8.5 High – Palo Alto Networks Buffer Overflow Vulnerability
Description: A stack-based buffer overflow vulnerability exists within the Palo Alto Networks GlobalProtect app 5.2.7 and earlier. A stack-based buffer overflow vulnerability exists within applications and enables attackers to redirect application function calls to malicious code. In Palo Alto’s scenario, an attacker is able to potentially execute arbitrary code with system level privileges, granting them the ability to disrupt system processes and execute commands.
Likelihood: Medium – This vulnerability enables an attacker the ability to potentially maintain access if they were to be successful. It also grants them the ability to disrupt system processes which could affect key systems, but due to newer technologies being implemented within applications, it is difficult to execute such an attacker.
Recommendation: Update to the latest version of the GlobalProtect Palo Alto Networks app (5.2.8) to remediate this vulnerability.
8.0 High – SuiteCRM Remote Code Execution Vulnerability
Description: A Remote Code Execution (RCE) vulnerability exists within SuiteCRM 7.11.19 and earlier. An RCE attack involves an attacker executing code from an external location without, technically, physically operating on the compromised device. In SuiteCRM’s situation, the system settings logger_file_name can refer to an attacker-controlled PHP file under the web root directory, allowing attackers to execute their code.
Likelihood: Low – Although the reward for an attacker is extremely high for this attack, being able to gain access to customer operations, a requirement that needs to be satisfied is the compromise of an administrator level account, which is complex.
Recommendation: Update to the latest version of SuiteCRM (7.10.30 LTS) to remediate this vulnerability.
5.0 Low – Portainer Cross Site Scripting Vulnerability
Description: A Cross Site Scripting vulnerability exists within Portainer 2.9.1 and earlier. A Cross Site Scripting vulnerability or XSS is a weakness of poor sanitisation mechanisms in a website application that enables an unauthorised user to inject and execute malicious code. Portainer allows for this vulnerability through its node input box designed as a custom template in their web application which could enable an attacker to freely insert a XSS payload that can be run on user’s devices.
Likelihood: High – The ability to execute such an attack with limited security mechanisms increases the likelihood of this attack as an attacker is likely to execute a relatively simple vulnerability.
Remediation: Proper sanitisation mechanisms should be implemented into the node input box template to ensure that malicious characters or code are processed and removed.