Rampant Cybersecurity Bulletin

August 2017

Latest High Risk Vulnerabilities

You should be aware of the following vulnerabilities, and we recommend patching them immediately if they apply to your systems.  Click titles below for more details.

Microsoft Edge Privilege Escalation

Reported: August 8, 2017
Affected Products: Microsoft Edge
Details: Microsoft Edge could allow a local user to gain elevated privileges on the system due to improper handling of objects in memory.
Solution: Patch the system to most recent version.

Microsoft Windows Hyper-V code Execution

Reported: August 8, 2017
Affected Products: Microsoft Windows Server 2012, Server 2012 R2, Window 8.1 and 10 x64
Details: Microsoft hyper-V could allow a local guest-authenticated user to execute arbitrary code on the host system due to improper input validation.
Solution: Patch to the most updated version.

Cisco DPC3939 Privilege Escalation

Reported: July 30, 2017
Affected Products: Cisco DPC3939
Details: An attacker could send a specially crafted command and obtain root access to the Application Processor Linux System.

Linux Kernel Privilege Escalation

Reported: August 4, 2017
Affected Products: Linux Kernel 4.12.4
Details: An attacker could gain elevated privileges or cause a denial of service due to a race condition in the inotify_handle_event() function.

Cisco Virtual Network Function Element Manager Command Execution

Reported: August 16, 2017
Affected Products: Cisco VNF Element Manager
Details: Cisco Virtual Network Function Element Manager could allow a remote authenticated attacker to execute arbitrary code on the system, which will run as root on the server.
References:

Apache Subversion svn+ssh:// URL command execution

Reported: August 11, 2017
Affected Products: Apache subversions:
1.4.0
1.5.0
1.6.0
1.7.0
Details: Apache subversion could allow a remote attacker to execute arbitrary shell commands on the system.
Solution: Upgrade apache to the latest version of Subversion available from the Apache website, linked below.
Reference:

Zend Framework Cross-Site Request Forgery

Reported:  August 25, 2017

Affected Products:

Zend Framework versions: 2.3.0-2.3.3

Details: Zend Framework is vulnerable to an attack that is caused by improper validation of user-supplied input. An attacker can remotely send null or malformed token identifiers to perform unauthorized actions.

Solution: Refer to ZF2015-03 for relevant patch and workaround information.

References:

https://framework.zend.com/changelog/2.3.0

https://exchange.xforce.ibmcloud.com/vulnerabilities/131041

Previous Cybersecurity Bulletins

Not sure if you are vulnerable?  Rampant specializes in vulnerability assessments and penetration testing for small & mid-size businesses!

Learn More!

Latest Threat Advisories

You should be aware of the following threats and implement the recommended mitigations to ensure your systems are not impacted.  Click titles below for more details.

Perl Shellbot Command Injection Attack

Description: There has been a sharp increase in scanning for vulnerable web servers. When successful, a perlbot is installed on the system which can DOS, search for SQL injection, and escalate privileges.
Systems Affected: Any Linux/Windows based HTTP server that uses PHP and Perl and does not lock down shell command access from external sources.
Recommendations: Ensure that all content management systems are updated to the most current iteration, and that your web servers perform input validation in order to mitigate users running unauthorized shell commands.