HTG Threat Report

Threat Report 7/20/23

Written by Evan Kennedy | Jul 27, 2023 6:26:28 PM

Multiple Vulnerabilities in Progress
MOVEit Transfer Could Allow for Unauthorized Database Access

 

Multiple vulnerabilities have been discovered in Progress MOVEit Transfer, which could allow for unauthorized database access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. If successfully exploited, an attacker could gain unauthorized access to the database, potentially compromising confidential information, user credentials, and other sensitive data. This unauthorized access could also result in unauthorized modifications and disclosure of the database content.

 

Affected Systems:

  • MOVEit Transfer versions before 2020.1.11 (12.1.11)

  • MOVEit Transfer versions before 2021.0.9 (13.0.9)

  • MOVEit Transfer versions before 2021.1.7 (13.1.7)

  •  MOVEit Transfer versions before 2022.0.7 (14.0.7)

  • MOVEit Transfer versions before 2022.1.8 (14.1.8)

  • MOVEit Transfer versions before 2023.0.4 (15.0.4)

 

Risk

  • Large and medium business entities: High
  •  Small business entities: Medium

 

Remediation Recommendations

  • Disable all HTTP and HTTPs traffic to your MOVEit Transfer environment until a patch is released.

  • Apply appropriate patches and workarounds provided by Progress to vulnerable systems, immediately after appropriate testing.

  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed to the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems.

  • Restrict execution of code to a virtual environment on or in transit to an endpoint system.

  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.

 

References:
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023

Multiple Vulnerabilities in Apple PRODUCTS COULD Allow for Arbitrary Code Execution

 

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Affected Systems:

  • macOS Ventura prior to 13.4.1(c)

  • iOS prior to 16.5.1(c)

  • iPadOS prior to 16.5.1(c)

  • Safari prior to 16.5.2

 

Risk

  • Large and medium business entities: High
  •  Small business entities: High

Remediation Recommendations

  • Ensure all Apple devices have the latest version(s) installed.
  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

 

References
     

Critical Patches Issued for Microsoft Products, July 11, 2023

 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Affected Systems:

  • Many Windows applications and services including, but not limited to, Office, .NET, and Visual Studio.

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all Microsoft products have the latest version available installed.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

 

References

 
     

 A Vulnerability in FortiOS and FortiProxy
Could Allow for Remote Code Execution

 

A vulnerability has been discovered in Fortinet FortiOS and FortiProxy, which could allow for remote code execution. FortiOS is Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web gateway that attempts to protect users against internet-borne attacks and provides protection and visibility to the network against unauthorized access and threats. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 

 

Affected Systems:

  • FortiOS version 7.2.0 through 7.2.3

  • FortiOS version 7.0.0 through 7.0.10

  • FortiProxy version 7.2.0 through 7.2.2

  • FortiProxy version 7.0.0 through 7.0.9

Risk

  • Large and medium business entities: High
  • Small business entities: Medium

 

Remediation Recommendations

  • Ensure all versions of all FortiOS and FortiProxy products are updated to their latest versions.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

 

References

 
     

A Vulnerability in Cisco SD-WAN vManage
Could Allow for Security Mechanism Bypass

 

A vulnerability has been discovered in Cisco SD-WAN vManage which could allow for a security mechanism bypass. Cisco SD-WAN vManage is a centralized network management console for controlling, configuring, and monitoring devices in a network. Successful exploitation of this vulnerability could allow an attacker to bypass security mechanisms on the targeted host, granting them to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.

 

Affected Systems:

  • Cisco SD-WAN vManage 20.6.3.3

  • Cisco SD-WAN vManage 20.6.4

  • Cisco SD-WAN vManage 20.6.5

  • Cisco SD-WAN vManage 20.7

  • Cisco SD-WAN vManage 20.8

  • Cisco SD-WAN vManage 20.9

  • Cisco SD-WAN vManage 20.10

  • Cisco SD-WAN vManage 20.1

Risk

  • Large and medium business entities: High
  • Small business entities: High

 

Remediation Recommendations

  • Ensure all versions of all Cisco SD-WAN products are updated to their latest versions.

  • Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)

 

References

 
View full post