Security Bulletins
Quick Links
- October 24th, 2024 – FortiManager Critical Vulnerability
- October 24th, 2024 – Cisco ASA, FMC, and FTD Software Security Advisory
- September 18th, 2024 – VMware vCenter Server
- September 4th, 2024 – Veeam Security Bulletin
- August 22, 2024 – SonicWall Vulnerability
- August 13, 2024 – Windows TCP/IP Remote Code Execution Vulnerability
- July 1, 2024 – OpenSSH Remote Unauthenticated Code Execution
- June 18, 2024 – VMware Multiple Vulnerabilities
- April 30, 2024 – ArubaOS Multiple Vulnerabilities
- April 24, 2024 – Cisco ASA and FTD Firewall Vulnerabilities
- April 12, 2024 – OS Command Injection Vulnerability in GlobalProtect Gateway (UPDATE)
- April 12, 2024 – OS Command Injection Vulnerability in GlobalProtect Gateway
- March 22, 2024 – Microsoft Server Memory Leak
- March 5, 2024 – Use-after-free vulnerability in multiple VMware USB controllers
- February 21, 2024 – VMware Enhanced Authentication Plugin (EAP) Critical Vulnerability
- February 13, 2024 – Microsoft Exchange Server and Microsoft Outlook Critical Vulnerabilities
- February 8, 2024 – Fortinet – FortiOS Critical Vulnerability
- 2023
- 2022
- 2021
Security Bulletin: FortiManager Critical Vulnerability
Severity:
Critical
Publication date:
October 24, 2024
Vulnerability/Event ID(s):
CVE-2024-47575
B-241024-2
Vulnerability summary:
A critical vulnerability (CWE-306: Missing Authentication for Critical Function) has been identified in the FortiManager fgfmd daemon. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or commands on the affected system by sending specially crafted requests. Reports confirm that this vulnerability is actively being exploited in the wild.
Impacted systems:
FortiManager Products
• FortiManager 7.6: Affected Versions: All version
• FortiManager 7.4: Affected Versions: 7.4.0 through 7.4.4
• FortiManager 7.2: Affected Versions: 7.2.0 through 7.2.7
• FortiManager 7.0: Affected Versions: 7.0.0 through 7.0.12
• FortiManager 6.4: Affected Versions: 6.4.0 through 6.4.14
• FortiManager 6.2: Affected Versions: 6.2.0 through 6.2.12
FortiManager Cloud Products
• FortiManager Cloud 7.4: Affected Versions: 7.4.1 through 7.4.4
• FortiManager Cloud 7.2: Affected Versions: 7.2.1 through 7.2.7
• FortiManager Cloud 7.0: Affected Versions: 7.0.1 through 7.0.12
• FortiManager Cloud 6.4: Affected Versions: All versions
Remediation steps:
Fortinet has released software patches and workarounds to address this vulnerability.
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Cisco ASA, FMC, and FTD Software Security Advisory
Severity:
Critical
Publication date:
October 24, 2024
Vulnerability/Event ID(s):
CVE-2024-20329, CVE-2024-20424, CVE-2024-20412
B-241024-1
Vulnerability summary:
1. Cisco Adaptive Security Appliance (ASA) Software: A
vulnerability in the SSH subsystem of ASA Software allows an
authenticated, remote attacker to execute operating system
commands as root. This issue arises from insufficient validation of
user input during remote CLI execution over SSH. By submitting
crafted input, attackers with limited privileges could escalate access
to complete control of the system.
2. Cisco Secure Firewall Management Center (FMC) Software: A
vulnerability in the web-based management interface of FMC
Software could allow an authenticated, remote attacker to execute
arbitrary commands on the underlying operating system as root. The
flaw is due to inadequate input validation in certain HTTP requests.
Attackers with valid credentials, holding at least Security Analyst
(Read Only) privileges, could exploit this to compromise both the FMC
and managed Firepower Threat Defense (FTD) devices.
3. Cisco Firepower Threat Defense (FTD) Software: A vulnerability
in Cisco FTD for Firepower 1000, 2100, 3100, and 4200 Series
devices allows an unauthenticated, local attacker to access the system
using static credentials. Exploiting this vulnerability could grant the
attacker unauthorized access to the affected system.
Impacted systems:
1. Cisco ASA Software with the CiscoSSH stack enabled and SSH access
allowed on at least one interface
2. Cisco products if they are running a vulnerable release of Cisco FMC
Software, regardless of device configuration
3. Cisco Firepower 1000, 2100, 3100, and 4200 Series
Remediation steps:
Cisco has released software updates that address these vulnerabilities.
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
https://sec.cloudapps.cisco.com/security/center/viewErp.x?
alertId=ERP-75300
https://sec.cloudapps.cisco.com/security/center/content/
CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF#fs
https://sec.cloudapps.cisco.com/security/center/content/
CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7#fs
https://sec.cloudapps.cisco.com/security/center/content/
CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5
Security Bulletin: SonicWall Vulnerability
Severity:
Critical
Publication date:
August 22, 2024
Vulnerability/Event ID(s):
B-241018-1
Vulnerability summary:
An improper access control vulnerability has been identified in the SonicWall SonicOS management access and SSLVPN, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
Impacted systems:
– Gen5; SonicOS 5.9.2.14-2o and earlier versions
– SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W; SonicOS 6.5.4.14-109n and earlier versions
– TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700, NSv 270, NSv 470, NSv 870; SonicOS 7.0.1-5035 and earlier versions
Remediation steps:
SonicWall users will need to update their versions to the fixed versions that are found on the publishers site: https://www.sonicwall.com/support/knowledge-base/product-notice-improper-access-control-vulnerability-in-sonicos/240822062732757
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: VMware vCenter Server – Critical Vulnerability
Severity:
Critical
Publication date:
09/18/2024
Vulnerability/Event ID(s):
CVE-2024-38813, CVE-2024-38812
B-240918-1
Vulnerability summary:
Two vulnerabilities in VMware vCenter Server have been identified. Threat actors need network access to VMware vCenter to exploit either vulnerability. CVE-2024-38812 allows remote code execution while CVE-2024-38813 allows privilege escalation to system root.
Impacted systems:
VMware vCenter Server version 7.0
VMware vCenter Server version 8.0
VMware Cloud Foundation version 4.x
VMware Cloud Foundation version 5.x
Remediation steps:
VMware has published patches that remediate these vulnerabilities. These should be applied immediately.
Impacted Version and relating patch version
vCenter Server 7.0 – Fixed in 7.0 U3s)
vCenter Server 8.0 – Fixed in 8.0 U3b)
VMware Cloud Foundation 4.x – Fixed in 7.0 U3s as an asynchronous patch
VMware Cloud Foundation 5.x – Fixed in 8.0 U3b as an asynchronous patch
There are no workarounds to remediate vulnerabilities.
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/
https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
Security Bulletin: Veeam Security Bulletin (September 2024)
Severity:
Critical
Publication date:
September 04, 2024
Vulnerability/Event ID(s):
Veeam KB4649
Vulnerability summary:
Veeam released a September 2024 security bulletin addressing several critical and high vulnerabilities affecting multiple Veeam products.
Impacted systems:
Veeam Backup and Replication – 12.1.2.172 and all earlier version 12 builds
Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds.
Veeam ONE 12.1.0.3208 and all earlier version 12 builds.
Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 builds.
Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds.
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds.
Remediation steps:
Update to Veeam Backup & Replication to version 12.2 (build 12.2.0.334)
Update to Veeam Agent for Linux 6.2 (build 6.2.0.101) — Included with Veeam Backup & Replication 12.2
Update to Veeam ONE v12.2 (build 12.2.0.4093)
Update to Veeam Service Provider Console v8.1 (build 8.1.0.21377)
Update to Veeam Backup for Nutanix AHV Plug-In v12.6.0.632 — Included with Veeam Backup & Replication 12.2
Update to Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In v12.5.0.299 — Included with Veeam Backup & Replication 12.2
If you are a client in Atomic Data’s Veeam Provider Portal, Atomic Data engineers will be performing patching.
If you a client not in Atomic Data’s Veeam Provider Portal, your Account Coordinator will be reaching out to review the best remediation steps for your Veeam environment.
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Windows TCP/IP Remote Code Execution Vulnerability
Severity:
Critical
Publication date:
August 13, 2024
Vulnerability/Event ID(s):
CVE-2024-38063
B-240816-1
Vulnerability summary:
CVE-2024-38063 is a critical Remote Code Execution (RCE) vulnerability that affects Windows systems with IPv6 enabled. An attacker could remotely exploit this vulnerability by sending specially crafted IPv6 packets to a host.
Impacted systems:
Windows systems with IPv6 enabled.
Remediation steps:
Microsoft has released patches for all supported versions of Windows and Windows Server, including Server Core installations
If you are a comprehensive client, Atomic Data engineers will perform an out-of-band patch.
If you are an essential client, your Account Coordinator will be reaching out to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Manager or Atomic Data at 612.466.2020.
Additional detail:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Security Bulletin: OpenSSH Remote Unauthenticated Code Execution
Severity:
High
Publication date:
July 1, 2024
Vulnerability/Event ID(s):
CVE-2024-6387
B-240701-1
Vulnerability summary:
A vulnerability was reintroduced into OpenSSH. It allows threat actors to remotely exploit the authentication mechanism to bypass access requirements. Once access is gained, the threat actor can run remote code at root level to compromise the system.
Impacted systems:
glibc-based Linux systems with OpenSSH prior to version 4.41p
glibc-based Linux systems with OpenSSH between versions 8.5p1 to 9.7.p1
Remediation steps:
Update OpenSSH with the vendor supplied patch when available.
Work Around:
SetLloginGraceTime to 0 in the config file. This prevents the remote code execution risk but creates a denial of service risk for that system.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.qualys.com/regresshion-cve-2024-6387/
https://security-tracker.debian.org/tracker/CVE-2024-6387
https://www.computing.co.uk/news/4329906/critical-vulnerability-openssh-uncovered-affects-linux-systems
https://www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
Security Bulletin: VMware multiple vulnerabilities
Severity:
Critical
Publication date:
June 18, 2024
Vulnerability/Event ID(s):
CVE-2024-37079, CVE-2024-37080, CVE-2024-37081
B-240619-1
Vulnerability summary:
VMware vCenter Server multiple heap-overflow vulnerabilities (CVE-2024-37079, CVE-2024-37080)
-vCenter Server contains multiple heap-overflow vulnerabilities in the implementation of the DCERPC protocol. This allows a threat actor with vCenter Server network access to potentially execute remote code through specially crafted packets.
VMware vCenter multiple local privilege escalation vulnerabilities (CVE-2024-37081)
-vCenter Server contains multiple local privilege escalation vulnerabilities in the implementation of sudo. This allows an authenticated local user with non-administrative privileges to gain root level privileges.
Impacted systems:
-vCenter Server version 7.0 or 8.0
-Cloud Foundation (vCenter Server) version 4.x or 5.x
Remediation steps:
VMware has published updates that address these vulnerabilities and there are no workarounds. Please reference the Response Matrix section in the VMware Security Advisory for current remediation solutions for your specific product.
VMware Security Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
–https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
–https://duo.com/decipher/vmware-warns-of-critical-vcenter-server-flaws
Security Bulletin: ArubaOS Multiple Vulnerabilities
Severity:
Critical
Publication date:
April 30th, 2024
Vulnerability/Event ID(s):
CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, CVE-2024-33512
B-240501-1
Vulnerability summary:
Multiple vulnerabilities were announced that allow unauthenticated remote code execution on Aruba’s PAPI (Aruba’s access point management protocol) management port.
Impacted systems:
HPE Aruba Networking Devices:
– Mobility Conductor (formerly Mobility Master)
– Mobility Controllers
– WLAN Gateways and SD-WAN Gateways managed by Aruba Central
Affected Software Versions:
– ArubaOS 10.5.x.x: 10.5.1.0 and below
– ArubaOS 10.4.x.x: 10.4.1.0 and below
– ArubaOS 8.11.x.x: 8.11.2.1 and below
– ArubaOS 8.10.x.x: 8.10.0.10 and below
The following ArubaOS and SD-WAN software versions that are End of Maintenance are affected by these vulnerabilities and are not patched by this advisory:
– ArubaOS 10.3.x.x: all
– ArubaOS 8.9.x.x: all
– ArubaOS 8.8.x.x: all
– ArubaOS 8.7.x.x: all
– ArubaOS 8.6.x.x: all
– ArubaOS 6.5.4.x: all
– SD-WAN 8.7.0.0-2.3.0.x: all
– SD-WAN 8.6.0.4-2.2.x.x: all
Remediation steps:
ArubaOS 8.x: Enable the Enhanced PAP Security Feature using a non-default key or update where possible ArubaOS 10.x: Update software.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Cisco ASA and FTD Firewall Vulnerabilities
Severity:
High
Publication date:
April 24th 2024
Vulnerability/Event ID(s):
CVE-2024-20353, CVE-2024-20359, CVE-2024-20358
B-240425-1
Vulnerability summary:
Cisco has announced that 3 vulnerabilities that are being exploited by threat groups. This campaign is being called ArcaneDoor. Cisco has not verified the initial attack vector but is stating local access with administrative access is needed to initiate the exploitation these vulnerabilities. These vulnerabilities allow threat actors to plant malware and obtain persistence on affected devices. Cisco has released security updates that will stop and prevent future exploitation.
Impacted systems:
Cisco ASA and FTD devices with specific configurations.
Remediation steps:
All ASA’s and FTD’s should be updated to a current version of the product.
Cisco has also released guides to check if a specific configuration was vulnerable and if compromise had occurred.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm
Security Bulletin: UPDATE: PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
Severity:
Critical
Publication date:
April 12, 2024
Vulnerability/Event ID(s):
CVE-2024-3400
B-240412-1
Vulnerability summary:
Please review the update in the remediation steps below. A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Impacted systems:
PAN-OS 11.1 versions less than 11.1.2-h31.
PAN-OS 11.0 versions less than 11.0.4-h11.
PAN-OS 10.2 versions less than 10.2.9-h11.
Remediation steps:
UPDATE: In the previous announcement from Palo Alto Networks, they made recommendations for workarounds that would mitigate this vulnerability until the hotfix releases were available. This morning, Palo Alto Networks announced that the workarounds were NOT a viable mitigation. Engineers are re-engaged and working with Account Coordinators to schedule patching at this time.
Fixed releases:
– PAN-OS 10.2.9-h1
– PAN-OS 11.0.4-h1
– PAN-OS 11.1.2-h3
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
Severity:
Critical
Publication date:
April 12, 2024
Vulnerability/Event ID(s):
CVE-2024-3400
B-240412-1
Vulnerability summary:
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Impacted systems:
PAN-OS 11.1 versions less than 11.1.2-h31.
PAN-OS 11.0 versions less than 11.0.4-h11.
PAN-OS 10.2 versions less than 10.2.9-h11.
Remediation steps:
This issue will be fixed in future hotfix releases of PAN-OS 10.2.9-h1 (ETA: By 4/14), PAN-OS 11.0.4-h1 (ETA: By 4/14), and PAN-OS 11.1.2-h3 (ETA: By 4/14), and in all later PAN-OS versions.
Atomic Data Engineers have already implemented the recommended mitigations below for affected Palo Alto Networks appliances. Your account coordinator will reach out once the finalized software patch is available to schedule a code upgrade.
Recommended Mitigations: (Infrastructure Engineering has implemented both recommendations at this time).
– Customers with a Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187 (introduced in Applications and Threats content version 8833-8682).
– In addition to enabling Threat ID 95187, customers must ensure vulnerability protection has been applied to their GlobalProtect interface to prevent exploitation of this issue on their device.
If you are unable to apply the Threat Prevention based mitigation at this time, you can still mitigate the impact of this vulnerability by temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version. Once upgraded, device telemetry should be re-enabled on the device.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://security.paloaltonetworks.com/CVE-2024-3400
Security Bulletin: Microsoft Server Memory Leak
Severity:
High
Publication date:
March 22, 2024
Vulnerability/Event ID(s):
B-240401-1
Vulnerability summary:
The update released on March 22, 2024 addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs). This issue occurs after you install KB5035857 (March 12, 2024). The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it.
Impacted systems:
KB5035857 or the March 12, 2024 Windows version on Domain Controller servers.
Remediation steps:
Install out-of-band updates to known issue that affects LSASS in Windows Servers 2012 R2, 2016, 2019, and 2022 domain controllers.
If you are a Comprehensive client with Atomic Data, our engineers will reach out with a date/time for the update. If you are Essential, Atomic Data will be reaching out and requesting a date/time for the update.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
2022: https://support.microsoft.com/en-us/topic/march-22-2024-kb5037422-os-build-20348-2342-out-of-band-e8f5bf56-c7cb-4051-bd5c-cc35963b18f3
2019: https://support.microsoft.com/en-us/topic/march-25-2024-kb5037425-os-build-17763-5579-out-of-band-fa8fb7fa-8185-408f-bdd6-ea575ce2fcb5
2016: https://support.microsoft.com/en-us/topic/march-22-2024-kb5037423-os-build-14393-6799-out-of-band-1775cda2-4bb6-43a9-9fd4-ddc3528d3408
2012R2: https://support.microsoft.com/en-us/topic/kb5037426-update-to-address-a-known-issue-that-affects-lsass-in-windows-server-2012-r2-eda1002a-4b4d-4c99-8383-b0e2bab5c1d0
Security Bulletin: Use-after-free vulnerability in multiple VMWare USB controllers – High to Critical Vulnerability
Severity:
High
Publication date:
2024-03-05
Vulnerability/Event ID(s):
CVE-2024-22252, CVE-2024-22253, CVE-2024-22255, CVE-2024-22254
B-20240306-1
Vulnerability summary:
Multiple VMware vulnerabilities were recently announced that allow an attacker with local admin permissions to abuse USB controllers to run code on the VMware host.
Impacted systems:
VMware ESXi, Workstation, and Fusion
Remediation steps:
Apply VMware product updates
Comprehensive Clients: Atomic Data is actively identifying and will be remediating the vulnerabilities over the next 72 hours. If a reboot or downtime is necessary Atomic Data will contact you.
Essentials Clients: Contact your Account Coordinator if you would assistance with identifying and removing the vulnerable software.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Atomic Data Engineers will begin patching affected Comprehensive clients this evening, from 18:00 CT until complete. All other affected clients will be contacted by their Account Coordinator to schedule a patching window.
Additional detail:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22255
https://nvd.nist.gov/vuln/detail/CVE-2024-22254
https://nvd.nist.gov/vuln/detail/CVE-2024-22253
https://nvd.nist.gov/vuln/detail/CVE-2024-22252
Security Bulletin: VMware Enhanced Authentication Plugin (EAP) Critical Vulnerability
Severity:
Critical
Publication date:
February 21, 2024
Vulnerability/Event ID(s):
CVE-2024-22245, CVE-2024-22250
B-240221-1
Vulnerability summary:
VMware has announced a critical vulnerability for Enhanced Authentication Plugin (EAP).
These vulnerabilities can allow threat actors to trick a target domain user with EAP installed into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs) or hijack a privileged EAP session.
Impacted systems:
Windows endpoints with VMware Enhanced Authentication Web Browser Plugin
Windows endpoints with VMware Enhanced Authentication Windows Service
Remediation steps:
VMware does not plan to fix this vulnerability and the software product should be removed.
The windows service or plugin was not found to be installed on any of your online servers. If you would like Atomic Data to review individual user machines, please contact your Account Coordinator or Atomic Data at 612.466.2020.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.vmware.com/security/advisories/VMSA-2024-0003.html
https://kb.vmware.com/s/article/96442
Security Bulletin: Microsoft Exchange Server and Microsoft Outlook Critical Vulnerabilities
Severity:
Informational
Publication date:
February 13, 2024
Vulnerability/Event ID(s):
CVE-2024-21410, CVE-2024-21413
B-240214-2
Vulnerability summary:
UPDATE: For the majority of comprehensive clients, this issue has been resolved. Account Coordinators will reach out directly if more work is needed.
Microsoft Server vulnerability:
Use a current version of Microsoft’s Exchange Server Health Checker script to determine if your server configuration is exploitable by this critical vulnerability. If vulnerable, follow Microsoft’s guidance to remediate this vulnerability based on your current configuration.
Microsoft Outlook Vulnerability:
Apply a security update to the impacted systems.
Atomic Data Engineers are ready to assist with evaluating your environment and assisting with remediation. Please contact your Account Coordinator to schedule an engineer for assistance.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020
Impacted systems:
CVE-2024-21410 – Microsoft Exchange Server Vulnerability
Specific configurations of Microsoft Exchange Server 2019 Cumulative Update 14
Specific configurations of Microsoft Exchange Server 2019 Cumulative Update 13
Specific configurations of Microsoft Exchange Server 2016 Cumulative Update 23
CVE-2024-21413 – Microsoft Outlook vulnerability
Microsoft Office 2016 32-bit and 64-bit editions.
Remediation steps:
Microsoft Server vulnerability:
Use a current version of Microsoft’s Exchange Server Health Checker script to determine if your server configuration is exploitable by this critical vulnerability. If vulnerable, follow Microsoft’s guidance to remediate this vulnerability based on your current configuration.
Microsoft Outlook Vulnerability:
Apply a security update to the impacted systems.
Atomic Data Engineers are ready to assist with evaluating your environment and assisting with remediation. Please contact your Account Coordinator to schedule an engineer for assistance.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Atomic Data Engineers will begin patching affected Comprehensive clients this evening, from 18:00 CT until complete. All other affected clients will be contacted by their Account Coordinator to schedule a patching window.
Additional detail:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21410
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21413
Security Bulletin: Fortinet – FortiOS Critical Vulnerability
Severity:
Critical
Publication date:
February 8, 2024
Vulnerability/Event ID(s):
CVE-2024-21762, CVE-2024-23113
B-240208-1
Vulnerability summary:
UPDATE: Atomic Data engineers have completed patching of the affected Fortinet products within your environment. Engineers are completing documentation updates and updating associated tickets at this time, which will be closed as confirmation that work was completed.
Fortigate has identified two critical vulnerabilities that could allow an unauthenticated attacker to exploit arbitrary code via specifically crafted requests. The first vulnerability is an out-of-bounds write vulnerability in FortiOS that is potentially being exploited the wild. The second vulnerability includes a flaw in the FortiManager daemon which could allow a remote attacker to execute arbitrary code or commands on impacted systems.
Impacted systems:
CVE-2024-21762
FortiOS 7.4.0 through 7.4.2
FortiOS 7.2.0 through 7.2.6
FortiOS 7.0.0 through 7.0.13
FortiOS 6.4.0 through 6.4.14
FortiOS 6.2.0 through 6.2.15
FortiOS 6.0 all versions
CVE-2024-23113
FortiOS 7.4.0 through 7.4.2
FortiOS 7.2.0 through 7.2.6
FortiOS 7.0.0 through 7.0.13
Remediation steps:
Fortigate has released updated versions to resolve this issue.
Atomic Data Engineers will begin patching affected Comprehensive clients this evening, from 18:00 CT until complete. All other affected clients will be contacted by their Account Coordinator to schedule a patching window.
Additional detail:
https://fortiguard.fortinet.com/psirt/FG-IR-24-015, https://www.fortiguard.com/psirt/FG-IR-24-029
Security Bulletin: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
Severity:
Critical
Publication date:
October 16, 2023
Vulnerability/Event ID(s):
CVE-2023-20198
B-231016-1
Vulnerability summary:
A critical vulnerability in the web UI feature of Cisco IOS XE Software that allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.
Impacted systems:
This vulnerability affects Cisco IOS XE Software if the web UI feature is enabled. You are receiving this notification because upon an initial audit of the Atomic Monitoring Solution, you may have devices impacted by this vulnerability.
Remediation steps:
Cisco has not released a patched software version at this time. Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. After disabling the HTTP Server feature, configure it so that the HTTP Server feature is not unexpectedly enabled in the event of a system reload.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Exchange Server Security Updates
Severity:
High
Publication Date:
August 30th, 2023
Vulnerability/Event ID(s):
B-220830-1, CVE-2023-21709
Vulnerability summary:
A high Elevation of Privilege Vulnerability was identified in the August Exchange Server Security Update (KB5029388) that requires additional patching steps. An attacker could use this vulnerability to brute force accounts.
Impacted systems:
Microsoft Exchange Server 2016 & 2019
Remediation steps:
Atomic Data has already been mitigating this vulnerability on clients with Atomic Data Patch Management services. This bulletin is being sent to all clients for advisory purposes. Apply the August Exchange Server SecurityUpdate and run a provided script from Microsoft after the patch has been applied or work with your Account Coordinator to schedule a maintenance window for Atomic Engineering to assist.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Microsoft Exchange Server 2019 and 2016: August 8, 2023 (KB5029388)
Microsoft Exchange Server Elevation of Privilege Vulnerability
Security Bulletin: Aruba Access Points Multiple Vulnerabilities
Severity:
Critical
Publication date:
July 25th, 2023
Vulnerability/Event ID(s):
CVE-2022-25667, CVE-2023-35980, CVE-2023-35981, CVE-2023-35982
B-230725-1
Vulnerability summary:
HPE Aruba Networking has released patches for Aruba access points running InstantOS and ArubaOS 10 that address multiple security vulnerabilities.
Impacted systems:
Aruba Access Points running:
– ArubaOS 10.4.x.x: 10.4.0.1 and below
– InstantOS 8.11.x.x: 8.11.1.0 and below
– InstantOS 8.10.x.x: 8.10.0.6 and below
– InstantOS 8.6.x.x: 8.6.0.20 and below
– InstantOS 6.5.x.x: 6.5.4.24 and below
– InstantOS 6.4.x.x: 6.4.4.8-4.2.4.21 and below
Remediation steps:
Upgrade to software versions:
– ArubaOS 10.4.x.x: 10.4.0.2 and above
– InstantOS 8.11.x.x: 8.11.1.1 and above
– InstantOS 8.10.x.x: 8.10.0.7 and above
– InstantOS 8.6.x: 8.6.0.21 and above
– InstantOS 6.5.x: 6.5.4.25 and above
– InstantOS 6.4.x: 6.4.4.8-4.2.4.22 and above
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
Security Bulletin: Vulnerability in Fortigate Products
Severity:
Critical
Publication date:
March 7, 2023
Vulnerability/Event ID(s):
CVE-2023-25610
B-230309-1
Vulnerability summary:
A buffer underwrite (‘buffer underflow’) vulnerability in FortiOS and FortiProxy administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. Fortinet is not aware of any instance where this vulnerability was exploited in the wild. Fortinet discovered this vulnerability as part of their normal security testing program.
Impacted systems:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Remediation steps:
Fortigate has released patched versions to resolve this issue. These products should be updated as soon as possible. Fortigate’s announcement also contains a workaround (see link below).
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.fortiguard.com/psirt/FG-IR-23-001
Security Bulletin: Multiple Vulnerabilities in ArubaOS
Severity:
Critical
Publication date:
February 28, 2023
Vulnerability/Event ID(s):
ARUBA-PSA-2023-002
B-230303-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple critical security vulnerabilities.
Impacted systems:
•Aruba Mobility Conductor (formerly Mobility Master)
•Aruba Mobility Controllers
•Aruba WLAN Gateways and SD-WAN Gateways managed by Aruba Central
Remediation steps:
The affected Aruba products should be patched as soon as possible.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/support-services/security-bulletins/
Security Bulletin: Multiple Vulnerabilities in Aruba Products
Severity:
High
Publication date:
February 08, 2023
Vulnerability/Event ID(s):
CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-202-4304
B-230210-1
Vulnerability summary:
Aruba Threat Labs confirmed the version of OpenSSL used in the web-management interfaces embedded in multiple Aruba products is impacted by at least four CVEs, some of which can be exploited in a lab setting to cause denial-of-service and potentially disclosure of sensitive information. Nobody has yet observed exploitation of these vulnerabilities in the real world, and the management interfaces can be protected through network segmentation to greatly reduce the risk that an attacker could reach them.
Impacted systems:
• AirWave Management Platform
• Aruba ClearPass Policy Manager
• ArubaOS-CX Switches
• ArubaOS Wi-Fi Controllers and Gateways
• ArubaOS SD-WAN Gateways
• Aruba InstantOS / Aruba Access Points running ArubaOS 10
Remediation steps:
Atomic Data will be in touch to discuss mitigation steps that will lower the risk until Aruba releases fixes for these vulnerabilities.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-001.txt
Security Bulletin: FortiOS- Heap-Based Buffer Overflow Vulnerability in FortiOS-SSL-VPN
Severity:
Critical
Publication date:
December 12th, 2022
Vulnerability/Event ID(s):
CVE-2022-42475
B-221212-1
Vulnerability summary:
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Fortinet is aware of an instance where this vulnerability was exploited in the wild.
Impacted systems:
Multiple FortiOS Versions
Remediation steps:
Upgrade code to a newer version. Your Account Coordinator can work with you and our Engineering team to schedule a maintenance window to perform the upgrade.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
High
Publication date:
December 6th, 2022
Vulnerability/Event ID(s):
CVE-2002-20001, CVE-2022-43530, CVE-2022-43531, CVE-2022-43532, CVE-2022-43533, CVE-2022-43534, CVE-2022-43535, CVE-2022-43536, CVE-2022-43537, CVE-2022-43538, CVE-2022-43539, CVE-2022-43540
B-221208-1
Vulnerability summary:
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
Impacted systems:
Aruba ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version. In some instances, a work around may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: OpenSSL X.509 Certificate Verification Vulnerabilities
Severity:
High
Publication date:
November 1, 2022
Vulnerability/Event ID(s):
CVE-2022-3786, CVE-2022-3602
B-221104-1
Vulnerability summary:
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking, which could result in a denial-of-service crash (CVE-2022-3786 & CVE-2022-3602) or potential remote code execution (CVE-2022-3602 only).
Impacted systems:
OpenSSL versions 3.0.0 to 3.0.6.
Remediation steps:
Update any operating system, device, or application that installs or relies on OpenSSL v3.0.x. You may have to check with your software vendor(s) for more information.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability
Severity:
Advisory
Publication date:
General vulnerability publication: March 15, 2022 – Cisco AnyConnect Fix Announced and Released: October 18, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-221028-2
Vulnerability summary:
Affected versions of the AnyConnect client can be forced into an infinite loop if the server answers its connection with a malformed encryption certificate. The loop would result in a denial-of-service for the user. The conditions required for an attacker to cause the AnyConnect client to receive such a certificate are currently believed to be difficult but not impossible to recreate.
Impacted systems:
Cisco AnyConnect Secure Mobility Client versions prior to 4.10.06079, for all operating systems.
Remediation steps:
Upgrade code to the latest AnyConnect Secure Mobility Client. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Cisco Bug ID: CSCwb41421 (non-public)
Security Bulletin: Cisco AnyConnect Secure Mobility Client Denial-of-Service Vulnerability
Severity:
Critical
Publication date:
August, 2020, Updated: October, 2022
Vulnerability/Event ID(s):
CVE-2020-3433
B-221028-1
Vulnerability summary:
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Cisco has become aware of this vulnerability being actively exploited. Cisco highly recommends upgrading to their latest version of Cisco AnyConnect Windows Client.
Impacted systems:
Cisco AnyConnect Secure Mobility Client for Windows: Releases earlier than version 4.9.00086.
Remediation steps:
Upgrade code to the latest AnyConnect Secure Mobility Client. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: ArubaOS Multiple Vulnerabilities
Severity:
Critical
Publication date:
October 25th, 2022
Vulnerability/Event ID(s):
CVE-2022-37897, CVE-2022-37898, CVE-2022-37899, CVE-2022-37900, CVE-2022-37901, CVE-2022-37902, CVE-2022-37903, CVE-2022-37904, CVE-2022-37905, CVE-2022-37906, CVE-2022-37907, CVE-2022-37908, CVE-2022-37909, CVE-2022-37910, CVE-2022-37911, CVE-2022-37912
B-221025-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple security vulnerabilities.
Impacted systems:
Multiple Aruba Products
Remediation steps:
Upgrade code to a newer version. In some instances, a work around may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: FortiOS / FortiProxy / FortiSwitchManager – Authentication bypass on Administrative Interface
Severity:
Critical
Publication date:
October 10th, 2022
Vulnerability/Event ID(s):
CVE-2022-40684
B-221012-1
Vulnerability summary:
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Impacted systems:
FortiOS, FortiProxy and FortiSwitch Manager
Remediation steps:
Upgrade code to a newer version. In certain cases, a workaround may be available. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.fortiguard.com/psirt/FG-IR-22-377
Security Bulletin: Cisco FMC and IPS – Snort consumes memory causing Block Depletion
Severity:
Advisory
Publication date:
Updated October 6th, 2022
Vulnerability/Event ID(s):
CSCvt34894
B-221011-1
Vulnerability summary:
Snort consumes memory causing block depletion. In some cases, Snort enters an uninterruptible sleep, which causes packets being dropped and block exhaustion.
Impacted systems:
Cisco Firepower Management Center and Cisco Firepower NGFW
Remediation steps:
Upgrading code to a newer version, including the ASA, SFR Modules and FMC will remediate this bug. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvt34894
Security Bulletin: Microsoft Zero-Day Exchange Server Vulnerabilities
Severity:
Critical
Publication date:
September 29th, 2022
Vulnerability/Event ID(s):
CVE-2022-41040, CVE-2022-41082
B-220930-1
Vulnerability summary:
Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.
Impacted systems:
Microsoft Exchange Environments
Remediation steps:
Modify IIS configuration and URL Rewrite Rules. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your Microsoft Exchange environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: Aruba Access Points Multiple Vulnerabilities
Severity:
Critical
Publication date:
September 27th, 2022
Vulnerability/Event ID(s):
CVE-2002-20001, CVE-2022-37885, CVE-2022-37886, CVE-2022-37887, CVE-2022-37888, CVE-2022-37889, CVE-2022-37890, CVE-2022-37891, CVE-2022-37892, CVE-2022-37893, CVE-2022-37894, CVE-2022-37895, CVE-2022-37896
B-220928-1
Vulnerability summary:
Aruba has released patches for Aruba access points running InstantOS and ArubaOS 10 that address multiple security vulnerabilities.
Impacted systems:
Aruba Access Points
Remediation steps:
Upgrade code to a newer version. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best remediation steps for your wireless environment.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
High
Publication date:
September 7th, 2022
Vulnerability/Event ID(s):
CVE-2022-23685, CVE-2022-23692, CVE-2022-23693, CVE-2022-23694, CVE-2022-23695, CVE-2022-23696, CVE-2022-37877, CVE-2022-37878, CVE-2022-37879, CVE-2022-37880, CVE-2022-37881, CVE-2022-37882, CVE-2022-37883, CVE-2022-37884
B-220915-1
Vulnerability summary:
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
Impacted systems:
ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version – approximately 3-4 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-013.txt
Security Bulletin: Aruba AOS-CX Switches – Multiple Vulnerabilities
Severity:
High
Publication date:
August 30th, 2022
Vulnerability/Event ID(s):
CVE-2022-23679, CVE-2022-23680, CVE-2022-23681, CVE-2022-23682, CVE-2022-23683, CVE-2022-23684, CVE-2022-23686, CVE-2022-23687, CVE-2022-23688, CVE-2022-23689, CVE-2022-23690, CVE-2022-23691
B-220901-1
Vulnerability summary:
Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities.
Impacted systems:
Aruba AOS-CX Switches Running Certain Versions of Code
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. In certain cases, a workaround may be possible in lieu of a firmware upgrade. Your Account Coordinator can work with you and our Engineering team to review the best possible remediation steps.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-012.txt
Security Bulletin: WatchGuard Firmware Updates
Severity:
High
Publication date:
August 26th, 2022
Vulnerability/Event ID(s):
Multiple
B-220831-1
Vulnerability summary:
WatchGuard has posted maintenance releases for Fireware 12.8.2 and 12.5.11. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of vulnerabilities.
Impacted systems:
WatchGuard Firewalls
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_11/index.html
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_2/index.html
Security Bulletin: Remote Code Execution on MacOS, iPadOS, and iOS
Severity:
Critical
Publication date:
August 17, 2022
Vulnerability/Event ID(s):
CVE-2022-32893, CVE-2022-32894
B-220819-1
Vulnerability summary:
An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Impacted systems:
MacOS Monterey
iPadOS 15
iOS 15
Remediation steps:
Update all MacOS, iPadOS, and iOS devices to the latest version.
MacOS: 12.5.1
iPadOS: 15.6.1
iOS: 15.6.1
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://support.apple.com/en-qa/HT213412
https://support.apple.com/en-us/HT213413
Security Bulletin: Cisco FMC (Firepower Management Center) Field Notice
Severity:
High
Publication date:
August 2nd, 2022- Updated August 9th, 2022
Vulnerability/Event ID(s):
CSCvy17030
B-220818-1
Vulnerability summary:
The Firepower Management Center (FMC) MonetDB event database might crash and fail to show connection events.
The FMC MonetDB database stores logs of various connection events. The database might crash, which results in loss of access to connection event data for some versions of Firepower software that run MonetDB Version 11.37.12.
Impacted systems:
Cisco FMC Software
Remediation steps:
Upgrade code to a newer version – approximately 6 hours per FMC instance.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Security Bulletin: WatchGuard Firmware Updates and OpenVPN Unauthenticated Access to Control Channel Data Vulnerability
Severity:
High
Publication date:
July 8th, 2022
Vulnerability/Event ID(s):
CVE-2020-15078
B-220720-1
Vulnerability summary:
WatchGuard has posted maintenance releases for Fireware 12.8.1, and earlier branches, 12.5.10 and 12.1.4. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and include important security updates, including remediation of an open vulnerability.
Impacted systems:
WatchGuard Firewalls
Remediation steps:
Upgrade code to a newer version – approximately 2-3 hours per device for remediation. Active WatchGuard maintenance support is required.
Managed Clients: Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.
Un-Managed Clients: Atomic Data has discovered potentially active vulnerability. Please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://www.watchguard.com/wgrd-blog/fireware-1281-12510-and-1214-and-mobile-vpn-client-releases
Security Bulletin: ClearPass Policy Manager Multiple Vulnerabilities
Severity:
Critical
Publication date:
May 4th, 2022
Vulnerability/Event ID(s):
CVE-2021-21419, CVE-2021-33503, CVE-2022-23657, CVE-2022-23658, CVE-2022-23659, CVE-2022-23660, CVE-2022-23661, CVE-2022-23662, CVE-2022-23663, CVE-2022-23664, CVE-2022-23665, CVE-2022-23666, CVE-2022-23667, CVE-2022-23668, CVE-2022-23669, CVE-2022-23670, CVE-2022-23671, CVE-2022-23672, CVE-2022-23673, CVE-2022-23674, CVE-2022-23675
B-220511-3
Vulnerability summary:
Authentication Bypass Leading to Remote Code Execution in ClearPass Policy Manager Web-Based Management Interface (CVE-2022-23657, CVE-2022-23658, CVE-2022-23660). Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
Impacted systems:
ClearPass Policy Manager
Remediation steps:
Upgrade code to a newer version.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-007.txt
Security Bulletin: Faulty OpenSSL Handling of Certificates Containing Elliptic Curve Public Keys Leading to Denial of Service
Severity:
High
Publication date:
May 4th, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-220511-2
Vulnerability summary:
A vulnerability has been identified in a commonly used component in multiple Aruba products. This vulnerability allows attackers to use specially crafted certificates resulting in denial of service.
Impacted systems:
Multiple Aruba product lines.
Remediation steps:
Aruba recommends upgrading to a newer code version, or, to minimize the likelihood of an attacker exploiting this vulnerability, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-009.txt
Security Bulletin: Heap Overflow Vulnerabilities Within ArubaOS – Switch Devices
Severity:
Critical
Publication date:
May 3rd, 2022
Vulnerability/Event ID(s):
CVE-2022-2367, CVE-2022-23677
B-220511-1
Vulnerability summary:
Multiple heap overflow vulnerabilities have been discovered in the ArubaOS-Switch firmware. Successful exploitation of these vulnerabilities could result in the ability to execute arbitrary code. Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
Impacted systems:
ArubaOS – Switch Devices
Remediation steps:
Aruba recommends upgrading to new software code, or, implementing firewall controls to limit interactions of impacted switches with known good RADIUS sources.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-008.txt
Security Bulletin: Cisco Security Appliance Vulnerabilities
Severity:
High
Publication date:
April 27th, 2022
Vulnerability/Event ID(s):
CVE-2022-20759, CVE-2022-20760, CVE-2022-20715, CVE-2022-20745, CVE-2022-20757, CVE-2022-20767, CVE-2022-20751, CVE-2022-20746, CVE-2022-20737, CVE-2022-20742, CVE-2022-20743, CVE-2022-20740, CVE-2022-20627, CVE-2022-20628, CVE-2022-20629, CVE-2022-20748, CVE-2022-20729, CVE-2022-20744, CVE-2022-20730
B-220504-1
Vulnerability summary:
Cisco recently released a total of 19 vulnerabilities, impacting ASA and FTD software. Additional details around the impact can be found in Cisco’s Security Advisory Bundled Publication below.
Impacted systems:
Cisco ASA and FTD Software
Remediation steps:
Upgrade code to a newer version – approximately 2 hours per device for remediation.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74836
Security Bulletin: Mitel – MiVoice Connect Data Validation Vulnerability
Severity:
Critical
Publication date:
4/19/2022, updated with patch on 4/21/2022
Vulnerability/Event ID(s):
CVE-2022-29499
B-220422-1
Vulnerability summary:
A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect (Mitel Service Appliances – SA 100, SA 400, and Virtual SA) which could allow a malicious actor to perform remote code execution (CVE-2022-29499) within the context of the Service Appliance. This vulnerability was privately reported to Mitel. Mitel is recommending customers with affected product versions apply the available remediation.
Impacted systems:
Mitel Service Appliances and Virtual Service Appliances (VSA)
Remediation steps:
Apply manufacturers recommended patch.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Security Bulletin: Spring Framework RCE via Data Binding on JDK 9+ Vulnerability
Severity:
Critical
Publication date:
March 31st, 2022, Updated April 1st, 2022
Vulnerability/Event ID(s):
CVE-2022-22965
B-220402-2
Vulnerability summary:
The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Impacted systems:
Multiple manufacturers.
Remediation steps:
Upgrades and remediation steps are pending across multiple manufacturers.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67?emailclick=CNSemail
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Security Bulletin: OpenSSL Infinite Loop Vulnerability
Severity:
High
Publication date:
March 31st, 2022- Updated April 1st, 2022
Vulnerability/Event ID(s):
CVE-2022-0778
B-220402-1
Vulnerability summary:
This vulnerability causes the OpenSSL library to enter an infinite loop when parsing an invalid certificate and can result in a Denial-of-Service (DoS) to the application. An attacker does not need a verified certificate to exploit this vulnerability because parsing a bad certificate triggers the infinite loop before the verification process is completed.
Impacted systems:
Palo Alto PAN-OS Software, Global Protect and Prisma Access
Remediation steps:
Upgrade software versions
Pending- to be released by the vendor in April 2022
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://security.paloaltonetworks.com/CVE-2022-0778
Security Bulletin: Cisco Field Notice: Cisco Talos Security Intelligence Updates Might Fail After March 5, 2022 – Update Required
Severity:
Critical
Publication date:
February, 2022
Vulnerability/Event ID(s):
FN72332
B-220304-1
Vulnerability summary:
Affected Firepower platforms will be unable to receive the latest Talos intelligence feeds (IPs, URLs, DNS Hosts). The platform might experience a degraded security posture for future threats until the update is applied.
No other content updates (Snort Rule Updates (SRUs), Vulnerability Database (VDB), Geolocation Database (GeoDB), and so on) will be affected by this issue.
Impacted systems:
Cisco FMC (Firepower Management Center)
Remediation steps:
Atomic Data recommends updating the Cisco software version in order to address this issue. Atomic Data estimates that the update will take approximately 2 hours to complete and should be non-service impacting.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html
Security Bulletin: Pwnkit Vulnerability for Linux
Severity:
High
Publication date:
January 26th, 2022
Vulnerability/Event ID(s):
CVE-2021-4034
B-220127-1
Vulnerability summary:
This vulnerability involves a memory corruption potential within polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host in its default configuration.
Impacted systems:
All Ubuntu and RedHat based Linux Systems
Remediation steps:
Atomic Data Engineers have created a Kaseya script which will be pushed to vulnerable Linux Servers for Managed Clients. This script updates the polkit package and remediates the vulnerability without the need for a reboot or downtime.
If you are an Atomic Data managed services client, Atomic Data Engineers will push this Kaseya Script at a pre-determined time to remediate the vulnerability. If you are not an Atomic Data Unmanaged services client and you would like to have Atomic Data push this script to servers with Kaseya agents, please contact your Account Coordinator.
If there are Linux Servers which do not have Kaseya installed on them, please work with your Account Coordinator if you’d like to get the Kaseya agent installed and have the procedure pushed to your vulnerable systems.
Atomic Data Engineers will remediate any vulnerable servers for Managed clients via the Kaseya procedure. Any Unmanaged client should contact their Account Coordinator to schedule the procedure to be ran.
Additional detail:
Security Bulletin: Apache Log4j Utility
Severity:
Critical
Publication date:
Dec 10, 2021
Vulnerability/Event ID(s):
CVE-2021-44228
B-211211-1
Vulnerability summary:
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
Impacted systems:
Multiple vendors are impacted by this vulnerability. While vendors investigate the impact to their products Atomic Data is monitoring communication from the Cyber Security community to determine viable remediation and work around efforts.
Remediation steps:
Atomic Data engineering staff is:
1) using a recently released scanning module to perform vulnerability scanning for our scanning clients. This is not mitigation/remediation but identification of the vulnerability being present.
2) working on other tools to help with detection of the vulnerability.
3) tracking, documenting, and monitoring any vulnerable applications/servers that are found to ensure fixes, patches, and upgrades are applied in a timely manner.
4) available to apply a mitigation option blocking LDAP/S egress traffic. This does present a risk of blocking desired LDAP/S egress traffic. Additional investigation would be needed to allow desired LDAP/S egress traffic.
5) on standby to apply vulnerability patches as they are released by vendors.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Log4j Vulnerability Response: CVE-2021-44228
Atomic Data engineering staff is actively tracking managed clients and documenting any vulnerable applications/servers that are found.
For Windows servers: We are executing a procedure to scan all Windows servers for links to Log4j libraries. After scanning, results are generated and reviewed by the Security & Network Operations Center. We will identify the client, server, and the path to the Java file that has the reference. This will be important as vendors release patches for their software to ensure that software is updated in a timely manner.
For Linux servers: Our Product Operations team is working on a similar script to do the same with Linux servers.
For Appliances: The primary engineer for the client is reviewing what appliances are deployed and whether they are impacted.
Once we know all the locations that are impacted and potentially vulnerable, we will proceed to a monitoring phase of this response. As vendors patch their software, we will refer back to scan documentation to ensure clients with eligible apps/systems are receiving patches and updates.
This will handle detection and updates to fix the vulnerability when they are available.
As a parallel task, we are confirming that our Antivirus and Endpoint Detection and Response solutions are configured properly so that if/when someone tries to exploit a system, we will catch it right away.
Additional detail:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Security Bulletin: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Severity:
High
Publication date:
October 27, 2021
Vulnerability/Event ID(s):
CVE-2021-1573, CVE-2021-34792, CVE-2021-40117
B-211117-1
Vulnerability summary:
Cisco has released several vulnerabilities affecting memory management, the web services interface, and the SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Cisco Firepower Threat Defense (FTD) Software that could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Impacted systems:
These vulnerabilities affect Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software with a vulnerable AnyConnect or WebVPN configuration.
Remediation steps:
Upgrade to patched version of Cisco ASA or FTD code.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2021-34792
https://nvd.nist.gov/vuln/detail/CVE-2021-40117#
https://nvd.nist.gov/vuln/detail/CVE-2021-1573#
Security Bulletin: Microsoft Exchange Server Remote Code Execution Vulnerability
Severity:
High
Publication date:
November 9, 2021
Vulnerability/Event ID(s):
CVE-2021-42321
B-211110-1
Vulnerability summary:
A post-authentication vulnerability impacting on-premises Exchange Server 2016 and Exchange Server 2019 has been discovered by Microsoft and attackers are actively targeting vulnerable systems. A security flaw in the validation of cmdlet arguments could allow an authenticated attacker to perform a remote code execution on the target server. Microsoft has released security updates that address this vulnerability.
Impacted systems:
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
Remediation steps:
Atomic Data is preparing to deploy the patch via Kaseya tonight. Some servers will require a Cumulative Update (CU) prior to applying the current Security Update (SU). Account Coordinators will contact impacted clients to schedule a time for patching and updates.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
Microsoft Exchange Server Remote Code Execution Vulnerability
Released: November 2021 Exchange Server Security Updates
Microsoft urges Exchange admins to patch bug exploited in the wild
Security Bulletin: Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
Severity:
High
Publication date:
Oct 6, 2021
Vulnerability/Event ID(s):
CVE-2021-34788
B-211108-1
Vulnerability summary:
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Impacted systems:
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS using the HostScan module.
Remediation steps:
For managed clients, Atomic Data has discovered an active vulnerability and will apply a security fix during a scheduled maintenance window.
For un-managed clients, please reach out to your account coordinator if you would like assistance in applying a security fix during a scheduled maintenance window.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability
CVE-2021-34788 Detail
Security Bulletin: Cisco Wireless Access Point Vulnerabilities
Severity:
High
Publication date:
September 22nd, 2021
Vulnerability/Event ID(s):
CVE-2021-34740, CVE-2021-1419
B-210924-1
Vulnerability summary:
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Also, a vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges.
Impacted systems:
Cisco Wireless Network Environments
Remediation steps:
Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address these vulnerabilities. The estimated upgrade time will vary, based on the number of access points within the environment. Please contact your Atomic Data Account Coordinator for assistance with creating an upgrade maintenance plan.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
Cisco Access Points SSH Management Privilege Escalation Vulnerability
Cisco Software Denial of Service Vulnerability
Severity:
High
Publication date:
September 22nd, 2021
Vulnerability/Event ID(s):
CVE-2021-34699
B-210923-1
Vulnerability summary:
A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
Impacted systems:
Cisco IOS and IOS XE Software with TrustSec capabilities and web UI enabled.
Remediation steps:
Atomic Data recommends upgrading the Cisco software to a non-vulnerable version in order to address this vulnerability. The estimated upgrade time is planned around 2 hours per device, with a brief service interruption while the hardware is rebooted. Onsite access may be required to perform the upgrade(s).
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
Cisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
Security Bulletin: VMware vCenter Server
Severity:
Critical
Publication date:
September 21st, 2021
Vulnerability/Event ID(s):
CVE-2021-22005
B-210924-2
Vulnerability summary:
VMware recently released updates that resolve critical and high-severity vulnerabilities affecting vCenter Servers, described in VMSA-2021-0020. VMware strongly recommends customers take immediate action to remediate or mitigate the threat of the critical issue impacting these versions of vCenter Server: 7.0, 6.7, and 6.5.
Affected versions of VMware vCenter Server permit anyone with network access to your vCenter Server to execute arbitrary commands and software, which could result in execution of administrative commands and takeover of the virtual hosting environment. Multiple exploits for this vulnerability are now freely available online.
While the potential risk to your affected vCenter Server is greatly reduced if it is not exposed to the internet, an attacker could leverage an initial compromise of a workstation or web browser inside your network to complete the exploit of a vCenter exposed to internal user-generated traffic.
Impacted systems:
vCenter 7.0
vCenter 6.7
vCenter 6.5 (not vulnerable to critical issue but still recommended)
Remediation steps:
(1) Temporarily mitigate the critical vulnerability by implementing KB85717 in vCenter 7.0 or 6.7.
(2) Permanently remediate the critical and the other important vulnerabilities by applying vCenter Server 7.0 Update 2d, vCenter Server 6.7 Update 3o, or vCenter Server 6.5 Update 3q.
If you are an Atomic Data managed services client, your Account Coordinator will contact you shortly to determine the applicable remediation schedule. If you are not an Atomic Data managed services client and you would like to schedule a specific time for remediation services, please contact your Account Coordinator as soon as possible.
Additional detail:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
https://kb.vmware.com/s/article/85717
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u2d-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3o-release-notes.html
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-vcenter-server-65u3q-release-notes.html
Microsoft MSHTML Remote Code Execution
Severity:
Critical
Publication date:
September 7th, 2021
Vulnerability/Event ID(s):
CVE-2021-40444
B-210910-1
Vulnerability summary:
Microsoft reported a remote code execution vulnerability in MSHTML that affects Microsoft Windows. An attacker could use a maliciously crafted Microsoft Office document to compromise a system. The attacker would first have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impacted systems:
Windows systems with Microsoft Office products.
Remediation steps:
Atomic Data has discovered an active vulnerability and has applied a securityfix to your machine. For this to complete you need to reboot your machine as soon as possible.
For further questions or assistance please contact your Account Coordinator or Atomic Data at 612.466.2020.
Additional detail:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
ArubaOS Multiple Vulnerabilities
Severity:
Critical
Publication date:
August 31st, 2021
Vulnerability/Event ID(s):
CVE-2019-5318, CVE-2021-37716, CVE-2021-37717, CVE-2021-37718, CVE-2020-37719, CVE-2021-37720, CVE-2021-37721, CVE-2021-37722, CVE-2021-37723, CVE-2021-37724, CVE-2021-37725, CVE-2021-37728, CVE-2021-37729, CVE-2021-37731, CVE-2021-37733
B-210831-1
Vulnerability summary:
Aruba has released patches for ArubaOS that address multiple securityvulnerabilities
Impacted systems:
ArubaOS (Multiple code versions)
Remediation steps:
Aruba recommends upgrading the ArubaOS software to a non-vulnerable version in order to address multiple vulnerabilities. The estimated upgrade time is planned around 2 hours per device.
Please contact your Account Coordinator (clientengagement@atomicdata.com) as soon as possible to schedule applicable remediation steps.
Additional detail:
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-016.txt