Security Bulletins
Quick Links
- March 2023 – Vulnerability in Fortigate Products
- March 2023 – Multiple Vulnerabilities in ArubaOS
- February 2023 – Multiple Vulnerabilities in Aruba Products
- FortiOS – Heap-Based Buffer Overflow Vulnerability in FortiOS-SSL-VPN
- ClearPass Policy Manager Multiple Vulnerabilities
- OpenSSL X.509 Certificate Verification Vulnerabilities
- Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability Advisory
- Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability
- ArubaOS Multiple Vulnerabilities
- FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on Administrative Interface
- Cisco FMC and IPS – Snort consumes memory causing block depletion
- Microsoft Zero-Day Exchange Server Vulnerabilities
- Aruba Access Points Multiple Vulnerabilities
- ClearPass Policy Manager Multiple Vulnerabilities
- Aruba AOS-CX Switches – Multiple Vulnerabilities
- WatchGuard Firmware Updates
- Remote Code Execution on MacOS, iPadOS, and iOS
- Cisco FMC (Firepower Management Center) Field Notice
- WatchGuard Firmware Updates and OpenVPN Unauthenticated Access to Control Channel Data Vulnerability
- ClearPass Policy Manager Multiple Vulnerabilities
- Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
- Heap Overflow Vulnerabilities Within ArubaOS – Switch Devices
- Cisco Security Appliance Vulnerabilities
- Mitel – MiVoice Connect Data Validation Vulnerability
- Spring Framework RCE via Data Binding on JDK 9+ Vulnerability
- OpenSSL Infinite Loop Vulnerability
- Cisco Field Notice: Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 – Update Required
- Pwnkit Vulnerability for Linux
- Apache Log4j Utility
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
- Microsoft Exchange Server Remote Code Execution Vulnerability
- Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
- Cisco Wireless Access Point Vulnerabilities
- Cisco Software Denial of Service Vulnerability
- VMware vCenter Server
- Microsoft MSHTML Remote Code Execution
- ArubaOS Multiple Vulnerabilities
Security Bulletin: Vulnerability in Fortigate Products
Severity:
Critical
Publication date:
March 7, 2023
Vulnerability/Event ID(s):
CVE-2023-25610
B-230309-1
Vulnerability summary:
A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. Fortinet is not aware of any instance where this vulnerability was exploited in the wild. Fortinet discovered this vulnerability as part of their normal security testing program.
Impacted systems:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Remediation steps:
Fortigate has released patched versions to resolve this issue. These products should be updated as soon as possible. Fortigate’s announcement also contains a workaround (see link below).
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.fortiguard.com/psirt/FG-IR-23-001
Security Bulletin: Multiple Vulnerabilities in ArubaOS
Severity:
Critical
Publication date:
February 28, 2023
Vulnerability/Event ID(s):
ARUBA-PSA-2023-002
B-230303-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple critical security vulnerabilities.
Impacted systems:
•Aruba Mobility Conductor (formerly Mobility Master)
•Aruba Mobility Controllers
•Aruba WLAN Gateways and SD-WAN Gateways managed by Aruba Central
Remediation steps:
The affected Aruba products should be patched as soon as possible.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/support-services/security-bulletins/
Security Bulletin: Multiple Vulnerabilities in Aruba Products
Severity:
High
Publication date:
February 08, 2023
Vulnerability/Event ID(s):
CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-202-4304
B-230210-1
Vulnerability summary:
Aruba Threat Labs confirmed the version of OpenSSL used in the web-management interfaces embedded in multiple Aruba products is impacted by at least four CVEs, some of which can be exploited in a lab setting to cause denial-of-service and potentially disclosure of sensitive information. Nobody has yet observed exploitation of these vulnerabilities in the real world, and the management interfaces can be protected through network segmentation to greatly reduce the risk that an attacker could reach them.
Impacted systems:
• AirWave Management Platform
• Aruba ClearPass Policy Manager
• ArubaOS-CX Switches
• ArubaOS Wi-Fi Controllers and Gateways
• ArubaOS SD-WAN Gateways
• Aruba InstantOS / Aruba Access Points running ArubaOS 10
Remediation steps:
Atomic Data will be in touch to discuss mitigation steps that will lower the risk until Aruba releases fixes for these vulnerabilities.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-001.txt
Security Bulletin: FortiOS- Heap-Based Buffer Overflow Vulnerability in FortiOS-SSL-VPN
Severity:
Critical
Publication date:
December 12th, 2022
Vulnerability/Event ID(s):
CVE-2022-42475
B-221212-1
Vulnerability summary:
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Fortinet is aware of an instance where this vulnerability was exploited in the wild.
Impacted systems:
Multiple FortiOS Versions
Remediation steps:
Upgrade code to a newer version. Your Account Coordinator can work with you and our Engineering team to schedule a maintenance window to perform the upgrade.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
High
Publication date:
December 6th, 2022
Vulnerability/Event ID(s):
CVE-2002-20001, CVE-2022-43530, CVE-2022-43531, CVE-2022-43532, CVE-2022-43533, CVE-2022-43534, CVE-2022-43535, CVE-2022-43536, CVE-2022-43537, CVE-2022-43538, CVE-2022-43539, CVE-2022-43540
B-221208-1
Vulnerability summary:
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
Impacted systems:
Aruba ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version. In some instances, a work around may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: OpenSSL X.509 Certificate Verification Vulnerabilities
Severity:
High
Publication date:
November 1, 2022
Vulnerability/Event ID(s):
CVE-2022-3786, CVE-2022-3602
B-221104-1
Vulnerability summary:
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking, which could result in a denial-of-service crash (CVE-2022-3786 & CVE-2022-3602) or potential remote code execution (CVE-2022-3602 only).
Impacted systems:
OpenSSL versions 3.0.0 to 3.0.6.
Remediation steps:
Update any operating system, device, or application that installs or relies on OpenSSL v3.0.x. You may have to check with your software vendor(s) for more information.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability
Severity:
Advisory
Publication date:
General vulnerability publication: March 15, 2022 – Cisco AnyConnect Fix Announced and Released: October 18, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-221028-2
Vulnerability summary:
Affected versions of the AnyConnect client can be forced into an infinite loop if the server answers its connection with a malformed encryption certificate. The loop would result in a denial-of-service for the user. The conditions required for an attacker to cause the AnyConnect client to receive such a certificate are currently believed to be difficult but not impossible to recreate.
Impacted systems:
Cisco AnyConnect Secure Mobility Client versions prior to 4.10.06079, for all operating systems.
Remediation steps:
Upgrade code to the latest AnyConnect Secure Mobility Client. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Cisco Bug ID: CSCwb41421 (non-public)
Security Bulletin: Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability
Severity:
Critical
Publication date:
August, 2020, Updated: October, 2022
Vulnerability/Event ID(s):
CVE-2020-3433
B-221028-1
Vulnerability summary:
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Cisco has become aware of this vulnerability being actively exploited. Cisco highly recommends upgrading to their latest version of Cisco AnyConnect Windows Client.
Impacted systems:
Cisco AnyConnect Secure Mobility Client for Windows: Releases earlier than version 4.9.00086.
Remediation steps:
Upgrade code to the latest AnyConnect Secure Mobility Client. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: ArubaOS Multiple Vulnerabilities
Severity:
Critical
Publication date:
October 25th, 2022
Vulnerability/Event ID(s):
CVE-2022-37897, CVE-2022-37898, CVE-2022-37899, CVE-2022-37900, CVE-2022-37901, CVE-2022-37902, CVE-2022-37903, CVE-2022-37904, CVE-2022-37905, CVE-2022-37906, CVE-2022-37907, CVE-2022-37908, CVE-2022-37909, CVE-2022-37910, CVE-2022-37911, CVE-2022-37912
B-221025-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
Impacted systems:
Multiple Aruba Products
Remediation steps:
Upgrade code to a newer version. In some instances, a work around may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on Administrative Interface
Severity:
Critical
Publication date:
October 10th, 2022
Vulnerability/Event ID(s):
CVE-2022-40684
B-221012-1
Vulnerability summary:
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Impacted systems:
FortiOS, FortiProxy and FortiSwitch Manager
Remediation steps:
Upgrade code to a newer version. In certain cases, a workaround may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.fortiguard.com/psirt/FG-IR-22-377
Security Bulletin: Cisco FMC and IPS – Snort consumes memory causing Block Depletion
Severity:
Advisory
Publication date:
Updated October 6th, 2022
Vulnerability/Event ID(s):
CSCvt34894
B-221011-1
Vulnerability summary:
Snort consumes memory causing block depletion. In some cases, Snort enters an uninterruptible sleep, which causes packets being dropped and block exhaustion.
Impacted systems:
Cisco Firepower Management Center and Cisco Firepower NGFW
Remediation steps:
Upgrading code to a newer version, including the ASA, SFR Modules and FMC will remediate this bug. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvt34894
Security Bulletin: Microsoft Zero-Day Exchange Server Vulnerabilities
Severity:
Critical
Publication date:
September 29th, 2022
Vulnerability/Event ID(s):
CVE-2022-41040, CVE-2022-41082
B-220930-1
Vulnerability summary:
Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.
Impacted systems:
Microsoft Exchange Environments
Remediation steps:
Modify IIS configuration and URL Rewrite Rules. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your Microsoft Exchange environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Aruba Access Points Multiple Vulnerabilities
Severity:
Critical
Publication date:
September 27th, 2022
Vulnerability/Event ID(s):
CVE-2002-20001, CVE-2022-37885, CVE-2022-37886, CVE-2022-37887, CVE-2022-37888, CVE-2022-37889, CVE-2022-37890, CVE-2022-37891, CVE-2022-37892, CVE-2022-37893, CVE-2022-37894, CVE-2022-37895, CVE-2022-37896
B-220928-1
Vulnerability summary:
Aruba has released patches for Aruba access points running InstantOS and ArubaOS 10 that address multiple security vulnerabilities.
Impacted systems:
Aruba Access Points
Remediation steps:
Upgrade code to a newer version. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your wireless environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
High
Publication date:
September 7th, 2022
Vulnerability/Event ID(s):
CVE-2022-23685, CVE-2022-23692, CVE-2022-23693, CVE-2022-23694, CVE-2022-23695, CVE-2022-23696, CVE-2022-37877, CVE-2022-37878, CVE-2022-37879, CVE-2022-37880, CVE-2022-37881, CVE-2022-37882, CVE-2022-37883, CVE-2022-37884
B-220915-1
Vulnerability summary:
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
Impacted systems:
ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version – approximately 3-4 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt
Security Bulletin: Aruba AOS-CX Switches – Multiple Vulnerabilities
Severity:
High
Publication date:
August 30th, 2022
Vulnerability/Event ID(s):
CVE-2022-23679, CVE-2022-23680, CVE-2022-23681, CVE-2022-23682, CVE-2022-23683, CVE-2022-23684, CVE-2022-23686, CVE-2022-23687, CVE-2022-23688, CVE-2022-23689, CVE-2022-23690, CVE-2022-23691
B-220901-1
Vulnerability summary:
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
Impacted systems:
Aruba AOS-CX Switches Running Certain Versions of Code
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt
Security Bulletin: WatchGuard Firmware Updates
Severity:
High
Publication date:
August 26th, 2022
Vulnerability/Event ID(s):
Multiple
B-220831-1
Vulnerability summary:
WatchGuard has posted maintenance releases for Fireware 12.8.2 and 12.5.11. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of vulnerabilities.
Impacted systems:
WatchGuard Firewalls
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_11/index.html
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_2/index.html
Security Bulletin: Remote Code Execution on MacOS, iPadOS, and iOS
Severity:
Critical
Publication date:
August 17, 2022
Vulnerability/Event ID(s):
CVE-2022-32893, CVE-2022-32894
B-220819-1
Vulnerability summary:
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Impacted systems:
MacOS Monterey
iPadOS 15
iOS 15
Remediation steps:
Update all MacOS, iPadOS, and iOS devices to the latest version.
MacOS: 12.5.1
iPadOS: 15.6.1
iOS: 15.6.1
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://support.apple.com/en-qa/HT213412
https://support.apple.com/en-us/HT213413
Security Bulletin: Cisco FMC (Firepower Management Center) Field Notice
Severity:
High
Publication date:
August 2nd, 2022- Updated August 9th, 2022
Vulnerability/Event ID(s):
CSCvy17030
B-220818-1
Vulnerability summary:
The Firepower Management Center (FMC) MonetDB event database might crash and fail to show connection events.
The FMC MonetDB database stores logs of various connection events. The database might crash, which results in loss of access to connection event data for some versions of Firepower software that run MonetDB Version 11.37.12.
Impacted systems:
Cisco FMC Software
Remediation steps:
Upgrade code to a newer version – approximately 6 hours per FMC instance.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: WatchGuard Firmware Updates and OpenVPN Unauthenticated Access to Control Channel Data Vulnerability
Severity:
High
Publication date:
July 8th, 2022
Vulnerability/Event ID(s):
CVE-2020-15078
B-220720-1
Vulnerability summary:
WatchGuard has posted maintenance releases for Fireware 12.8.1, and earlier branches, 12.5.10 and 12.1.4. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of an open vulnerability.
Impacted systems:
WatchGuard Firewalls
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.
Managed Clients: Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.
Un-Managed Clients: Atomic Data has discovered potentially active vulnerability. Please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.watchguard.com/wgrd-blog/fireware-1281-12510-and-1214-and-mobile-vpn-client-releases
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
Critical
Publication date:
May 4th, 2022
Vulnerability/Event ID(s):
CVE-2021-21419, CVE-2021-33503, CVE-2022-23657, CVE-2022-23658, CVE-2022-23659, CVE-2022-23660, CVE-2022-23661, CVE-2022-23662, CVE-2022-23663, CVE-2022-23664, CVE-2022-23665, CVE-2022-23666, CVE-2022-23667, CVE-2022-23668, CVE-2022-23669, CVE-2022-23670, CVE-2022-23671, CVE-2022-23672, CVE-2022-23673, CVE-2022-23674, CVE-2022-23675
B-220511-3
Vulnerability summary:
Authentication Bypass Leading to Remote Code Execution in ClearPass Policy Manager Web-Based Management Interface (CVE-2022-23657, CVE-2022-23658, CVE-2022-23660). Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Impacted systems:
ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt
Security Bulletin: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
Severity:
High
Publication date:
May 4th, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-220511-2
Vulnerability summary:
A vulnerability has been identified in a commonly used component in multiple Aruba products. This vulnerability allows attackers to use specially crafted certificates resulting in denial of service.
Impacted systems:
Multiple Aruba product lines.
Remediation steps:
Aruba recommends upgrading to a newer code version, or, to minimize the likelihood of an attacker exploiting this vulnerability, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-009.txt
Security Bulletin: Heap Overflow Vulnerabilities Within ArubaOS – Switch Devices
Severity:
Critical
Publication date:
May 3rd, 2022
Vulnerability/Event ID(s):
CVE-2022-2367, CVE-2022-23677
B-220511-1
Vulnerability summary:
Multiple heap overflow vulnerabilities have been discovered in the ArubaOS-Switch firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code. Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
Impacted systems:
ArubaOS – Switch Devices
Remediation steps:
Aruba recommends upgrading to new software code, or, implementing firewall controls to limit interactions of impacted switches with known good RADIUS sources.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt
Security Bulletin: Cisco Security Appliance Vulnerabilities
Severity:
High
Publication date:
April 27th, 2022
Vulnerability/Event ID(s):
CVE-2022-20759, CVE-2022-20760, CVE-2022-20715, CVE-2022-20745, CVE-2022-20757, CVE-2022-20767, CVE-2022-20751, CVE-2022-20746, CVE-2022-20737, CVE-2022-20742, CVE-2022-20743, CVE-2022-20740, CVE-2022-20627, CVE-2022-20628, CVE-2022-20629, CVE-2022-20748, CVE-2022-20729, CVE-2022-20744, CVE-2022-20730
B-220504-1
Vulnerability summary:
Cisco recently released a total of 19 vulnerabilities, impacting ASA and FTD software. Additional details around the impact can be found in Cisco’s Security Advisory Bundled Publication below.
Impacted systems:
Cisco ASA and FTD Software
Remediation steps:
Upgrade code to a newer version – approximately 2 hours per device for remediation.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836
Security Bulletin: Mitel – MiVoice Connect Data Validation Vulnerability
Severity:
Critical
Publication date:
4/19/2022, updated with patch on 4/21/2022
Vulnerability/Event ID(s):
CVE-2022-29499
B-220422-1
Vulnerability summary:
A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context of the Service Appliance. This vulnerability was privately reported to Mitel. Mitel is recommending customers with affected product versions apply the available remediation.
Impacted systems:
Mitel Service Appliances and Virtual Service Appliances (VSA)
Remediation steps:
Apply manufacturers recommended patch.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Security Bulletin: Spring Framework RCE via Data Binding on JDK 9+ Vulnerability
Severity:
Critical
Publication date:
March 31st, 2022, Updated April 1st, 2022
Vulnerability/Event ID(s):
CVE-2022-22965
B-220402-2
Vulnerability summary:
The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Impacted systems:
Multiple manufacturers.
Remediation steps:
Upgrades and remediation steps are pending across multiple manufacturers.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67?emailclick=CNSemail
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Security Bulletin: OpenSSL Infinite Loop Vulnerability
Severity:
High
Publication date:
March 31st, 2022- Updated April 1st, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-220402-1
Vulnerability summary:
This vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker does not need a verified certificate to exploit this vulnerability because parsing a bad certificate triggers the infinite loop before the verification process is completed.
Impacted systems:
Palo Alto PAN-OS Software, Global Protect and Prisma Access
Remediation steps:
Upgrade software versions
Pending- to be released by the vendor in April 2022
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://security.paloaltonetworks.com/CVE-2022-0778
Security Bulletin: Cisco Field Notice: Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 – Update Required
Severity:
Critical
Publication date:
February, 2022
Vulnerability/Event ID(s):
FN72332
B-220304-1
Vulnerability summary:
Affected Firepower platforms will be unable to receive the latest Talos intelligence feeds (IPs, URLs, DNS Hosts). The platform might experience a degraded security posture for future threats until the update is applied.
No other content updates (Snort Rule Updates (SRUs), Vulnerability Database (VDB), Geolocation Database (GeoDB), and so on) will be affected by this issue.
Impacted systems:
Cisco FMC (Firepower Management Center)
Remediation steps:
Atomic Data recommends updating the Cisco software version in order to address this issue. Atomic Data estimates that the update will take approximately 2 hours to complete and should be non-service impacting.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html
Security Bulletin: Pwnkit Vulnerability for Linux
Severity:
High
Publication date:
January 26th, 2022
Vulnerability/Event ID(s):
CVE-2021-4034
B-220127-1
Vulnerability summary:
This vulnerability involves a memory corruption potential within polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host in its default configuration.
Impacted systems:
All Ubuntu and RedHat based Linux Systems
Remediation steps:
Atomic Data Engineers have created a Kaseya script which will be pushed to vulnerable Linux Servers for Managed Clients. This script updates the polkit package and remediates the vulnerability without the need for a reboot or downtime.
If you are an Atomic Data managed services client, Atomic Data Engineers will push this Kaseya Script at a pre-determined time to remediate the vulnerability. If you are not an Atomic Data Unmanaged services client and you would like to have Atomic Data push this script to servers with Kaseya agents, please contact your Account Coordinator.
If there are Linux Servers which do not have Kaseya installed on them, please work with your Account Coordinator if you’d like to get the Kaseya agent installed and have the procedure pushed to your vulnerable systems.
Atomic Data Engineers will remediate any vulnerable servers for Managed clients via the Kaseya procedure. Any Unmanaged client should contact their Account Coordinator to schedule the procedure to be ran.
Additional detail:
Security Bulletin: Apache Log4j Utility
Severity:
Critical
Publication date:
Dec 10, 2021
Vulnerability/Event ID(s):
CVE-2021-44228
B-211211-1
Vulnerability summary:
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
Impacted systems:
Multiple vendors are impacted by this vulnerability. While vendors investigate the impact to their products Atomic Data is monitoring communication from the Cyber Security community to determine viable remediation and work around efforts.
Remediation steps:
Atomic Data engineering staff is:
1) using a recently released scanning module to perform vulnerability scanning for our scanning clients. This is not mitigation/remediation but identification of the vulnerability being present.
2) working on other tools to help with detection of the vulnerability.
3) tracking, documenting, and monitoring any vulnerable applications/servers that are found to ensure fixes, patches, and upgrades are applied in a timely manner.
4) available to apply a mitigation option blocking LDAP/S egress traffic. This does present a risk of blocking desired LDAP/S egress traffic. Additional investigation would be needed to allow desired LDAP/S egress traffic.
5) on standby to apply vulnerability patches as they are released by vendors.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Log4j Vulnerability Response: CVE-2021-44228
Atomic Data engineering staff is actively tracking managed clients and documenting any vulnerable applications/servers that are found.
For Windows servers: We are executing a procedure to scan all Windows servers for links to Log4j libraries. After scanning, results are generated and reviewed by the Security & Network Operations Center. We will identify the client, server, and the path to the Java file that has the reference. This will be important as vendors release patches for their software to ensure that software is updated in a timely manner.
For Linux servers: Our Product Operations team is working on a similar script to do the same with Linux servers.
For Appliances: The primary engineer for the client is reviewing what appliances are deployed and whether they are impacted.
Once we know all the locations that are impacted and potentially vulnerable, we will proceed to a monitoring phase of this response. As vendors patch their software, we will refer back to scan documentation to ensure clients with eligible apps/systems are receiving patches and updates.
This will handle detection and updates to fix the vulnerability when they are available.
As a parallel task, we are confirming that our Antivirus and Endpoint Detection and Response solutions are configured properly so that if/when someone tries to exploit a system, we will catch it right away.
Additional detail:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Security Bulletin: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Severity:
High
Publication date:
October 27, 2021
Vulnerability/Event ID(s):
CVE-2021-1573, CVE-2021-34792, CVE-2021-40117
B-211117-1
Vulnerability summary:
Cisco has released several vulnerabilities affecting memory management, the web services interface, and the SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Impacted systems:
These vulnerabilities affect Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration.
Remediation steps:
Upgrade to patched version of Cisco ASA or FTD code.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-34792
https://nvd.nist.gov/vuln/detail/CVE-2021-40117#
https://nvd.nist.gov/vuln/detail/CVE-2021-1573#
Security Bulletin: Microsoft Exchange Server Remote Code Execution Vulnerability
Severity:
High
Publication date:
November 9, 2021
Vulnerability/Event ID(s):
CVE-2021-42321
B-211110-1
Vulnerability summary:
A post-authentication vulnerability impacting on-premises Exchange Server 2016 and Exchange Server 2019 has been discovered by Microsoft and attackers are actively targeting vulnerable systems. A security flaw in the validation of cmdlet arguments could allow an authenticated attacker to perform a remote code execution on the target server. Microsoft has released security updates that address this vulnerability.
Impacted systems:
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
Remediation steps:
Atomic Data is preparing to deploy the patch via Kaseya tonight. Some servers will require a Cumulative Update (CU) prior to applying the current Security Update (SU). Account Coordinators will contact impacted clients to schedule a time for patching and updates.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
Microsoft Exchange Server Remote Code Execution Vulnerability
Released: November 2021 Exchange Server Security Updates
Microsoft urges Exchange admins to patch bug exploited in the wild
Security Bulletin: Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Severity:
High
Publication date:
Oct 6, 2021
Vulnerability/Event ID(s):
CVE-2021-34788
B-211108-1
Vulnerability summary:
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Impacted systems:
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS using the HostScan module.
Remediation steps:
For managed clients, Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.
For un-managed clients, please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
CVE-2021-34788 Detail
Security Bulletin: Cisco Wireless Access Point Vulnerabilities
Severity:
High
Publication date:
September 22nd, 2021
Vulnerability/Event ID(s):
CVE-2021-34740, CVE-2021-1419
B-210924-1
Vulnerability summary:
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Also, a vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges.
Impacted systems:
Cisco Wireless Network Environments
Remediation steps:
Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address these vulnerabilities. The estimated upgrade time will vary, based on the number of access points within the environment. Please contact your Atomic Data Account Coordinator for assistance with creating an upgrade maintenance plan.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
Cisco Access Points SSH Management Privilege Escalation Vulnerability
Cisco Software Denial of Service Vulnerability
Severity:
High
Publication date:
September 22nd, 2021
Vulnerability/Event ID(s):
CVE-2021-34699
B-210923-1
Vulnerability summary:
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
Impacted systems:
Cisco IOS and IOS XE Software with TrustSec capabilities and web UI enabled.
Remediation steps:
Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address this vulnerability. The estimated upgrade time is planned around 2 hours per device, with a brief service interruption while the hardware is rebooted. Onsite access may be required to perform the upgrade(s).
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
Security Bulletin: VMware vCenter Server
Severity:
Critical
Publication date:
September 21st, 2021
Vulnerability/Event ID(s):
CVE-2021-22005
B-210924-2
Vulnerability summary:
VMware recently released updates that resolve critical and high-severity vulnerabilities affecting vCenter Servers, described in VMSA-2021-0020. VMware strongly recommends customers take immediate action to remediate or mitigate the threat of the critical issue impacting these versions of vCenter Server: 7.0, 6.7, and 6.5.
Affected versions of VMware vCenter Server permit anyone with network access to your vCenter Server to execute arbitrary commands and software, which could result in execution of administrative commands and takeover of the virtual hosting environment. Multiple exploits for this vulnerability are now freely available online.
While the potential risk to your affected vCenter Server is greatly reduced if it is not exposed to the internet, an attacker could leverage an initial compromise of a workstation or web browser inside your network to complete the exploit of a vCenter exposed to internal user-generated traffic.
Impacted systems:
vCenter 7.0
vCenter 6.7
vCenter 6.5 (not vulnerable to critical issue but still recommended)
Remediation steps:
(1) Temporarily mitigate the critical vulnerability by implementing KB85717 in vCenter 7.0 or 6.7.
(2) Permanently remediate the critical and the other important vulnerabilities by applying vCenter Server 7.0 Update 2d, vCenter Server 6.7 Update 3o, or vCenter Server 6.5 Update 3q.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://kb.vmware.com/s/article/85717
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u2d-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3o-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3q-release-notes.html
Microsoft MSHTML Remote Code Execution
Severity:
Critical
Publication date:
September 7th, 2021
Vulnerability/Event ID(s):
CVE-2021-40444
B-210910-1
Vulnerability summary:
Microsoft reported a remote code execution vulnerability in MSHTML that affects Microsoft Windows. An attacker could use a maliciously crafted Microsoft Office document to compromise a system. The attacker would first have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impacted systems:
Windows systems with Microsoft Office products.
Remediation steps:
Atomic Data has discovered an active vulnerability and has applied a securityfix to your machine. For this to complete you need to reboot your machine as soon as possible.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
ArubaOS Multiple Vulnerabilities
Severity:
Critical
Publication date:
August 31st, 2021
Vulnerability/Event ID(s):
CVE-2019-5318, CVE-2021-37716, CVE-2021-37717, CVE-2021-37718, CVE-2020-37719, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37723, CVE-2021-37724, CVE-2021-37725, CVE-2021-37728, CVE-2021-37729, CVE-2021-37731, CVE-2021-37733
B-210831-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple securityvulnerabilities
Impacted systems:
ArubaOS (Multiple code versions)
Remediation steps:
Aruba recommends upgrading the ArubaOS software to a non-vulnerable version in order to address multiple vulnerabilities. The estimated upgrade time is planned around 2 hours per device.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt