Netizen: March Vulnerability Review
Security vulnerabilities are a common occurrence in managing any business’s organizational security. The prompt patching and remediation of any new vulnerabilities are critical to reducing outside attack surface. Netizen’s Security Operations Center (SOC) has compiled four vulnerabilities from February that should be immediately patched or addressed if present in your environment. Detailed writeups below:
Improper Input Validation, Authorization Bypass in Kron Tech Single Connect on Windows. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and the Single Connect version 2.16. The Kron Technologies Single Connect product is a privileged access management suite for enterprise IT security. This is an IDOR (Insecure Direct Object References) vulnerability that doesn’t properly check & validate a user’s input which can allow an attacker to bypass authentication and gain access to other users’ data or records by the modification of a key value identifying the data. This could lead to a possible privilege escalation. This vulnerability does not require user interaction and has a high impact on the CIA Triad.
JMSSink in all versions of Log4j 1.x is vulnerable to the deserialization of untrusted data. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10 and only affects Log4j 1.x when specifically configured to use JMSSink, an Apache application. This vulnerability allows an attacker with write access to the Log4j configuration or has access to an LDAP service that is referenced by the Log4j configuration, to send untrusted data to the JMSSink which allows JNDI requests that can result in an RCE (Remote Code Execution). This exploit could possibly lead to data exfiltration and a DOS (Denial of Service). Apache Log4j 1.2 reached end of life in August 2015, and it is suggested that it be upgraded to Log4j 2.
Apache Software Foundation Apache ShenYu Improper Privilege Management vulnerability.
This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. This vulnerability doesn’t require user interaction to exploit this low-complexity attack. An insider threat actor with low-level admin privileges can create a user with admin privileges higher than their own because the vulnerability doesn’t assign, modify, track or check privileges properly. This can allow attackers to perform malicious activity on a system. This issue affects Apache ShenYu version 2.5.0, and it is advised to upgrade to Apache ShenYu 2.5.1 or apply the patch from here.
Apache Chainsaw vulnerability previously named CVE-2020-9493 deserialization issue. This vulnerability has a NIST CVSSv3 base score rating of 8.8/10. Chainsaw is a GUI-based application that can be used to view log files. Versions of Chainsaw prior to version 2.0 were a component of the Apache Log4j version 1.2.x where the same vulnerability existed as well and was reported as CVE-2020-9493. The vulnerability can allow an attacker to send untrusted data which can result in an RCE (Remote Code Execution). The NIST rating reports a high impact on the CIA Triad.
In conclusion, software vulnerabilities are a common nuisance to IT and security teams everywhere. Organizations that prioritize the remediation and patching of these vulnerabilities will drastically reduce their attack surface and ensure no doors into their environment are left unlocked.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact