Please see Security Advisories for the week ending December 3, 2021
- Mozilla Releases Security Updates for Network Security Services
- CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
- VMware Has Released Security Update For vCenter Server
_______________________________
Mozilla Releases Security Updates for Network Security Services
Situation
Mozilla has released security updates to address a vulnerability in Network Security Services (NSS).
Problem
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted.
Implication
An attacker could exploit this vulnerability to take control of an affected system.
Need
CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update.
For a brief overview:
For a more technical overview:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
________________________________
CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Situation
CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus.
Problem
CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. This vulnerability was addressed by the update released by Zoho on September 16, 2021 for ServiceDesk Plus versions 11306 and above.
Implication
If left unpatched, successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.
Need
CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations immediately.
For a brief overview:
For a more technical overview:
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
________________________________
VMware Has Released Security Update For vCenter Server
Situation
VMware has released security updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information.
Problem
The first of two vulnerabilities found is an arbitrary file read vulnerability (CVE-2021-21980) found in the vSphere Web Client, having a severity level of “important”. This vulnerability can allow a remote attacker with network access to port 443 on vCenter Server to gain access to sensitive information. The second vulnerability (CVE-2021-22049) is a Server Side Request Forgery (SSRF) found in in the vSphere Web Client, having a severity level of “moderate”. An attacker with network access to port 443 on vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service.
Implication
If an attacker is able to successfully exploit any of these vulnerabilities it can allow them to gain access to sensitive information found on the affected system.
Need
VMware recommends customers update vCenter Server 6.5 and 6.7 to the most recent version to protect against these vulnerabilities. Additional information can be found in the link below.
VMware security advisory:
https://www.vmware.com/security/advisories/VMSA-2021-0027.html