Tenable Research: February and March Vulnerability Disclosure Roundup

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them.

This post provides an overview of all the vulnerabilities discovered by Tenable Research in February and March.

You can access all Tenable Research advisories here.

EMC VASA Virtual Appliance Default Credentials and Arbitrary File Upload

CVE ID: CVE-2018-1216, CVE-2018-1215

Nessus Plugin ID: 106849

Tenable Research Advisory: TRA-2018-03

Risk Factor: Critical

What do you need to know?

Tenable Research has discovered two vulnerabilities in the EMC VASA Virtual Appliance SE web application. The first vulnerability is a default account. The default account does not have access to the web UI, but exploitation permits an attacker to obtain a valid session ID to execute further commands. The second vulnerability permits an authenticated attacker to upload an arbitrary file to any location on the web server.

What’s the attack vector?

Exploitation of the default credentials requires only unauthenticated network access. Even though the default credentials do not have privileges for the web UI, after authenticating, the attacker can extract a valid session ID from a local cookie and use it to execute remote commands.

What’s the business impact?

Combining both vulnerabilities can permit an attacker to gain full unauthorized access to the system.

What’s the solution?

EMC has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerabilities using Plugin ID 106849.

Micro Focus Operations Orchestration Information Disclosure and Remote Denial-of-Service Vulnerabilities

CVE ID: CVE-2018-6490

Nessus Plugin ID: 107094

Tenable Research Advisory: TRA-2018-05

Risk Factor: High

What do you need to know?

Tenable Research has discovered information disclosure and denial-of-service vulnerabilities in Micro Focus Operations Orchestration version 10.X. These can be used to disclose sensitive runtime information and shut down the JMiniX JMX console used for administrative web-based access. You can read a full analysis here.

What’s the attack vector?

Exploitation requires remote unauthenticated network access and is trivial to exploit.

What’s the business impact?

Malicious attackers can gather sensitive runtime information for reconnaissance. Even worse, a malicious attacker can remotely shut down the JMiniX JMX console that provides access to the web user interface. Micro Focus Operations Orchestration is used by IT and DevOps operation teams to automate IT processes (e.g., incident and disaster recovery and hybrid cloud provisioning and configuration).

What’s the solution?

Micro Focus has released a software update and advisory. Affected users must apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107094.

Check Point Gaia OS Privilege Escalation Vulnerability

CVE ID: –

Nessus Plugin ID:107072

Tenable Research Advisory: TRA-2018-04

Risk Factor: Medium

What do you need to know?

Tenable Research has discovered a Privilege Escalation vulnerability in Check Point’s Gaia OS, versions R77.20, R77.30 and R80.10, deployed on Check Point’s Security Gateway, Security Management and Scalable Platforms Appliances. The vulnerability can be used by a malicious user to execute arbitrary bash shell commands.

What’s the attack vector?

Exploitation requires an authenticated user session. Arbitrary bash shell commands can be executed with the proper formatting despite a restricted shell.

What’s the business impact?

The business impact is considered Low. Exploitation requires a malicious insider, or the theft or phishing of credentials. Arbitrary commands require careful crafting to execute successfully.

What’s the solution?

Check Point has released a software update and advisory. Affected users should apply the patch as soon as possible. Tenable customers can assess the vulnerability using Plugin ID 107072.

CVE ID: CVE-2018-0172, CVE-2018-0173, CVE-2018-0174

Nessus Plugin ID:

Tenable Research Advisory: TRA-2018-06

Risk Factor: High

What do you need to know?

Tenable Research has discovered denial-of-service vulnerabilities in the DHCP relay agent in Cisco’s IOS and IOS-XE operating systems.

What’s the attack vector?

The attacks are performed by sending malicious DHCP requests to the relay agent on the router.

What’s the business impact?

The business impact is medium. An attacker could use this attack to stop clients from obtaining IP addresses.

What’s the solution?

Cisco has released software updates and an advisory for each vulnerability (see below). Affected users should patch their systems as soon as possible.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1608 Followers
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel