Search This Blog

Showing posts with label Vulnerable Networks. Show all posts

Android's March 2022 Security Updates Patch 39 Vulnerabilities


This week Google has announced the release of security patches for 39 vulnerabilities for the March 2022 security update for Android devices. The most sensitive vulnerability is CVE-2021-39708 which gives a remotely exploitable elevation of privilege to malicious actors. This issue was found in the System component. 

“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation,” Google notes in its advisory. 

The first set of measures arrives on devices as the 2022-03-01 security patch level and addresses CVE-2021-39708 with 17 other bugs. 

According to the data, 10 security issues have been resolved in the System component in which nine issues were elevation of privilege and one was information disclosure vulnerability. Also, six vulnerabilities were resolved in Framework in which four were elevation of privilege and two denials of service bugs. Further, one security measure was patched in Android runtime (elevation of privilege) and the last was in Media Framework (information disclosure). 

Additionally, On Google Pixel devices, the March 2022 Android security measures also have resolved 21 flaws as part of the 2022-03-05 security patch level. Later addresses all of these vulnerabilities along with 41 other security flaws that hit Kernel components (13 flaws), Pixel (26), Qualcomm components (1), and Qualcomm closed-source components (1). 

The March 2022 security measures with patch level 2022-03-05 are released for the Pixel 3a series, Pixel 4 series, Pixel 4a series, Pixel 5, Pixel 5a, however, the Pixel 6 series update is delayed (again). Additionally, the Pixel-specific new measures introduced additional vulnerabilities in the Pixel software, kernel, and both open and closed-source Qualcomm components, the details of which have been given below. 

Global: Pixel 3a: SP2A.220305.012 Pixel 3a (XL): SP2A.220305.012 Pixel 4: SP2A.220305.012 Pixel 4 (XL): SP2A.220305.012 Pixel 4a: SP2A.220305.012 Pixel 4a (5G): SP2A.220305.012 Pixel 5: SP2A.220305.012 Pixel 5a (5G): SP2A.220305.012 Pixel 6: Waiting Pixel 6 Pro: delayed.

Cisco SD-WAN Security Flaw Allows Root Code Execution


Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation flaw in the IOS IE operating system, which could result in arbitrary code execution. 

Cisco's SD-WAN portfolio enables enterprises of all sizes to link different office sites over the cloud utilising a variety of networking technologies, including standard internet connections. Appliances at each location allow advanced analytics, monitoring, application-specific performance specifications and automation throughout a company's wide-area network. Meanwhile, IOS XE is the vendor's operating system that runs those appliances. 

The vulnerability (CVE-2021-1529) is an OS command-injection flaw that allows attackers to execute unexpected, harmful instructions directly on the operating system that would otherwise be inaccessible. It exists especially in the command-line interface (CLI) for Cisco's IOS XE SD-WAN software, and it could permit an authenticated, local attacker to run arbitrary commands with root privileges. 

According to Cisco’s advisory, posted this week, “The vulnerability is due to insufficient input validation by the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.” 

The alert further stated that the exploit method would comprise authenticating to a susceptible device and delivering "crafted input" to the system CLI. An attacker with successful compromise would be able to read and write any files on the system, execute operations as any user, modify system configurations, install and uninstall software, update the OS and/or firmware, and much more, including subsequent access to a corporate network. 

CVE-2021-1529 has a rating of 7.8 on the CVSS vulnerability-severity scale, and researchers and the Cybersecurity and Infrastructure Security Agency (CISA) have advised organisations to fix the problem as soon as possible. 

Greg Fitzgerald, the co-founder of Sevco Security, cautioned that some firms may still have outdated machines connected to their networks, which might provide a hidden threat with issues like these. 

He stated in the email, “The vast majority of organizations do an excellent job patching the vulnerabilities on the systems they know about. The problem arises when enterprises do not have complete visibility into their asset inventory, because even the most responsive IT and security teams can’t patch a vulnerability for an asset they don’t know is connected to their network. Abandoned and unknown IT assets are often the path of least resistance for malicious actors trying to access your network or data.”

This is solely the latest SD-WAN vulnerability addressed by Cisco this year. It patched many significant buffer-overflow and command-injection SD-WAN flaws in January, the most serious of which could be abused by an unauthenticated, remote attacker to execute arbitrary code with root privileges on the affected server.