Please see Security Advisories for the week ending September 4, 2020
- Cisco Releases Security Updates for Multiple Products
- WordPress File Manager Plugin Under Active Exploitation
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released multiple security patches in several of their products where they found vulnerabilities where attackers could remotely attack and take control of the product or devices.
Problem
Cisco has found vulnerabilities in the following products that could allow an attacker to remotely take over the affected systems; Jabber for Windows Messenger, Enterprise NFV Infrastructure Software, Jabber for Windows Protocol Handler, and the IOS XR Software platform.
Implication
If the vulnerable software is left unpatched it leaves an attack surface that might allow the attackers to remotely control the affected device or software. This would allow the remote attackers potential full control over the devices and software.
Need
Cisco advises installing all available updates to patch known vulnerabilities.
For a brief overview:
https://us-cert.cisa.gov/ncas/current-activity/2020/09/03/cisco-releases-security-updates
For a more detailed overview:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
WordPress File Manager Plugin Under Active Exploitation
Situation
A zero-day vulnerability has been discovered and patched for the open source plugin File Manager, that is used in WordPress. This vulnerability allows unauthenticated users to execute commands and upload malicious files on a target site.
Problem
A critical remote code execution vulnerability has been identified in the WordPress File Manager plugin which allows an attacker to run arbitrary code on the target. The plugin is currently installed on more than 700,000 active WordPress websites and is being actively exploited.
Implication
Failure to patch could result in loss of control of affected systems. Possible compromise of systems, and network integrity.
Need
A fix for this vulnerability has been released. Update WordPress File Manager plugin to version 6.9 or later.
For a brief overview: