Security Bulletins

September 14, 2021 Joe Klenotich

Security Bulletin: Cisco Wireless Access Point Vulnerabilities


Severity:

High
 

Publication date:

September 22nd, 2021
 

Vulnerability/Event ID(s):

CVE-2021-34740, CVE-2021-1419

B-210924-1
 

Vulnerability summary:

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Also, a vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges.
 

Impacted systems:

Cisco Wireless Network Environments
 

Remediation steps:

Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address these vulnerabilities. The estimated upgrade time will vary, based on the number of access points within the environment. Please contact your Atomic Data Account Coordinator for assistance with creating an upgrade maintenance plan.

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv


Cisco Software Denial of Service Vulnerability


Severity:

High
 

Publication date:

September 22nd, 2021
 

Vulnerability/Event ID(s):

CVE-2021-34699

B-210923-1
 

Vulnerability summary:

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
 

Impacted systems:

Cisco IOS and IOS XE Software with TrustSec capabilities and web UI enabled.
 

Remediation steps:

Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address this vulnerability. The estimated upgrade time is planned around 2 hours per device, with a brief service interruption while the hardware is rebooted. Onsite access may be required to perform the upgrade(s).

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2


Security Bulletin: VMware vCenter Server


Severity:

Critical
 

Publication date:

September 21st, 2021
 

Vulnerability/Event ID(s):

CVE-2021-22005

B-210924-2
 

Vulnerability summary:

VMware recently released updates that resolve critical and high-severity vulnerabilities affecting vCenter Servers, described in VMSA-2021-0020. VMware strongly recommends customers take immediate action to remediate or mitigate the threat of the critical issue impacting these versions of vCenter Server: 7.0, 6.7, and 6.5.

Affected versions of VMware vCenter Server permit anyone with network access to your vCenter Server to execute arbitrary commands and software, which could result in execution of administrative commands and takeover of the virtual hosting environment. Multiple exploits for this vulnerability are now freely available online.

While the potential risk to your affected vCenter Server is greatly reduced if it is not exposed to the internet, an attacker could leverage an initial compromise of a workstation or web browser inside your network to complete the exploit of a vCenter exposed to internal user-generated traffic.
 

Impacted systems:

vCenter 7.0
vCenter 6.7
vCenter 6.5 (not vulnerable to critical issue but still recommended)
 

Remediation steps:

(1) Temporarily mitigate the critical vulnerability by implementing KB85717 in vCenter 7.0 or 6.7.

(2) Permanently remediate the critical and the other important vulnerabilities by applying vCenter Server 7.0 Update 2d, vCenter Server 6.7 Update 3o, or vCenter Server 6.5 Update 3q.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://kb.vmware.com/s/article/85717
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u2d-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3o-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3q-release-notes.html


Microsoft MSHTML Remote Code Execution


Severity:

Critical
 

Publication date:

September 7th, 2021
 

Vulnerability/Event ID(s):

CVE-2021-40444

B-210910-1
 

Vulnerability summary:

Microsoft reported a remote code execution vulnerability in MSHTML that affects Microsoft Windows. An attacker could use a maliciously crafted Microsoft Office document to compromise a system. The attacker would first have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
 

Impacted systems:

Windows systems with Microsoft Office products.
 

Remediation steps:

Atomic Data has discovered an active vulnerability and has applied a securityfix to your machine. For this to complete you need to reboot your machine as soon as possible.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/


ArubaOS Multiple Vulnerabilities


Severity:

Critical
 

Publication date:

August 31st, 2021
 

Vulnerability/Event ID(s):

CVE-2019-5318, CVE-2021-37716, CVE-2021-37717, CVE-2021-37718, CVE-2020-37719, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37723, CVE-2021-37724, CVE-2021-37725, CVE-2021-37728, CVE-2021-37729, CVE-2021-37731, CVE-2021-37733

B-210831-1
 

Vulnerability summary:

Aruba has released patches for ArubaOS that address multiple securityvulnerabilities
 

Impacted systems:

ArubaOS (Multiple code versions)
 

Remediation steps:

Aruba recommends upgrading the ArubaOS software to a non-vulnerable version in order to address multiple vulnerabilities. The estimated upgrade time is planned around 2 hours per device. 

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt