Security Bulletins

September 16, 2022 Joe Klenotich

Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities


Severity:

High
 

Publication date:

September 7th, 2022
 

Vulnerability/Event ID(s):

CVE-2022-23685, CVE-2022-23692, CVE-2022-23693, CVE-2022-23694, CVE-2022-23695, CVE-2022-23696, CVE-2022-37877, CVE-2022-37878, CVE-2022-37879, CVE-2022-37880, CVE-2022-37881, CVE-2022-37882, CVE-2022-37883, CVE-2022-37884

B-220915-1
 

Vulnerability summary:

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
 

Impacted systems:

ClearPass Policy Manager
 

Remediation steps:

Upgrade code to a newer version – approximately 3-4 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt


Security Bulletin: Aruba AOS-CX Switches – Multiple Vulnerabilities


Severity:

High
 

Publication date:

August 30th, 2022
 

Vulnerability/Event ID(s):

CVE-2022-23679, CVE-2022-23680, CVE-2022-23681, CVE-2022-23682, CVE-2022-23683, CVE-2022-23684, CVE-2022-23686, CVE-2022-23687, CVE-2022-23688, CVE-2022-23689, CVE-2022-23690, CVE-2022-23691

B-220901-1
 

Vulnerability summary:

Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
 

Impacted systems:

Aruba AOS-CX Switches Running Certain Versions of Code
 

Remediation steps:

Upgrade code to a newer version – approximately 2-3 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt


Security Bulletin: WatchGuard Firmware Updates


Severity:

High
 

Publication date:

August 26th, 2022
 

Vulnerability/Event ID(s):

Multiple

B-220831-1
 

Vulnerability summary:

WatchGuard has posted maintenance releases for Fireware 12.8.2 and 12.5.11. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of vulnerabilities.
 

Impacted systems:

WatchGuard Firewalls
 

Remediation steps:

Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_11/index.html
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_2/index.html


Security Bulletin: Remote Code Execution on MacOS, iPadOS, and iOS


Severity:

Critical
 

Publication date:

August 17, 2022
 

Vulnerability/Event ID(s):

CVE-2022-32893, CVE-2022-32894

B-220819-1
 

Vulnerability summary:

An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
 

Impacted systems:

MacOS Monterey
iPadOS 15
iOS 15
 

Remediation steps:

Update all MacOS, iPadOS, and iOS devices to the latest version.

MacOS: 12.5.1
iPadOS: 15.6.1
iOS: 15.6.1

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://support.apple.com/en-qa/HT213412
https://support.apple.com/en-us/HT213413


Security Bulletin: Cisco FMC (Firepower Management Center) Field Notice


Severity:

High
 

Publication date:

August 2nd, 2022- Updated August 9th, 2022
 

Vulnerability/Event ID(s):

CSCvy17030

B-220818-1
 

Vulnerability summary:

The Firepower Management Center (FMC) MonetDB event database might crash and fail to show connection events.
The FMC MonetDB database stores logs of various connection events. The database might crash, which results in loss of access to connection event data for some versions of Firepower software that run MonetDB Version 11.37.12.
 

Impacted systems:

Cisco FMC Software
 

Remediation steps:

Upgrade code to a newer version – approximately 6 hours per FMC instance.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72425.html?emailclick=CNSemail

Security Bulletin: WatchGuard Firmware Updates and OpenVPN Unauthenticated Access to Control Channel Data Vulnerability


Severity:

High
 

Publication date:

July 8th, 2022
 

Vulnerability/Event ID(s):

CVE-2020-15078

B-220720-1
 

Vulnerability summary:

WatchGuard has posted maintenance releases for Fireware 12.8.1, and earlier branches, 12.5.10 and 12.1.4. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of an open vulnerability.
 

Impacted systems:

WatchGuard Firewalls
 

Remediation steps:

Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.

Managed Clients: Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.

Un-Managed Clients: Atomic Data has discovered potentially active vulnerability. Please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://www.watchguard.com/wgrd-blog/fireware-1281-12510-and-1214-and-mobile-vpn-client-releases


Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities


Severity:

Critical
 

Publication date:

May 4th, 2022
 

Vulnerability/Event ID(s):

CVE-2021-21419, CVE-2021-33503, CVE-2022-23657, CVE-2022-23658, CVE-2022-23659, CVE-2022-23660, CVE-2022-23661, CVE-2022-23662, CVE-2022-23663, CVE-2022-23664, CVE-2022-23665, CVE-2022-23666, CVE-2022-23667, CVE-2022-23668, CVE-2022-23669, CVE-2022-23670, CVE-2022-23671, CVE-2022-23672, CVE-2022-23673, CVE-2022-23674, CVE-2022-23675

B-220511-3
 

Vulnerability summary:

Authentication Bypass Leading to Remote Code Execution in ClearPass Policy Manager Web-Based Management Interface (CVE-2022-23657, CVE-2022-23658, CVE-2022-23660). Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
 

Impacted systems:

ClearPass Policy Manager
 

Remediation steps:

Upgrade code to a newer version.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt


Security Bulletin: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service


Severity:

High
 

Publication date:

May 4th, 2022
 

Vulnerability/Event ID(s):

CVE-2022-0778

B-220511-2
 

Vulnerability summary:

A vulnerability has been identified in a commonly used component in multiple Aruba products. This vulnerability allows attackers to use specially crafted certificates resulting in denial of service.
 

Impacted systems:

Multiple Aruba product lines.
 

Remediation steps:

Aruba recommends upgrading to a newer code version, or, to minimize the likelihood of an attacker exploiting this vulnerability, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-009.txt


Security Bulletin: Heap Overflow Vulnerabilities Within ArubaOS – Switch Devices


Severity:

Critical
 

Publication date:

May 3rd, 2022
 

Vulnerability/Event ID(s):

CVE-2022-2367, CVE-2022-23677

B-220511-1
 

Vulnerability summary:

Multiple heap overflow vulnerabilities have been discovered in the ArubaOS-Switch firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code. Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
 

Impacted systems:

ArubaOS – Switch Devices
 

Remediation steps:

Aruba recommends upgrading to new software code, or, implementing firewall controls to limit interactions of impacted switches with known good RADIUS sources.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt


Security Bulletin: Cisco Security Appliance Vulnerabilities


Severity:

High
 

Publication date:

April 27th, 2022
 

Vulnerability/Event ID(s):

CVE-2022-20759, CVE-2022-20760, CVE-2022-20715, CVE-2022-20745, CVE-2022-20757, CVE-2022-20767, CVE-2022-20751, CVE-2022-20746, CVE-2022-20737, CVE-2022-20742, CVE-2022-20743, CVE-2022-20740, CVE-2022-20627, CVE-2022-20628, CVE-2022-20629, CVE-2022-20748, CVE-2022-20729, CVE-2022-20744, CVE-2022-20730

B-220504-1
 

Vulnerability summary:

Cisco recently released a total of 19 vulnerabilities, impacting ASA and FTD software. Additional details around the impact can be found in Cisco’s Security Advisory Bundled Publication below.
 

Impacted systems:

Cisco ASA and FTD Software
 

Remediation steps:

Upgrade code to a newer version – approximately 2 hours per device for remediation.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836


Security Bulletin: Mitel – MiVoice Connect Data Validation Vulnerability


Severity:

Critical
 

Publication date:

4/19/2022, updated with patch on 4/21/2022
 

Vulnerability/Event ID(s):

CVE-2022-29499

B-220422-1
 

Vulnerability summary:

A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context of the Service Appliance. This vulnerability was privately reported to Mitel. Mitel is recommending customers with affected product versions apply the available remediation.
 

Impacted systems:

Mitel Service Appliances and Virtual Service Appliances (VSA)
 

Remediation steps:

Apply manufacturers recommended patch.

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0002?mkt_tok=NzU0LVBIVi0zNTUAAAGD5qXUBdd2lYLw9_Sc7yBt2zVp6JtS6wTxxWLMEm-CFuzyBHN_Q5xeawC2StF6dUbZfqDIZ08syOPI8LTATju568BGAPmll2Q-qSaVasOvlwJMyL0


Security Bulletin: Spring Framework RCE via Data Binding on JDK 9+ Vulnerability


Severity:

Critical
 

Publication date:

March 31st, 2022, Updated April 1st, 2022
 

Vulnerability/Event ID(s):

CVE-2022-22965

B-220402-2
 

Vulnerability summary:

The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
 

Impacted systems:

Multiple manufacturers.
 

Remediation steps:

Upgrades and remediation steps are pending across multiple manufacturers.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67?emailclick=CNSemail
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement


Security Bulletin: OpenSSL Infinite Loop Vulnerability


Severity:

High
 

Publication date:

March 31st, 2022- Updated April 1st, 2022
 

Vulnerability/Event ID(s):

CVE-2022-0778

B-220402-1
 

Vulnerability summary:

This vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker does not need a verified certificate to exploit this vulnerability because parsing a bad certificate triggers the infinite loop before the verification process is completed.
 

Impacted systems:

Palo Alto PAN-OS Software, Global Protect and Prisma Access
 

Remediation steps:

Upgrade software versions
Pending- to be released by the vendor in April 2022

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://security.paloaltonetworks.com/CVE-2022-0778


Security Bulletin: Cisco Field Notice: Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 – Update Required


Severity:

Critical
 

Publication date:

February, 2022
 

Vulnerability/Event ID(s):

FN72332

B-220304-1
 

Vulnerability summary:

Affected Firepower platforms will be unable to receive the latest Talos intelligence feeds (IPs, URLs, DNS Hosts). The platform might experience a degraded security posture for future threats until the update is applied.

No other content updates (Snort Rule Updates (SRUs), Vulnerability Database (VDB), Geolocation Database (GeoDB), and so on) will be affected by this issue.
 

Impacted systems:

Cisco FMC (Firepower Management Center)
 

Remediation steps:

Atomic Data recommends updating the Cisco software version in order to address this issue. Atomic Data estimates that the update will take approximately 2 hours to complete and should be non-service impacting.

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html


Security Bulletin: Pwnkit Vulnerability for Linux


Severity:

High
 

Publication date:

January 26th, 2022
 

Vulnerability/Event ID(s):

CVE-2021-4034

B-220127-1
 

Vulnerability summary:

This vulnerability involves a memory corruption potential within polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host in its default configuration.
 

Impacted systems:

All Ubuntu and RedHat based Linux Systems
 

Remediation steps:

Atomic Data Engineers have created a Kaseya script which will be pushed to vulnerable Linux Servers for Managed Clients. This script updates the polkit package and remediates the vulnerability without the need for a reboot or downtime.

If you are an Atomic Data managed services client, Atomic Data Engineers will push this Kaseya Script at a pre-determined time to remediate the vulnerability. If you are not an Atomic Data Unmanaged services client and you would like to have Atomic Data push this script to servers with Kaseya agents, please contact your Account Coordinator.

If there are Linux Servers which do not have Kaseya installed on them, please work with your Account Coordinator if you’d like to get the Kaseya agent installed and have the procedure pushed to your vulnerable systems.

Atomic Data Engineers will remediate any vulnerable servers for Managed clients via the Kaseya procedure. Any Unmanaged client should contact their Account Coordinator to schedule the procedure to be ran.
 

Additional detail:

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-action-response-polkit-privilege-escalation-vulnerability-pwnkit-cve-2021-4034/


Security Bulletin: Apache Log4j Utility


Severity:

Critical
 

Publication date:

Dec 10, 2021
 

Vulnerability/Event ID(s):

CVE-2021-44228

B-211211-1
 

Vulnerability summary:

The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
 

Impacted systems:

Multiple vendors are impacted by this vulnerability. While vendors investigate the impact to their products Atomic Data is monitoring communication from the Cyber Security community to determine viable remediation and work around efforts.
 

Remediation steps:

Atomic Data engineering staff is:
1) using a recently released scanning module to perform vulnerability scanning for our scanning clients. This is not mitigation/remediation but identification of the vulnerability being present.
2) working on other tools to help with detection of the vulnerability.
3) tracking, documenting, and monitoring any vulnerable applications/servers that are found to ensure fixes, patches, and upgrades are applied in a timely manner.
4) available to apply a mitigation option blocking LDAP/S egress traffic. This does present a risk of blocking desired LDAP/S egress traffic. Additional investigation would be needed to allow desired LDAP/S egress traffic.
5) on standby to apply vulnerability patches as they are released by vendors.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Log4j Vulnerability Response: CVE-2021-44228

Atomic Data engineering staff is actively tracking managed clients and documenting any vulnerable applications/servers that are found.

For Windows servers: We are executing a procedure to scan all Windows servers for links to Log4j libraries. After scanning, results are generated and reviewed by the Security & Network Operations Center. We will identify the client, server, and the path to the Java file that has the reference. This will be important as vendors release patches for their software to ensure that software is updated in a timely manner.

For Linux servers: Our Product Operations team is working on a similar script to do the same with Linux servers.

For Appliances: The primary engineer for the client is reviewing what appliances are deployed and whether they are impacted. 

Once we know all the locations that are impacted and potentially vulnerable, we will proceed to a monitoring phase of this response. As vendors patch their software, we will refer back to scan documentation to ensure clients with eligible apps/systems are receiving patches and updates.

This will handle detection and updates to fix the vulnerability when they are available.

As a parallel task, we are confirming that our Antivirus and Endpoint Detection and Response solutions are configured properly so that if/when someone tries to exploit a system, we will catch it right away.

Additional detail:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-44228


Security Bulletin: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities


Severity:

High
 

Publication date:

October 27, 2021
 

Vulnerability/Event ID(s):

CVE-2021-1573, CVE-2021-34792, CVE-2021-40117

B-211117-1
 

Vulnerability summary:

Cisco has released several vulnerabilities affecting memory management, the web services interface, and the SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
 

Impacted systems:

These vulnerabilities affect Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration.
 

Remediation steps:

Upgrade to patched version of Cisco ASA or FTD code.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-34792
https://nvd.nist.gov/vuln/detail/CVE-2021-40117#
https://nvd.nist.gov/vuln/detail/CVE-2021-1573#


Security Bulletin: Microsoft Exchange Server Remote Code Execution Vulnerability


Severity:

High
 

Publication date:

November 9, 2021
 

Vulnerability/Event ID(s):

CVE-2021-42321

B-211110-1
 

Vulnerability summary:

A post-authentication vulnerability impacting on-premises Exchange Server 2016 and Exchange Server 2019 has been discovered by Microsoft and attackers are actively targeting vulnerable systems. A security flaw in the validation of cmdlet arguments could allow an authenticated attacker to perform a remote code execution on the target server. Microsoft has released security updates that address this vulnerability.
 

Impacted systems:

Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
 

Remediation steps:

Atomic Data is preparing to deploy the patch via Kaseya tonight. Some servers will require a Cumulative Update (CU) prior to applying the current Security Update (SU). Account Coordinators will contact impacted clients to schedule a time for patching and updates.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

Microsoft Exchange Server Remote Code Execution Vulnerability
Released: November 2021 Exchange Server Security Updates
Microsoft urges Exchange admins to patch bug exploited in the wild


Security Bulletin: Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability


Severity:

High
 

Publication date:

Oct 6, 2021
 

Vulnerability/Event ID(s):

CVE-2021-34788

B-211108-1
 

Vulnerability summary:

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
 

Impacted systems:

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS using the HostScan module.
 

Remediation steps:

For managed clients, Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.

For un-managed clients, please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability

CVE-2021-34788 Detail


Security Bulletin: Cisco Wireless Access Point Vulnerabilities


Severity:

High
 

Publication date:

September 22nd, 2021
 

Vulnerability/Event ID(s):

CVE-2021-34740, CVE-2021-1419

B-210924-1
 

Vulnerability summary:

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Also, a vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges.
 

Impacted systems:

Cisco Wireless Network Environments
 

Remediation steps:

Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address these vulnerabilities. The estimated upgrade time will vary, based on the number of access points within the environment. Please contact your Atomic Data Account Coordinator for assistance with creating an upgrade maintenance plan.

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.

Additional detail:

Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability

Cisco Access Points SSH Management Privilege Escalation Vulnerability


Cisco Software Denial of Service Vulnerability


Severity:

High
 

Publication date:

September 22nd, 2021
 

Vulnerability/Event ID(s):

CVE-2021-34699

B-210923-1
 

Vulnerability summary:

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
 

Impacted systems:

Cisco IOS and IOS XE Software with TrustSec capabilities and web UI enabled.
 

Remediation steps:

Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address this vulnerability. The estimated upgrade time is planned around 2 hours per device, with a brief service interruption while the hardware is rebooted. Onsite access may be required to perform the upgrade(s).

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability


Security Bulletin: VMware vCenter Server


Severity:

Critical
 

Publication date:

September 21st, 2021
 

Vulnerability/Event ID(s):

CVE-2021-22005

B-210924-2
 

Vulnerability summary:

VMware recently released updates that resolve critical and high-severity vulnerabilities affecting vCenter Servers, described in VMSA-2021-0020. VMware strongly recommends customers take immediate action to remediate or mitigate the threat of the critical issue impacting these versions of vCenter Server: 7.0, 6.7, and 6.5.

Affected versions of VMware vCenter Server permit anyone with network access to your vCenter Server to execute arbitrary commands and software, which could result in execution of administrative commands and takeover of the virtual hosting environment. Multiple exploits for this vulnerability are now freely available online.

While the potential risk to your affected vCenter Server is greatly reduced if it is not exposed to the internet, an attacker could leverage an initial compromise of a workstation or web browser inside your network to complete the exploit of a vCenter exposed to internal user-generated traffic.
 

Impacted systems:

vCenter 7.0
vCenter 6.7
vCenter 6.5 (not vulnerable to critical issue but still recommended)
 

Remediation steps:

(1) Temporarily mitigate the critical vulnerability by implementing KB85717 in vCenter 7.0 or 6.7.

(2) Permanently remediate the critical and the other important vulnerabilities by applying vCenter Server 7.0 Update 2d, vCenter Server 6.7 Update 3o, or vCenter Server 6.5 Update 3q.

If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
 

Additional detail:

https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://kb.vmware.com/s/article/85717
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u2d-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3o-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3q-release-notes.html


Microsoft MSHTML Remote Code Execution


Severity:

Critical
 

Publication date:

September 7th, 2021
 

Vulnerability/Event ID(s):

CVE-2021-40444

B-210910-1
 

Vulnerability summary:

Microsoft reported a remote code execution vulnerability in MSHTML that affects Microsoft Windows. An attacker could use a maliciously crafted Microsoft Office document to compromise a system. The attacker would first have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
 

Impacted systems:

Windows systems with Microsoft Office products.
 

Remediation steps:

Atomic Data has discovered an active vulnerability and has applied a securityfix to your machine. For this to complete you need to reboot your machine as soon as possible.

For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
 

Additional detail:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/


ArubaOS Multiple Vulnerabilities


Severity:

Critical
 

Publication date:

August 31st, 2021
 

Vulnerability/Event ID(s):

CVE-2019-5318, CVE-2021-37716, CVE-2021-37717, CVE-2021-37718, CVE-2020-37719, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37723, CVE-2021-37724, CVE-2021-37725, CVE-2021-37728, CVE-2021-37729, CVE-2021-37731, CVE-2021-37733

B-210831-1
 

Vulnerability summary:

Aruba has released patches for ArubaOS that address multiple securityvulnerabilities
 

Impacted systems:

ArubaOS (Multiple code versions)
 

Remediation steps:

Aruba recommends upgrading the ArubaOS software to a non-vulnerable version in order to address multiple vulnerabilities. The estimated upgrade time is planned around 2 hours per device. 

Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
 

Additional detail:

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt