In this month's security bulletin, we had a few active exploits*.
Do any of these critical vulnerabilities affect your business?
Cisco AnyConnect Secure Mobility Client Arbitrary CodeExecution Vulnerability
- Identifier: CVE-2020-3556
- Exploit Info / POC: YES - Actively being exploited
- Description: A vulnerability in the interprocess communication (IPC)channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script.
- The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user.
- Mitigation Recommendation: Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability currently as of November 10th 2020.
Oracle Solaris Pluggable authentication module No-Auth
- Identifier: CVE-2020-14871
- Exploit Info / POC: YES - Actively being exploited
- Description: Vulnerability in the Oracle Solaris product of Oracle Systems(component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 BaseScore 10.0
- Mitigation Recommendation: There is no other option for mitigation aside from patching.
- Update: https://www.oracle.com/security-alerts/cpuoct2020.html
Windows Kernel Local Elevation of Privilege Vulnerability
- Identifier: CVE-2020-17087
- Exploit Info / POC: YES - Actively being exploited
- Description: CVE-2020-17087 is an elevation of privilege vulnerability in the Windows kernel Cryptography Driver, cng.sys, that was exploited in the wild as part of a vulnerability chain with CVE-2020-15999, a buffer overflow vulnerability in the FreeType 2 library used by Google Chrome.CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system. This is the second vulnerability chain involving a Google Chrome vulnerability and a Windows elevation of privilege vulnerability exploited in the last year.
- Mitigation Recommendation: There is no other option for mitigation aside from patching.
- Update: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087
Windows Network File System Remote Code ExecutionVulnerability
- Identifier: CVE-2020-17051
- Exploit Info / POC: YES - Actively being exploited
- Description: A critical vulnerability (CVE-2020-17051) exists in theWindows NFSv3 (Network File System) server. NFS is typically used forWindows and Unix/Linux for file sharing. This vulnerability requires no user interactions.
- Mitigation Recommendation: There is no other option for mitigation aside from patching.
- Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17051
Want to see the 3 other vulnerabilities listed in our latest bulletin AND receive the next bulletin directly in your inbox as soon as it's released?
Subscribe today & get future security bulletins.
*Active exploits may have changed since the dissemination of this bulletin.
