Please see Security Advisories for the week ending July 3, 2020
- Palo Alto Networks Security Updates for PAN-OS
- Netgear Product Vulnerabilities
- Microsoft Releases Security Updates for Windows 10, Windows Server
- Mozilla Releases Security Updates for Firefox and Firefox ESR
- F5 Security Updates for BIG-IP
- Cisco Small Business Smart and Managed Switches Session Management Vulnerability
- Samba Security Updates Released
________________________________
Palo Alto Networks Security Updates for PAN-OS
Situation
Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language (SAML) in PAN-OS. Palo Alto Networks has scored this vulnerability as severity 10 – critical due to its high integrity, confidentiality and availability Impact.
Problem
The vulnerability (CVE-2020-2021) exists when the SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled. This can cause improper verification of signatures in the PAN-OS SAML authentication and can allow an unauthenticated network-based attacker to access protected resources.
Implication
In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal, or VPN server. An attacker cannot inspect or tamper with sessions of regular users.
In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions.
Need
Palo Alto Networks strongly recommended to update to PAN-OS 8.1.15, PAN-OS 9.0.9, PAN-OS 9.1.3, and all later versions to protect against this vulnerability. Update procedures for PAN-OS, additional information about this vulnerability, as well as workarounds can be found in the link below.
For a brief overview:
https://security.paloaltonetworks.com/CVE-2020-2021
________________________________
Netgear Product Vulnerabilities
Situation
Netgear has released security patches for many of their products. These patches fix vulnerabilities such as stack buffer overflow and remote code execution.
Problem
Many Netgear devices contain an embedded web server. A stack buffer overflow can be exploited due to code that improperly validates header size in the httpd process.
Implication
Users can be targeted by malicious or compromised websites that allow the attacker to execute arbitrary code with root privileges.
Need
Check Netgear’s website to see if any products owned are affected and if there is an available patch. If affected and no patch is available, it is recommended to upgrade to newer devices.
For a more detailed overview:
________________________________
Microsoft Releases Security Updates for Windows 10, Windows Server
Situation
Microsoft is releasing security patches for 2 known vulnerabilities, where a codec library mishandles objects in memory if exploited and could result in leak of sensitive information on the system, the other vulnerability found in codec libraries could allow arbitrary code execution.
Problem
2 vulnerability’s found in Microsoft codec libraries could be exploited to leak sensitive information or allow arbitrary code execution that could allow attackers to take control of the affected systems.
Implication
Unpatched systems are vulnerable to this type of targeted attack and if exploited could allow remote attackers to leak information from the device or take remote control of the machine.
Need
Microsoft recommends installing all security patches to the affected software. For a detailed list please visit Microsoft advisory pages.
For a brief overview:
For a detailed overview on CVE-2020-1425
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1425
For detailed overview on CVE-2020-1457
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1457
________________________________
Mozilla Releases Security Updates for Firefox and Firefox ESR
Situation
Mozilla Firefox has release security updates for its web browser and (ESR) Extended Support Releases and thunderbird platforms to protect from Vulnerabilities that might allow a remote attacker to exploit the software and remotely take over the victim’s web browser or system. Firefox states this is fixed in newer versions of its software.
Problem
Mozilla Firefox has found and patched its web browser and email application for vulnerabilities that could allow remote takeover in web browser versions 78 and below and their (ESR) Extended Support Release versions Prior to v68.10 and Thunderbird versions prior to 68.10.0.
Implication
Any system running Firefox versions 78 and or (ESR) versions prior to 68.10 and Thunderbird versions prior to 68.10.0 are vulnerable to remote attacks that could lead to compromise of the browser and system and remote takeover from hostile attackers.
Need
Mozilla is releasing updates to Firefox v78 where this vulnerability is to be patched. Mozilla is also releasing updates to its (ESR) Extended Support Release platform to patch this vulnerability in its new release version 68.10 and Thunderbird V68.10
For a brief overview:
For more information on Firefox V78 patch:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/
For more information on Firefox ESR patch:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/
For more information on Thunderbird patch:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/
________________________________
F5 Security Updates for BIG-IP
Situation
F5 has released a security advisory, In this advisory the Traffic management User Interface (TMUI) or configuration utility has been found to be vulnerable to remote code execution on some of its pages. This affects TMUI in the BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) in versions 11-15x for a complete list please see F5’s kb article below.
Problem
F5 has found vulnerabilities in its configuration utility where remote attackers that can reach the configuration utility could issue commands without authenticating to the device and run arbitrary code and create and delete files and possibly take complete control of the device and use it to pivot into the network or gain further access.
Implication
Unpatched systems are vulnerable to this attack and could be remotely compromised and any information passing through the device could be compromised.
Need
F5 recommends installing the Latest update for BIG-IP platforms see the F5 KB article for specific versions.
For a detailed overview:
https://support.f5.com/csp/article/K52145254?sf235665517=1
________________________________
Cisco Small Business Smart and Managed Switches Session Management Vulnerability
Situation
Cisco has discovered and patched a vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches.
Problem
Cisco has identified a security vulnerability for its Small Business Smart and Managed Switches that could allow an unauthenticated remote attacker to defeat authentication protections and gain unauthorized access to the management interface. Which could result in an attacker gaining elevated privileges and control.
Implication
Failure to patch systems could result in loss of control of affected systems. Possible compromise of system and network integrity.
Need
Cisco advises patching the software to the most recent security update for smart and managed switches, 2.5.5.47.
For a brief overview:
For a more detailed overview:
_______________________________
Samba Security Updates Released
Situation
The Samba Team has released security updates to address four vulnerabilities in multiple versions of Samba.
Problem
The vulnerability (CVE-2020-10730) is caused by a client combining the ‘ASQ’ and ‘VLV’ LDAP controls which can cause a NULL pointer de-reference which can lead to a use-after-free in Samba’s AD DC LDAP server.
The vulnerability (CVE-2020-10745) is caused by the compression of replies to NetBIOS over TCP/IP name resolution and DNS packets can be abused to consume excessive amounts of CPU on the Samba AD DC.
The vulnerability (CVE-2020-10760) is caused by the use of the paged_results or VLV controls against the Global Catalog LDAP server on the AD DC which can cause a use-after-free memory exploitation.
The vulnerability (CVE-2020-14303) is caused by the AD DC NBT server entering in a CPU spin and not processing further requests once it receives an empty (zero-length) UDP packet to port 137.
Implication
If an attacker is able to successfully exploit the vulnerabilities that causes a use-after-free they may be able to perform an arbitrary code execution which can take control of the affected system. If an attacker is able to successfully exploit the other vulnerabilities it can result in a denial-of-service attack on the affected system
Need
Samba versions 4.10.17, 4.11.11, and 4.12.4 have been issued as security releases to correct these vulnerabilities. It is recommended for users and administrators to upgrade these releases or apply the patch as soon as possible. Addition information as well as workarounds can be found in the links below.
Additional information
CVE-2020-10730:
https://www.samba.org/samba/security/CVE-2020-10730.html
CVE-2020-10745:
https://www.samba.org/samba/security/CVE-2020-10745.html
CVE-2020-10760:
https://www.samba.org/samba/security/CVE-2020-10760.html
CVE-2020-1430: