Home > Security Bulletins > Security Vulnerability Round-Up – 10/02/23

Security Vulnerability Round-Up – 10/02/23

Ethical hacking

Latest Vulnerabilities to Watch

There were a number of vulnerabilities announced recently in major products, though nothing that screamed PATCH NOW. I still like to keep you apprised so let’s have a look at what’s been happening.

Cisco Vulnerabilities

Last week Cisco released advisories for the following vulnerabilities:

The IOx vulnerability got a bit of publicity but the requirements are for an authenticated user and: “Cisco devices that are running Cisco IOS XE Software if they have the Cisco IOx feature enabled and they do not support native docker” meaning that all of theses devices are not affected:

  • Catalyst 9100 Family of Access Points (COS-AP)
  • IOS XR Software
  • Meraki products
  • NX-OS Software (native docker is supported in all releases)
  • IC3000 Industrial Compute Gateways on release 1.2.1 or later

Check the advisory to confirm if you have any vulnerable devices or releases and patch as necessary.


VMware ESXi Hypervisor Ransomware

The French Government incident response team, CERT-FR, discovered a ransomware campaign against unpatched/outdated ESXi hypervisors. The campaign targeted vulnerabilities announced in October 2020 and February 2021, namely: CVE-2020-3992 and CVE-2021-21974.

These ESXi were exposed either directly to the internet or in such a way that access was easy. The targeted service is called SLP and the above vulnerabilities should have already been patched. The affected ESXi versions are:

  • ESXi 7.x versions earlier than ESXi70U1c-17325551
  • ESXi versions 6.7.x earlier than ESXi670-202102401-SG
  • ESXi versions 6.5.x earlier than ESXi650-202102101-SG

CERT-FR detailed a recovery process in their alert bulletin.

If you are running the affected ESXi versions above and for some reason the hypervisor is easily accessible by attackers then please update these immediately.


Jira Service Management Vulnerability

Atlassian released an advisory for a critical vulnerability in Jira Service Management Server and Data Center that can lead to account takeover. If the attacker is included in Jira issues or requests with user accounts that have never been signed into, or if a ‘View Request’ e-mail is sent to the attacker, then this vulnerability can be exploited.

Instances with SSO (single sign-on) are particular vulnerable if anyone can create their own account.

Affected versions of  Jira Service Management Server and Data Center are:

  • 5.3.0 – 5.3.2
  • 5.4.0 – 5.4.1
  • 5.5.0

Fixed versions are:

  • 5.3.3
  • 5.4.2
  • 5.5.1
  • 5.6.0 or later

If you utilise the issues/requests features or SSO then you should patch immediately.


That’s all for now. Thanks for reading and I’ll follow up next week with a Patch Tuesday bulletin.

Best,

James @ spotit