Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] CISA Alert: Microsoft and Cisco Vulnerabilities Exploited

Executive Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog to include two new vulnerabilities that are actively being exploited.

One of them is an old high-severity vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software. The other one is a critical vulnerability in Microsoft Exchange. Please see more information about these vulnerabilities below.

Certainly, it is important for organizations to promptly patch these vulnerabilities.

Cisco Vulnerability: CVE-2020-3259

CVE-2020-3259 is a high-severity vulnerability in the web services interface of Cisco ASA Software and Cisco FTD Software.

This flaw, which has a CVSS score of 7.5, is an old issue that Cisco fixed back in 2020. It could allow an unauthenticated, remote attacker to retrieve memory contents from an affected device, potentially leading to the disclosure of confidential information. The issue arises from a buffer tracking problem encountered when the software processes invalid URLs requested through the web services interface.

To exploit this vulnerability, an attacker would need to send a specifically crafted GET request to the web services interface. It is important to note that this vulnerability is exploitable without any privileges or user interaction with low complexity.

Successful exploitation could result in the attacker obtaining sensitive information from the device’s memory. It’s important to note that this vulnerability specifically impacts certain configurations of AnyConnect and WebVPN.

Furthermore, the Truesec team found evidence in late January suggesting that the Akira Ransomware group may be exploiting this flaw.

To resolve this issue, Cisco recommends updating the affected software to the latest available version. Please refer to Cisco’s security advisory for more detailed information.

Microsoft Vulnerability: CVE-2024-21410

This vulnerability in Exchange Server, is a critical privilege escalation issue with a CVSS score of 9.8.

An attacker could exploit this flaw by relaying a user’s leaked Net-NTLMv2 hash to authenticate on a vulnerable Exchange Server. Eventually, its exploitation could lead to unauthorized access and control over the server.

Microsoft addressed it in its latest Patch Tuesday updates. Later, the company has acknowledged in its security bulletin that the critical flaw is actively being exploited.

Moreover, this is the third publicly exploited vulnerability Microsoft addressed in its February 2024 Patch Tuesday, following two zero-day vulnerabilities. You can visit our recent news article for more information on Microsoft’s February 2024 Patch Tuesday updates.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.