- Palo Alto Networks Security Advisories – November 10, 2021
- Samba Releases Security Updates
- Adobe Releases Security Updates for Multiple Products
- Severe Microsoft Exchange Server Bug Patched
- Microsoft Has Released November 2021 Security Updates
- CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems
- SAP Releases November 2021 Security Updates
- Citrix Releases Security Updates
- Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus
_______________________________
Palo Alto Networks Security Advisories – November 10, 2021
Situation
Palo Alto Networks has published 8 new security advisories. Products include Global Protect, PAN-OS Web interface, PAN-OS Management, and more.
Problem
Vulnerabilities found include memory corruption, command injection, DoS, and more.
Implication
If attacker is able to exploit some of these vulnerabilities it could allow them to take control of an affected device.
Need
Apply the latest patches to the affected products.
For more information:
CVE-2021-3064 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces (Severity: CRITICAL)
https://security.paloaltonetworks.com/CVE-2021-3064
CVE-2021-3056 PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3056
CVE-2021-3058 PAN-OS: OS Command Injection Vulnerability in Web Interface XML API (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3058
CVE-2021-3059 PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3059
CVE-2021-3060 PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3060
CVE-2021-3062 PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3062
CVE-2021-3063 PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces (Severity: HIGH)
https://security.paloaltonetworks.com/CVE-2021-3063
CVE-2021-3061 PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) (Severity: MEDIUM)
https://security.paloaltonetworks.com/CVE-2021-3061
________________________________
Samba Releases Security Updates
Situation
Samba has released updates to address vulnerabilities found in multiple versions of Samba.
Problem
Vulnerabilities found include connection downgrade, authorization checks, signature bypass, and more.
Implication
If attacker is able to exploit some of these vulnerabilities it could allow them to take control of an affected device.
Need
Apply the latest patches to Samba.
For more info:
- CVE-2016-2124
- CVE-2020-25717
- CVE-2020-25718
- CVE-2020-25719
- CVE-2020-25721
- CVE-2020-25722
- CVE-2021-3738
- CVE-2021-23192
________________________________
Adobe Releases Security Updates for Multiple Products
Situation
Adobe has released security updates for RoboHelp, InCopy, and Creative Cloud desktop application.
Problem
Vulnerabilities found include an arbitrary code execution and application denial of service for Adobe InCopy. An arbitrary code execution in the context of the current user for Adobe RoboHelp. And an application denial of service in the context of the current user for Creative Cloud.
Implication
If attacker is able to exploit some of these vulnerabilities it could allow them to take control of an affected device.
Need
Adobe recommends applying the latest updates for RoboHelp, InCopy, and Creative Cloud to protect against these vulnerabilities. For additional information please visit the links below.
Adobe RoboHelp Security Bulletin:
https://helpx.adobe.com/security/products/robohelp-server/apsb21-87.html
Adobe InCopy Security Bulletin:
https://helpx.adobe.com/security/products/incopy/apsb21-110.html
Creative Cloud Desktop Application Security Bulletin:
https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html
________________________________
Severe Microsoft Exchange Server Bug Patched
Situation
Microsoft has released security updates for its Exchange on-premises email server software in November 2021. The security updates are for flaws in Exchange Server 2013, 2016, and 2019. which is tracked as CVE-2021-42321 currently under attack.
Problem
This vulnerability found in on-premise Exchange server software is due to improper validation of cmdlet arguments. Even if an Exchange account has multi-factor authentication enabled, an attacker could use this vulnerability to compromise email accounts. Microsoft has warned that the new flaw has been seen being exploited.
Implication
If an attacker is able to successfully exploit this vulnerability it could allow them to take control of an affected device.
Need
To detect compromises, Microsoft recommends running the PowerShell query on your Exchange server to check for specific events in the Event Log:
Get-EventLog -LogName Application -Source “MSExchange Common” -EntryType Error | Where-Object { $_.Message -like “*BinaryFormatter.Deserialize*” }
Exchange Server bug: Patch now, but multi-factor authentication might not stop these attacks, warns Microsoft:
________________________________
Microsoft Has Released November 2021 Security Updates
Situation
Microsoft has released updates for November 2021. These updates address multiple vulnerabilities in Microsoft software such as Azure, Microsoft Exchange Server, Office, Visual Studio, Windows, and more.
Problem
Microsoft has released patches for 55 vulnerabilities, of these vulnerabilities six of which are classified as “Critical” severity and 49 are classified as “Important”, This update addresses a wide range of vulnerabilities including 20 elevation of privilege, two security feature bypass, 15 remote code execution, 10 information disclosure, three denial of service, and four spoofing vulnerabilities. With the most severe of which being CVE-2021-42321 a Microsoft Exchange Server remote code execution vulnerability and CVE-2021-42292 a Microsoft Excel security feature bypass vulnerability both of which have been seen currently being exploited in the wild.
Implication
If an attacker is able to successfully exploit some of these vulnerabilities it could allow them to take control of an affected system
Need
Microsoft recommends updating all affected Microsoft software as soon as possible to protect against these vulnerabilities. Additional information and patch notes can be found in the link below.
Microsoft November 2021 release notes:
https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov
________________________________
CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems
Situation
CISA has released multiple vulnerabilities found in Siemens Nucleus Real Time Operating Systems. Products include:
- Capital VSTAR: All versions
- Nucleus NET: All versions
- Nucleus ReadyStart v3: All versions prior to v2017.02.4
- Nucleus ReadyStart v4: All versions prior to v4.1.1
- Nucleus Source Code: All versions
Problem
Vulnerabilities found include type confusion, improper invalidation, out of bounds read, and more.
Implication
A remote attacker can exploit these to take control of the affected system.
Need
Update the affected products to the latest version.
For more information: https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03
________________________________
SAP Releases November 2021 Security Updates
Situation
SAP has released their monthly security updates. These updates affected products such as SAP ABAP Platform Kernel, SAP Commerce, SAP Solution Manager, SAP GUI, and more.
Problem
Vulnerabilities found include missing authorization check, hard coded credentials, information disclose, and leverage of permissions.
Implication
An attacker can exploit these to take control of the affected system.
Need
Apply the latest security updates for SAP products.
For more info: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
________________________________
Citrix Releases Security Updates
Situation
Citrix has released security updates to address two vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP.
Problem
The first vulnerability (CVE-2021-22955) can allow for an unauthenticated denial of service attack, having a severity rating as “Critical”. This vulnerability affects Citrix ADC and Citrix Gateway, however the appliance must be configured as a VPN (Gateway) or AAA virtual server.
The second vulnerability (CVE-2021-22956) is a temporary disruption of the management GUI, Nitro API and RPC communication attack, with a severity rating of “Low”. This vulnerability affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition.
Implication
A remote attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) attack on the affected system.
Need
Citrix and the CISA encourages users and administrators to review Citrix Security Bulletin and apply the necessary updates as soon as possible.
Citrix Security Bulletin:
https://support.citrix.com/article/CTX330728
________________________________
Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus
Situation
On September 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in ManageEngine ADSelfService Plus. Recently security researchers from both Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) have released detailed technical reports on targeted attacks against ADSelfService Plus.
Problem
The ManageEngine ADSelfService Plus is an authentication bypass vulnerability affecting REST API URLs that could result in remote code execution by sending a specially crafted request. Palo Alto Networks and MSTIC technical reports contain the detailed activity of the attackers including the initial exploitation, payload uploaded, and additional activity creating a list of indicators of compromise (IOC).
Need
The CISA encourages organizations to review the indicators of compromise and other technical details in the following reports to uncover any malicious activity within their networks.
Palo Alto Networks report:
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
MSTIC report: