Security Advisories

Mozilla Releases Security Updates for  Firefox Situation Mozilla has released security updates to address a number of vulnerabilities in Firefox and Firefox ESR browser. Problem Mozilla has patched a number of high impact vulnerabilities found on the Firefox and Firefox ESR browser. Some of these vulnerabilities are memory safety bugs that could be exploited to run arbitrary code. Implication Not having your browser up to date could leave your system… Read More

Situation Google has recently released a security update for their Chrome browser version 80.0.3987.132 for Windows, Mac, and Linux systems. This version addresses vulnerabilities that could allow an attacker to take control of an affected system. Problem This update includes 4 security fixes. One of them being a high severity vulnerability (CVE-2020-6420) that could allow a attacker to bypass implemented security restrictions. Implication A successful exploitation of this vulnerability can… Read More

5 Vulnerabilities Found in Cisco’s Discovery Protocol (CDP) Situation 5 vulnerabilities have been found in Cisco’s Discovery Protocol (CDP) Problem The 5 vulnerabilities found in CDP, four of which are remote code execution vulnerabilities and one as a denial of service, can allow complete remote takeover of the devices which can allow data, video and audio to be exfiltrated from the network along with allowing the attacker to change any… Read More

Situation A buffer overflow was found in Sudo that allows a low privileged user to execute commands as root without authentication. This is due to a bug in the “pwfeedback” option. By default, “pwfeedback” is not enabled but there are some Linux distros that do have it enabled by default. Problem This allows attackers to easily perform privilege escalation on Linux or MacOS machines. Implication An attacker who is able… Read More

Situation A vulnerability (CVE-2019-19781) with a severity score of 9.8 has been identified in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance. This vulnerability affects the following supported product versions on all supported platforms: • Citrix ADC and Citrix Gateway version 13.0 all supported builds before 13.0.47.24 • NetScaler ADC and NetScaler Gateway version 12.1 • NetScaler ADC and NetScaler Gateway version 12.0 • NetScaler ADC and… Read More

Situation Windows 7, Windows Server 2008 and Windows Server 2008R2 are reaching end of life support starting January 14, 2020. No future patches are expected as software reaches end of its life cycle. Problem Microsoft is stopping all future patches and updates including securitypatches for Windows 7 and Windows Server 2008/2008R2 releases. No additional patches are set to be released as these operating systems are being retired. Implication  Without frequent patches and… Read More

Situation An existing critical vulnerability in Windows has seen an increase in exploitation by an attack known as BlueKeep (CVE-2019-0708). Problem The BlueKeep vulnerability is a high severity wormable security flaw in Microsoft’s Remote Desktop Services. The BlueKeep vulnerability was recently seen being exploited to install ransomware in systems in Spain. Implication  The BlueKeep vulnerability affects a large number of Windows operating systems, from Windows 2000 all the way up to Windows… Read More

Situation Cisco has released a patch to update Aironet Access Point software for their wireless controllers and access points. This is to prevent a vulnerability that allows for insufficient access control for certain URLs on an affected device. This could result in denial of service, remote reset of end devices, modification of the SSID wireless ID information, and view sensitive information on the network. Problem Unpatched Cisco Aironet controllers and… Read More

Situation Three critical Remote Code Execution vulnerabilities (CVE-2019-2184, CVE-2019-2185, CVE-2019-2186), were found in the Android Media Framework. Problem These vulnerabilities affect a large number of Android models and versions, specifically ones with a Qualcomm chip. Models include LG, Samsung, Google, Huawei, and Xiaomi. Versions include 7.1.1, 7.1.2, 8.0, 8.1, and 9. Implication  Remote attackers could use a specially crafted file to execute code, which could lead to attacker installing malicious apps… Read More

Situation Microsoft has issued an out-of-band security patch to address critical vulnerabilities in Internet Explorer and Microsoft Defender. Problem The security patch addresses two vulnerabilities: 1. An Internet Explorer remote code execution vulnerability exists in the way that the scripting engine handles objects in memory. 2. A Microsoft Defender denial of service vulnerability caused by improperly handling files. The vulnerabilities affect Windows 10, 8.1, 7, Windows Server 2019, 2016, 2012, 2012 R2, 2008,… Read More