• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Phone-alt Linkedin

Common Vulnerabilities & Exposures May 2021

Vulnerability 1: UPDATED Microsoft Exchange Server RCE (9.8 Critical)

Description: Microsoft Exchange Server has a new remote code execution vulnerability (RCE). These RCE’s enable an attacker to gain allow an attacker to execute code on a computer via a file that could be sent via email or delivered by USB and when downloaded can deploy a reverse shell to the attacker from that target computer to execute commands remotely.

In terms of this particular vulnerability, attackers can run post-exploit scripts that unlock further privileges for the attacker. In this case, attackers can run a ‘post-authentication arbitrary file write’ script that could authenticate with the Exchange server and can be used to write a file to ANY path on the server. This could lead to more privileges for the attacker and allow them more access to certain parts of your exchange server.

Likelihood: High – It is very likely that an attack would occur due to the vulnerability being discovered only a few weeks ago. Furthermore, due to extended access, an attacker could gain, through post-exploitation, the likelihood increases even more.

Recommendation: We recommend patching these vulnerabilities immediately for Microsoft Exchange Server 2013/2016/2019. We also recommend implementing web shell mitigation to prevent the use of unauthorized access to wider network assets, steps can be found here: Web Shell Mitigation Steps.

 

Vulnerability 2: Google V8 Javascript Renderer Process RCE (8.2 High)

Description: Google has a remote code execution vulnerability (RCE). In Google’s case, there exists a vulnerability that resides within Google’s JavaScript and WebAssembly engines that allows an attacker to input data into these engines to run in the background of a webpage. The reason for this is due to the insufficient validation methods used in these engines and is what attackers can rely on to not pick up their code.

Likelihood: Medium – Although it is likely that an attacker would exploit this vulnerability, due to the security controls and readiness of Google to release and identify patches, there is a medium to low likelihood that your device would get compromised. Furthermore, Google has developed exploit variants for this sort of attack and they’ve already developed a patch.

Recommendation: Due to it being a backend vulnerability, within Google’s chromium platform, our recommendation is to constantly check your chrome browser for any updates, and patch it immediately.

 

Vulnerability 3: Cisco RV Series Bypass File Upload Vulnerability (7.3 High)

Description: Cisco has a file upload vulnerability. A file upload vulnerability allows an attacker to send a well-crafted HTTP request to a device and, using this HTTP request, can grant unauthenticated access to a remote attacker. The remote attacker can then proceed to upload files to administrator-level directories and below.

Likelihood: Medium – The level of access that an attacker could gain to the target system is extremely high, but the attacker would have had to do extensive reconnaissance about their target to understand how vulnerable the system is and what resources use that system to connect to the internet.

Recommendation: We recommend patching the following RV Series Cisco Routers: 160, 160W, 260, 260P, 260W, 340, 340W, 345, 345P, to the latest version as soon as possible. Furthermore, we also recommend, at least, implementing an ‘inactivity timeout’ for every session, and to maintain session identifier information confidential by e.g not exposing the session identifier in the URL or by setting appropriate flags on the session identifier token, to prevent the attackers from exploiting the improper session management attack vector.

Recent blog posts

Common Vulnerabilities and Exposures – October 2022

Read More »

Hacks – October 2022

Read More »

Protecting your data – The CIA Triad – Part One: Confidentiality

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

News U.S Colonial Fuel Pipeline Ransomware Attack

Read More »

Log4j Vulnerability

Read More »

Common Vulnerabilities and Exposures December 2021

Read More »

Hacks – May 2022 – Follina Zero Day Vulnerability

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com