critical vulnerability that could enable an authenticated remote attacker to execute arbitrary code with elevated privileges. The issue, described as a “Buffer Overflow in Windows File Resource Profiles” in version 9.X, allows a remote user with permission to access SMB shares to potentially execute arbitrary code as the root user. Notably, as of version 9.1R3, this permission is disabled by default. The vulnerability, classified as CVE-2021-22908, has a CVSS score of 8.5 out of 10 and affects Pulse Connect Secure versions 9.0Rx and 9.1Rx. According to a report from the CERT Coordination Center, the vulnerability arises from the gateway’s capacity to connect to Windows file shares using various CGI endpoints that can be exploited in the attack.

High-Severity Vulnerability Identified in Pulse Connect Secure VPN

May 25, 2021

Ivanti, the organization responsible for Pulse Secure VPN appliances, has issued an urgent security advisory concerning a significant vulnerability that poses a risk to users. This flaw could potentially permit an authenticated remote attacker to execute arbitrary code with elevated privileges, which is particularly concerning for organizations reliant on secure remote access. The vulnerability, classified as CVE-2021-22908, has been assigned a CVSS score of 8.5, indicating that it is high on the severity scale.

The specific issue arises from a buffer overflow in the Windows File Resource Profiles within versions 9.X of the software. As noted by Ivanti in their alert, released on May 14, this vulnerability allows a remote, authenticated user with the necessary permissions to browse SMB shares to execute code as the root user. Although the company has stated that the relevant permissions are not enabled by default from version 9.1R3 onward, the earlier versions affected—9.0Rx and 9.1Rx—remain at risk.

The CERT Coordination Center’s analysis highlights the gateway’s functionality to connect to Windows file shares through several CGI endpoints. Attackers could exploit this capability by providing excessively long server names during certain SMB operations, which directly triggers the buffer overflow vulnerability.

Business owners should be aware of how this issue can potentially facilitate various tactics and techniques categorized within the MITRE ATT&CK framework. Specifically, adversaries might leverage tactics such as privilege escalation to gain heightened access to systems after initial access has been secured. The implications for organizations that have not yet upgraded or configured their systems according to Ivanti’s recommendations can be profound, as the attack surface remains exposed.

This vulnerability not only underscores the importance of maintaining updated cyber defenses but also serves as a critical reminder for businesses to regularly review their access controls and permissions. Without proactive measures, companies could find themselves vulnerable to exploit attempts that could lead to significant data breaches and operational disruptions.

In conclusion, as the threat landscape continues to evolve rapidly, being informed about security advisories and implementing timely updates are essential components for safeguarding an organization’s digital infrastructure. Keeping abreast of vulnerabilities like CVE-2021-22908 is imperative for mitigating risks associated with cyber threats in today’s interconnected environment.

Source link

Related Posts

Urgent Security Alert: Critical RCE Flaw Discovered in VMware vCenter Server – Immediate Patching Recommended!

May 26, 2021

VMware has issued patches to fix a severe security vulnerability in vCenter Server that could allow attackers to execute arbitrary code on the server. Identified as CVE-2021-21985 (with a CVSS score of 9.8), this vulnerability arises from insufficient input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in vCenter Server. According to VMware, “An attacker with network access to port 443 could exploit this vulnerability to run commands with unrestricted privileges on the underlying operating system hosting vCenter Server.”

VMware vCenter Server is a management tool for controlling virtual machines, ESXi hosts, and other related components from a centralized interface. The flaw impacts vCenter Server versions 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x. VMware has acknowledged Ricter Z from 360 Noah Lab for reporting this critical vulnerability. The patch also addresses an authentication issue…

Newly Identified Vulnerabilities in VSCode Extensions May Facilitate Supply Chain Attacks

May 27, 2021

Critical security vulnerabilities found in widely used Visual Studio Code extensions have the potential to allow attackers to compromise both local machines and build systems through a developer’s integrated development environment (IDE). These at-risk extensions could be leveraged to execute arbitrary code remotely on a developer’s system, potentially opening the door to supply chain attacks. Notable vulnerable extensions include “LaTeX Workshop,” “Rainbow Fart,” “Open in Default Browser,” and “Instant Markdown,” which collectively have garnered around two million installations. Researchers from the open-source security platform Snyk highlighted that “Developer machines usually hold significant credentials, enabling them (directly or indirectly) to interact with various parts of the product.” The exposure of a developer’s private key could allow a malicious actor to replicate critical assets…

Critical 0-Day Vulnerability in Popular WordPress Plugin Affects Over 17,000 Sites

On June 2, 2021, it was revealed that the Fancy Product Designer plugin for WordPress, used on more than 17,000 websites, contains a dangerous file upload vulnerability. This flaw is currently being exploited by attackers to insert malware into affected sites. The threat intelligence team at Wordfence, which identified the vulnerability, reported the issue to the plugin’s developer on May 31. Despite acknowledgment of the problem, no fix has been implemented yet. Fancy Product Designer allows businesses to offer customizable products, enabling customers to upload images and PDFs for items like T-shirts and phone cases. Unfortunately, although the plugin had some security measures, they were inadequate and easily bypassed, allowing the upload of malicious PHP files to any site using the plugin.

Researchers Warn of Severe Vulnerabilities in Realtek Wi-Fi Module

A recent disclosure has unveiled critical vulnerabilities in the Realtek RTL8170C Wi-Fi module, which could be exploited by attackers to gain elevated privileges and take control of wireless communications. According to experts from the Israeli IoT security firm Vdoo, “Successful exploitation would grant complete control over the Wi-Fi module and potentially root access to the OS (such as Linux or Android) of embedded devices utilizing this module.” The Realtek RTL8710C Wi-Fi SoC serves as the foundation for Ameba, an Arduino-compatible platform designed for diverse IoT applications across sectors including agriculture, automotive, energy, healthcare, industrial, security, and smart home technologies. These vulnerabilities impact all embedded and IoT devices that utilize this component for Wi-Fi connectivity and necessitate that an attacker be on the same Wi-Fi network as the targeted devices.