CVE-2019-19781: Critical Vulnerability in Citrix ADC and Gateway Sees Active Exploitation While Patches are Still Not Available

Following the release of exploit scripts for a critical flaw in Citrix Application Delivery Controller (ADC) and Gateway, attackers launch attacks against vulnerable hosts, while Citrix announces release date for patches Background Attacks Increase After Exploit Scripts Released On January 10, Tenable Security Response observed exploit scripts for CVE-2019-19781, a critical vulnerability in … [Read more...]

CVE-2019-19781: Exploit Scripts for Remote Code Execution Vulnerability in Citrix ADC and Gateway Available

Attackers are actively probing for vulnerable Citrix Application Delivery Controller (ADC) and Gateway hosts, while multiple proof-of-concept scripts are released, emphasizing the importance of mitigating this flaw immediately. Background On December 17, Citrix published a support article for CVE-2019-19781, a path traversal flaw in Citrix ADC and Citrix Gateway, both of which were formerly known … [Read more...]

CVE-2019-17026: Zero-Day Vulnerability in Mozilla Firefox Exploited in Targeted Attacks

Mozilla releases patch to address Firefox flaw being used as part of targeted attacks. Background On January 8, Mozilla Foundation released a security advisory to address a critical zero-day flaw in Mozilla Firefox, which has been exploited in targeted attacks. Analysis CVE-2019-17026 is a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time (JIT) compiler for SpiderMonkey, … [Read more...]

CVE-2019-11510: Critical Pulse Connect Secure Vulnerability Used in Sodinokibi Ransomware Attacks

Recent rash of ransomware attacks are leveraging an eight-month-old flaw in a popular SSL VPN solution used by large organizations and governments around the world. Background On January 4, security researcher Kevin Beaumont (@GossiTheDog) observed two "notable incidents" in which a vulnerability in a Secure Socket Layer (SSL) Virtual Private Network (VPN) solution was used to breach two … [Read more...]

CVE-2019-15975, CVE-2019-15976, CVE-2019-15977: Critical Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager

Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities. Background On January 2, Cisco published a series of advisories for Cisco Data Center Network Manager (DCNM), a platform for managing Cisco’s data center deployments equipped with Cisco’s NX-OS. A total of 12 vulnerabilities were found and reported to Cisco, 11 of … [Read more...]

CVE-2018-0296: Vulnerability in Cisco ASA and Firepower Appliances Sees Spike in Exploit Attempts

The Cisco Adaptive Security Appliance and Firepower Appliance vulnerability patched over a year ago continues to be targeted by attackers in the wild, as exploitation attempts have increased in frequency over the past several weeks. Background On December 20, researchers at Cisco Talos published a blog post warning that a previously patched flaw in Cisco Adaptive Security Appliance (ASA) and … [Read more...]

CVE-2019-0604: Critical Microsoft SharePoint Remote Code Execution Flaw Actively Exploited

The SharePoint flaw first exploited in the wild in May continues to be exploited nine months after it was patched by Microsoft. Background On December 10, security researcher Kevin Beaumont published a tweet cautioning organizations to patch a Microsoft SharePoint flaw that’s been actively exploited in the wild since at least May, and has since remained a valuable asset to cybercriminals. A … [Read more...]

Apache Solr Vulnerable to Remote Code Execution Zero-Day Vulnerability

Apache Solr remains vulnerable to a zero day weeks after proof-of-concept code became public. Background On October 29, a proof of concept (PoC) for a remote code execution (RCE) vulnerability in Apache Solr, a popular open-source search platform built on Apache Lucene, was published as a GitHub Gist. At the time this blog was published, this vulnerability did not have a CVE identifier and no … [Read more...]

CVE-2019-14271: Proof of Concept for Docker Copy (docker cp) Vulnerability Released

Proof-of-concept (PoC) code for a security flaw in Docker, the popular containerization platform, is now public. Background On November 19, researchers at Unit 42, Palo Alto Networks’ research team, published their analysis of a severe vulnerability in the popular container deployment platform, Docker. Analysis CVE-2019-14271 is a critical code injection flaw in the Docker copy (docker cp) … [Read more...]

CVE-2019-0708: BlueKeep Exploited in the Wild to Deliver Cryptocurrency Miner

Researchers identify the first in-the-wild exploit of the BlueKeep vulnerability nearly six months after it was disclosed. Background On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep. Analysis CVE-2019-0708, a critical remote code execution vulnerability in … [Read more...]