Sep 30: CSW Patch Watch & Security Updates

Two weeks ago, CISCO, Citrix, IBM, Pulse Secure, Amazon, Dell, RedHat and many others  released security updates.

Here is our analysis about these updates –

1. 150 vulnerabilities are in focus here and we have for you –
   1. 26 hotfixes
   2. 123 security updates
   3. 1 patch update
2. We analyzed 150 vulnerabiities and here are our findings –
   1. 144 CVEs are yet to be weaponized
   2. 6 CVEs have known exploits
      1. CVE-2019-15605 – HTTP Request Smuggling
      2. CVE-2020-0543 – Special Register Buffer Data Sampling (SRBDS)
      3. CVE-2020-14364 – Denial of Service (DOS)
      4. CVE-2020-16845 – Denial of Service (DOS)
      5. CVE-2020-24553 – Cross-Site Scripting
      6. CVE-2020-1472 – PE capabilities
3. We also discovered that CISA has released security alerts for these 5 CVEs –
   1. CVE-2020-3486 (High severity) is a remote vulnerability with a (CVSS) score of 3.0 that exists in TwinCAT versions 2.10, 2.11, 2.11R2 and when exploited successfully it could result in Denial of Service.
   2. CVE-2020-0543 (Medium severity) is a vulnerability that exists in Siemens products. This vulnerability has a known exploit that triggers Special Register Buffer Data Sampling (SRBDS) and allows an authenticated user to enable information disclosure via local access. The vulnerbaility has a CVSSv3 score of 5.5 and requires low skill to exploit. 
   3. CVE-2020-1472 (Critical severity) – Publicly exploitable vulnerability with the highest Common Vulnerability Scoring System (CVSS) score of 10.0 from Microsoft. Unbeknownst to many, this exists in the Neotlogy Protocol as a privilege escalation weakness titled as Zerologon but the great news is that a patch is available and Microsoft is planning to  issue the second patch by Feb 9, 2021. Leveraging this vulnerability, the attacker could obtain the domain administrator access therefore patching this vulnerability is essential. 
   4. CVE-2020-13934 (High severity) is a flaw found in Apache Tomcat where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. With a (CVSS) score of 7.5, this vulnerability could lead to Denial of Service. 
   5. CVE-2020-13935 (High severity) is a flaw in Apache Tomcat where invalid payload lengths could trigger an infinite loop. With a (CVSS) score of 7.5, this vulnerability causes Denial of Service. 

We also found two alerts with high severity for a malware and a ransomware – 

1. LokiBot Malware (High severity) – also known as Loki PWS, is a trickster malware with a CVSS score of 9.3 uses trojan malware to steal credentials, and sensitive information is often sent as a malicious attachment. Click here to find a script to detect this malware and advisory on mitigation.
2. We also found a vulnerability available in QNAP NAS Devices is being targeted by AgeLocker Ransomware. This ransomware also targets Linux and Mac OS devices. Click here to view more information about this vulnerability and the process to update the device. Interestingly, a warning about QNAP devices being vulnerable to remote takeover attacks was published in Zdnet in May 2020. 

Table 1: Vulnerabilities with Security Alerts & Patches

4. From among the 150 vulnerabilities we found 14 old vulnerabilities ranging from years 2017 to 2019. Fixing old vulnerabilities is critical for cyber hygiene as these are often overlooked and therefore exploited by threat actors.

Table 2: Old Vulnerabilities & Patches

You can download the vulnerabilities that we have summarized above and patch them immediately.

Table 3: Vulnerabilities with known exploits & Patches

In the below-given table you will find the rest of the vulnerabilities and their patches. Though these are not yet weaponized it would be optimum for cyber hygiene to patch these immediately.

Table 4: Vulnerabilities yet to be weaponized & Patches

Happy Patching!
Team CSW