Please see Security Advisories for the week ending June 25, 2021
- Critical Palo Alto Networks Vulnerability Found in Cortex XSOAR
- Cisco ASA Bug Now Actively Exploited as PoC Drops
- Citrix Releases Security Updates for Hypervisor
- VMware Releases Security Updates
_______________________________
Critical Palo Alto Networks Vulnerability Found in Cortex XSOAR
Situation
Palo Alto Networks has released a security advisory for Cortex XSOAR 6.1.0 and 6.2.0 due to an improper authorization vulnerability (CVE-2021-3044).
Problem
An improper authorization vulnerability (CVE-2021-3044) found in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API.
Implication
If a remote unauthenticated attacker is able to exploit this vulnerability it could allow them to perform actions on behalf of an active Cortex XSOAR integration, which includes running commands and automations in the Cortex XSOAR War Room
Need
Palo Alto Networks has fixed this issue with Cortex XSOAR 6.1.0 build 1271064 and Cortex XSOAR 6.2.0 build 1271065. Palo Alto Networks advise customers utilizing Cortex XSOAR integrations to read the advisory, check their configurations and take appropriate action immediately if necessary. The security advisory can be found in the link below.
For a more technical overview:
https://security.paloaltonetworks.com/CVE-2021-3044
________________________________
Cisco ASA Bug Now Actively Exploited as PoC Drops
Situation
Positive Technologies have published a PoC for a XSS vulnerability in Cisco Adaptive Security Appliance (ASA). This vulnerability is seen being exploited in the wild.
Problem
This vulnerability is not a 0-day and has been addressed and patched. However, it is still being seen in the wild, which means organizations have not patched the vulnerability.
Implication
In order to exploit this vulnerability, the attacker would need access into ASA. Attackers can craft phishing emails to trick someone with access to ASA to execute malicious code.
Need
It is recommended to patch CVE-2020-3580 as soon as possible.
For a brief description:
https://thehackernews.com/2021/06/cisco-asa-flaw-under-active-attack.html
________________________________
Citrix Releases Security Updates for Hypervisor
Situation
Citrix has released security updates to address vulnerabilities in Citrix Hypervisor.
Problem
Two security issues (CVE-2021-3416 and CVE-2021-20257) have been identified in Citrix Hypervisor 8.2 LTSR, each of which may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues only affect Citrix Hypervisor 8.2 LTSR.
Implication
An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Need
CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates.
For a brief overview:
For a more technical overview:
https://support.citrix.com/article/CTX316325
________________________________
VMware Releases Security Updates
Situation
VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes.
Problem
Regarding VMware Carbon Black App Control: an authentication bypass in the VMware Carbon Black App Control management server was privately reported to VMware. Regarding VMware Tools for Windows, VMRC for Windows and VMware App Volumes: these products have been found to contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges.
Implication
An attacker could exploit these vulnerabilities to take control of an affected system.
Need
CISA encourages users and administrators to review VMware Security Advisory Advisories VMSA-2021-0012 and VMSA-2021-0013 and apply the necessary updates.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates
For a more technical overview:
https://www.vmware.com/security/advisories/VMSA-2021-0012.html
&
https://www.vmware.com/security/advisories/VMSA-2021-0013.html