Search This Blog

Showing posts with label Patch Fix. Show all posts

SonicWall Urges Customers to 'immediately' Patch NSM On-Prem Bug


SonicWall urges customers to “immediately” patch a post-authentication vulnerability that impacts on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution.

The CVE-2021-20026 vulnerability affects NSM 2.2.0-R10-H1 and previous versions, and it was patched by SonicWall in NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions. It has an 8.8/10 severity rating from SonicWall, and authenticated intruders can use it for OS command injection in low-complexity attacks that don't require user interaction. 

The SonicWall stated, "This critical vulnerability potentially allows a user to execute commands on a device's operating system with the highest system privileges (root). This vulnerability only impacts on-premises NSM deployments, SaaS versions of NSM are not affected." 

SonicWall is urging consumers to patch their devices instantaneously, despite the fact that the business did not mention an immediate threat of attackers exploiting this vulnerability or active in the wild exploitation. 

"SonicWall customers who are running the on-premises NSM versions listed below should upgrade to the patched version as soon as possible," the company advised. 

When requested for comment by Bleeping Computer, SonicWall refused to provide any specifics about the active exploitation of CVE-2021-20026, instead responded with the information in the security advisory. 

Several SonicWall appliance vulnerabilities have been targeted by threat actors this year. Many of them are zero-days that were actively exploited in the wild before the company released fixes. SonicWall fixed an actively exploited zero-day vulnerability affecting the SMA 100 series of SonicWall networking devices in February. 

A financially motivated threat actor, which was tracked down by Mandiant threat analysts  as UNC2447, took advantage of another zero-day in SonicWall SMA 100 Series VPN appliances to spread newly found FiveHands ransomware on the networks of North American and European targets. 

In January, the same zero-day bug was exploited in assaults targeting SonicWall's internal systems, and it was afterward exploited indiscriminately in the wild. SonicWall patched three more zero-day vulnerabilities discovered in the wild in March, impacting the company's on-premises and hosted Email Security (ES) products. 

These zero-days were abused by a group known as UNC2682 to backdoor systems via BEHINDER web shells, allowing the attackers to travel laterally through their victims' networks and access emails and files, as Mandiant discovered researching the attacks.

Chinese WeChat Users Targeted by Attackers Using Recent Chromium Bug


According to a local security firm, a Chrome exploit published online last week has been weaponized and exploited to target WeChat users in China. 

The malicious links were sent to WeChat users in the attacks. When users clicked the connection via a link, a piece of JavaScript code was launched, which loaded and executed shellcode on their operating systems. 

Threat actors used the recently revealed Chrome exploit to attack WeChat users in China, according to China-based firm Qingteng Cloud Security. The attacks, according to the researchers, were limited to users of the WeChat Windows app. The security firm didn't reveal which of the two proof-of-concept codes released last week were used in the attacks. 

This is because the attackers repurposed proof-of-concept code for two different bugs in the Chromium browser engine, which the WeChat Windows client uses to open and preview links without having to open a separate browser, which was published on Twitter and GitHub last week. The proof of concept code published last week —both of them— allowed attackers to run malicious code inside any Chromium-based browser. 

However, since most web browsers run Chromium in a "hardened mode" where the "sandbox" security protection function helps to prevent malicious code from escaping to the underlying operating system, due to which the exploit code was deemed useless on its own. 

As the security researchers informed The Record in interviews last week, their proof-of-concept code would work fine against apps that used the Chromium project as a foundation but forgot to allow sandbox defense. 

The WeChat client patched last week but Qingteng did not reveal that which of the two Chromium exploits revealed online last week was used in the wild in China; however, the security firm said it alerted Tencent, the creator of the WeChat app, and that Tencent had incorporated the latest Chromium security updates to patch the attack vector. 

Both vulnerabilities have been fixed by the Chromium team, but the patches are still finding their way downstream to all applications that use the browser engine. Only Microsoft Edge has patches for both exploits right now whereas the first bug has been fixed in Chrome.