Please see Security Advisories for the week ending July 31, 2020
- Cisco Releases Security Updates for Multiple Products
- Adobe Releases Security Updated for Magento
- Mozilla Releases Security Updates for Multiple Products
- Google Releases Security Updates for Chrome browser
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released multiple updates to patch found vulnerabilities in multiple Cisco products including Vmanage, and Cisco Network Manager platforms.
Problem
Cisco has identified multiple Vulnerabilities in its Vmanage and Cisco Network Manager platforms that could allow an unauthenticated remote attacker to exploit the vulnerabilities and take control of the affected system
Implication
Unpatched systems are vulnerable to remote unauthenticated attack that would potentially allow a remote attacker to exploit the vulnerability and take control of the device and cause denial of service leak of information or control the device to then pivot into the system.
Need
Cisco recommends installing the latest platform updates to patch the vulnerabilities and prevent this type of attack.
For a brief overview:
________________________________
Adobe Releases Security Updated for Magento
Situation
Adobe has discovered and patched vulnerabilities for several products, including Magento Commerce 2 and Magento Open Source 2.
Problem
Adobe has identified and patched vulnerabilities affecting Magento Commerce 2 and Magento Open Source 2. An attacker with admin privileges can exploit these vulnerabilities and take control of an affected system and execute arbitrary code.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Adobe advises patching to the latest version of Magento Commerce 2 and Magento Open Source 2.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/07/29/adobe-releases-security-updates-magento
For a more detailed overview:
https://helpx.adobe.com/security/products/magento/apsb20-47.html
________________________________
Mozilla Releases Security Updates for Multiple Products
Situation
Mozilla has discovered and patched multiple vulnerabilities in its multiple platform versions, Firefox pre v79, Firefox ESR pre v68.11 and ESR pre v78.1 and lastly Thunderbird pre v78.1
Problem
Multiple vulnerabilities where found in older versions of Firefox, Thunderbird and Firefox ESR platforms which could allow an attacker to exploit the vulnerabilities and take control of the systems with the software installed or possibly leak information.
Implication
Any unpatched or updated systems running Firefox and Thunderbird run the potential risk of having the vulnerabilities used to take over the machine or possibly information leaked from the software.
Need
Firefox recommends updating all browsers and Thunderbird to the latest versions to ensure the vulnerabilities are patched.
For more information please visit the following links pertaining to the vulnerabilities and patch information for each product.
________________________________
Google Releases Security Updates for Chrome browser
Situation
Google has released Chrome security update version 84.0.4147.105 for Windows, Mac, and Linux operating systems to address eight security vulnerabilities.
Problem
The most severe of these vulnerabilities that were patched are
CVE-2020-6537, a type confusion error in the V8 JavaScript engine. Which can allow a remote attacker to create a specially crafted web page and trigger a type confusion error that can execute arbitrary code on the target system. Other vulnerabilities patched include system compromise and arbitrary code execution.
Implication
If an attacker is able to successfully exploit these vulnerabilities, such as by tricking a user into visiting a specially crafted web page, it could allow them to take control of the affected system.
Need
Google strongly recommends users and administrators to update their Chrome bowser to version 84.0.4147.105 or newer. Additional information can be found in the link below.
For a more detailed overview:
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html