Weekly threat roundup: Cisco, Windows, Google Cloud VMs

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Cisco flaw abused after PoC posted online

Hackers are exploiting a vulnerability in Cisco’s Adaptive Security Appliance (ASA) after researchers published a proof-of-concept (PoC) for successful exploitation online last week.

The vulnerability tracked as CVE-2020-3580 was originally patched in October 2020, alongside CVE-2020-3581 through to CVE-2020-3583. It concerns flaws in the web services interface of Cisco ASA software and Cisco Firepower Threat Defense (FTD) software.

Tenable researchers have detected attackers abusing the flaw to remotely launch cross-site scripting (XSS) attacks a few days after researchers with Positive Technologies published the PoC. As of July 2020, there were 85,000 ASA/FTD devices distributed across the business landscape.

Netgear routers susceptible to takeover

Microsoft researchers have detailed three vulnerabilities affecting Netgear DGN-2200v1 series routers that hackers can exploit to seize control of devices and gain network access.

The three HTTP authentication security flaws, which were patched in December 2020, are considered critical security issues and range on the CVSS threat severity scale from 7.1 to 9.4 out of ten. They affect routers running firmware versions 1.0.0.60 or earlier.

These vulnerabilities allow hackers to access router management pages using an authentication bypass, which could let them gain control over the router and glean credentials that have been saved by launching side-channel attacks.

Microsoft Edge Translator embedded with uXSS flaw

The Microsoft Edge translation tool is embedded with a universal XSS flaw that allows cyber criminals to execute malicious code on a victim’s web browser.

To trigger the exploit, CyberXplore researchers inserted malicious JavaScript into web pages, alongside text in a foreign language. When the tool either automatically translated the text, or was activated through a prompt, the browser re-rendered the page, but failed to render the image tag, which triggered an error event and activated the malicious function.

The vulnerability, which has now been patched, was tracked as CVE-2021-34506 and is classed as moderately severe. The researchers who discovered the flaw, Vansh Devgan and Shivam Kumar Singh, believe a critical designation would be more appropriate, though. This is because they claim it can trigger XSS on any page across the internet.

Alarms raised over Windows print spooler flaw

Researchers have inadvertently endangered Windows users by releasing a PoC exploitation for an unpatched flaw in the Print Spooler component.

Microsoft had initially fixed a flaw as part of its 8 June Patch Tuesday round of updates, tracked as CVE-2021-1675 and referred to then as a Print Spooler bug. Microsoft upgraded the severity of this vulnerability from a privilege escalation to a remote code execution flaw (RCE) on 21 June.

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeWatch now

This prompted Sangfor researchers to publish a PoC exploitation for a print spooler RCE bug earlier than expected, having originally planned to discuss their work at the Black Hat conference in August. Their exploit was for an entirely different vulnerability, however, from that which Microsoft fixed in June.

It prompted the researchers to delete their PoC, although the code was downloaded and republished elsewhere. There’s no patch currently available, with Sophos urging users to disable the Print Spooler on vulnerable machines until Microsoft develops a fix.

Bug grants root access to Google Cloud VMs

Researcher Imre Rad has uncovered a flaw that cyber criminals can exploit to gain root access to virtual machines (VMs) running on Google Cloud.

Any prospective attack would abuse a weakness in Google’s Infrastructure as a Service (IaaS) product, known as the Google Compute Engine. The vulnerability lies in the random number generator of the ISC DHCP server used by default.

There are two phases to any potential attack. First, attackers must overload a victim’s VM with DHCP traffic to force it to use a malicious metadata server, instead of an official Google one. Then, once the VM is tied with the malicious server, the attacker can send across their SSH public key and gain root access to the VM.

Although Rad reported the bug to Google, the firm hasn’t yet confirmed whether it’s working on a fix. Until then, he's recommended that users refrain from using DHCP, or that they set up a firewall rule to ensure DHCP communication comes from the specified Google metadata server.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021