Weekly threat roundup: Cisco, Windows, Google Cloud VMs

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Cisco flaw abused after PoC posted online

Hackers are exploiting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after researchers published a proof-of-concept (PoC) for successful exploitation online last week.

The vulnerability tracked as CVE-2020-3580 was originally patched in October 2020, alongside CVE-2020-3581 through to CVE-2020-3583. It concerns flaws in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.

Tenable researchers have detected attackers abusing the flaw to remotely launch cross-site scripting (XSS) attacks a few days after researchers with Positive Technologies published the PoC. As of July 2020, there were 85,000 ASA/FTD devices distributed across the business landscape.

Netgear routers susceptible to takeover

Microsoft researchers have detailed three vulnerabilities affecting Netgear DGN-2200v1 series routers that hackers can exploit to seize control of devices and gain network access.

The three HTTP authentication security flaws, which were patched in December 2020, are considered critical security issues and range on the CVSS threat severity scale from 7.1 to 9.4 out of ten. They affect routers running firmware versions 1.0.0.60 or earlier.

These vulnerabilities allow hackers to access router management pages using an authentication bypass, which could let them gain control over the router and glean credentials that have been saved by launching side-channel attacks.

Microsoft Edge Translator embedded with uXSS flaw

The Microsoft Edge translation tool is embedded with a universal XSS flaw that allows cyber criminals to execute malicious code on a victim’s web browser.

To trigger the exploit, CyberXplore researchers inserted malicious JavaScript into web pages, alongside text in a foreign language. When the tool either automatically translated the text, or was activated through a prompt, the browser re-rendered the page, but failed to render the image tag, which triggered an error event and activated the malicious function.

The vulnerability, which has now been patched, was tracked as CVE-2021-34506 and is classed as moderately severe. The researchers who discovered the flaw, Vansh Devgan and Shivam Kumar Singh, believe a critical designation would be more appropriate, though. This is because they claim it can trigger XSS on any page across the internet.

Alarms raised over Windows print spooler flaw

Researchers have inadvertently endangered Windows users by releasing a PoC exploitation for an unpatched flaw in the Print Spooler component.

Microsoft had initially fixed a flaw as part of its 8 June Patch Tuesday round of updates, tracked as CVE-2021-1675 and referred to then as a Print Spooler bug. Microsoft upgraded the severity of this vulnerability from a privilege escalation to a remote code execution flaw (RCE) on 21 June.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeDownload now

This prompted Sangfor researchers to publish a PoC exploitation for a print spooler RCE bug earlier than expected, having originally planned to discuss their work at the Black Hat conference in August. Their exploit was for an entirely different vulnerability, however, from that which Microsoft fixed in June.

It prompted the researchers to delete their PoC, although the code was downloaded and republished elsewhere. There’s no patch currently available, with Sophos urging users to disable the Print Spooler on vulnerable machines until Microsoft develops a fix.

Bug grants root access to Google Cloud VMs

Researcher Imre Rad has uncovered a flaw that cyber criminals can exploit to gain root access to virtual machines (VMs) running on Google Cloud.

Any prospective attack would abuse a weakness in Google’s Infrastructure as a Service (IaaS) product, known as the Google Compute Engine. The vulnerability lies in the random number generator of the ISC DHCP server used by default.

There are two phases to any potential attack. First, attackers must overload a victim’s VM with DHCP traffic to force it to use a malicious metadata server, instead of an official Google one. Then, once the VM is tied with the malicious server, the attacker can send across their SSH public key and gain root access to the VM.

Although Rad reported the bug to Google, the firm hasn’t yet confirmed whether it’s working on a fix. Until then, he's recommended that users refrain from using DHCP, or that they set up a firewall rule to ensure DHCP communication comes from the specified Google metadata server.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021