Please see Security Advisories for the week ending February 5, 2021
- Critical - Three More Potential Vulnerabilities Found in SolarWinds Software
- Critical - SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild
- Sudo Heap-Based Buffer Overflow Vulnerability Allows Root Privileges
- Apple Releases Security Updates for MacOS
- Cisco Releases Security Updates for Several Products
- Google Releases Security Updates for Chrome
________________________________
Three More Potential Vulnerabilities Found in SolarWinds Software
Situation
SpiderLabs at Trustwave has discovered three bugs and reported them to SolarWinds. These three vulnerabilities can be tracked as CVE-2021-25274, CVE-2021-25275, CVE-2021-25276.
Problem
There are three more potential vulnerabilities that have been found in some SolarWinds Software. The SolarWinds Orion Collector Service has a bug that allows an unauthenticated, remote attacker to send messages to these queues over TCP port 1801. SolarWinds Serv-U FTP Server 15.2.1 on Windows has an issue that allows any attacker that can log into a system locally or via remote desktop to drop a file that defines a new user and Serv-U FTP will use it automatically.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
SolarWinds has released the fixes for both products. Users can get the fixes by installing Orion Platform 2020.2.4 and by applying Hotfix 1 for ServU-FTP 15.2.2. It is highly recommended to install the patches.
For a brief overview:
________________________________
SonicWall Zero-Day Vulnerability Is Being Exploited in the Wild
Situation
Security firm NCC Group recently reported that a zero-day vulnerability affecting SonicWall SMA 100 is actively being exploited in the wild.
Problem
This vulnerability tacked as SNWLID-2021-0001 affects both physical and virtual SMA 100 series firmware 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v). SMA 100 firmware prior to 10.x is unaffected by this zero-day vulnerability. SonicWall has identified the vulnerable code and is working on a patch to be available by end of day on February 2, 2021.
SonicWall has stated that SonicWall firewalls, SMA 1000 series appliances, and all respective VPN clients are unaffected and remain safe to use.
Need
SonicWall recommends updating the affected devices as soon as the patch is available.
SonicWall has released workarounds until a patch is available, customers have the following options:
1) If you must continue operation of the SMA 100 Series appliance until a patch is available
- Enable MFA. This is a *CRITICAL* step until the patch is available.
- Reset user passwords for accounts that utilized the SMA 100 series with 10.X firmware
2) If the SMA 100 series (10.x) is behind a firewall, block all access to the SMA 100 on the firewall;
3) Shut down the SMA 100 series device (10.x) until a patch is available; or
4) Load firmware version 9.x after a factory default settings reboot. *Please back up your 10.x settings*
- Important Note: Direct downgrade of Firmware 10.x to 9.x with settings intact is not supported. You must first reboot the device with factory defaults and then either load a backed up 9.x configuration or reconfigure the SMA 100 from scratch.
- Ensure that you follow multifactor authentication (MFA) best practice security guidance if you choose to install 9.x.
________________________________
Sudo Heap-Based Buffer Overflow Vulnerability Allows Root Privileges
Situation
Qualys research team has discovered a heap overflow vulnerability (CVE-2021-3156) in sudo utility. Affecting all sudo legacy versions from 1.8.2 through 1.8.31p2 and stable versions from 1.9.0 through 1.9.5p. The vulnerability could allow any local user to obtain root privileges. Sudo is a utility included in many Unix- and Linux-based operating systems as well as Apple’s macOS, sudo allows a user to run programs with the security privileges of another user.
Problem
The vulnerability (CVE-2021-3156) can allow any local user to gain root-level access on a vulnerable host using a default sudo configuration.
Implication
Successful exploitation of this vulnerability can allow any unprivileged user to gain root-level access and take control of the affected system.
Need
It is strongly recommended that administrators and users upgrade to sudo version 1.9.5p2 or later as soon as possible.
Mac users should apply macOS software updates when available.
For a brief overview:
For a more technical overview:
For macOS vulnerability details:
https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/
________________________________
Apple Releases Security Updates for MacOS
Situation
Apple has released security updates for macOS Big Sur 11.0.1, Catalina 10.15.7, and Mojave 10.14.6.
Problem
These updates address multiple vulnerabilities including denial of service, arbitrary code execution, privilege escalation, and more.
Implication
Attackers (local and remote) could exploit these vulnerabilities to take over the affected system.
Need
Please update to the latest macOS versions to apply the security patch.
For a more detailed overview:
https://support.apple.com/en-us/HT212147
________________________________
Cisco Releases Security Updates for Several Products
Situation
Cisco released multiple security patches in several of their products that they found vulnerabilities in where remote attackers could remotely attack and take control of the product or devices or further compromise the internal infrastructure.
Problem
Cisco has found vulnerabilities in the following products that could allow an attacker to remotely take over the affected systems. Cisco Small Business RV160,160W, RV260,260W, sudo privilege escalation, IOS XR IPV6, Cisco Small business RV routers, Cisco 8000 series routers and more.
Implication
If the vulnerable software is left unpatched it leaves an attack surface that might allow the attackers to remotely control the affected device or software. This would allow the remote attackers potential full control over the devices and software.
Need
Cisco advises installing all available updates to patch known vulnerabilities.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates
For a more detailed overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
Google Releases Security Updates for Chrome
Situation
Google has discovered and patched several vulnerabilities for its Chrome web browser software.
Proble
Google has identified several security vulnerabilities for its Chrome web browser software that an attacker can exploit to take control of affected systems.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Google has released Chrome version 88.0.4324.150 for Windows and 88.0.4324.150 for Mac and Linux. Please upgrade to latest version to ensure that you are protected.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/02/05/google-releases-security-updates-chrome
For a more technical overview:
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html