- Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134
- Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
- Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
- CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X
_______________________________
Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134
Situation:
Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products.
Problem:
There exists current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server.
Implication:
The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
Need:
CISA strongly urges organizations to review Confluence Security Advisory 2022-06-02 and upgrade Confluence Server and Confluence Data Center.
Note: per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products AND either apply the software update to all affected instances OR remove the affected products by 5 pm ET on Monday, June 6, 2022.
Additional Resources:
For a brief overview:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/03/atlassian-releases-new-versions-confluence-server-and-data-center
Confluence Security Advisory 2022-06-02:
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Binding Operational Directive 22-01:
https://www.cisa.gov/binding-operational-directive-22-01
________________________________
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
Situation:
CISA has updated their Cybersecurity Advisory “AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control” warning organizations about threat actors actively exploiting two critical vulnerabilities found in VMware products.
Problem:
The advisory has been updated to include additional indicators of compromise and detection signatures, as well as tactics, techniques, and procedures that can be used to detect a infected host.
Implication:
Successful exploitation of one or both of these vulnerabilities can allow a remote attacker to take control of the affected device.
Need:
CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks.
Additional Resources:
Cybersecurity Advisor AA22-138B (Updated):
https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
________________________________
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Situation:
Mozilla has released security updates for Firefox, Firefox ESR, and Thunderbird.
Problem:
Mozilla has patched several high-level vulnerabilities such as cross-origin resource leak, heap buffer overflow, browser window spoof, memory safety bugs, and more.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
The CISA encourages users and administrators to review the Mozilla security advisories for Firefox 101, Firefox ESR 91.10, and Thunderbird 91.10 and apply the necessary updates.
Additional Resources:
CISA Bulletin:
Firefox security advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/
Firefox ESR security advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/
Thunderbird security advisory:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/
________________________________
CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X
Situation:
CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.
Problem:
Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices.
Implication:
Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities. Any jurisdictions running ImageCast X are encouraged to contact Dominion Voting Systems to understand the vulnerability status of their specific implementation.
Need:
Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in ICSA-22-154A.
While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.
Additional Resources:
CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/03/cisa-releases-security-advisory-dominion-voting-systems-democracy
ICS Advisory (ICSA-22-154-01)
https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01