The Tripwire Vulnerability Exposure and Research Team (VERT) are constantly looking out for exciting stories and developments in the cybersecurity world. Here’s what news stood out to us, including some comments on these stories.
Vulnerabilities discovered in Netcomm and TP-Link Routers
Netcomm routers are subject to an authentication bypass and a buffer overflow. Chaining these vulnerabilities together could allow attackers to execute arbitrary code. Vulnerable devices include NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.
TP-Link routers are subject to information disclosure and a code execution vulnerability. Attackers could use CVE-2022-4499 to determine the username and password. This CVE allows attackers to measure the response time to determine each byte. James Hull discovered these vulnerabilities.
ManageEngine RCE should be patched
Zoho ManageEngine was subject to a code execution vulnerability. Patches were released last year for this vulnerability. Any unpatched systems allow attackers to execute arbitrary code on ManageEngine services when SAML single sign-on is enabled. The vulnerability allows code to be executed with the permissions of “NT AUTHORITY\SYSTEM” account and enables an attacker to take over a vulnerable system. The security researchers that discovered this vulnerability are planning to release a PoC. They are warning systems admins who have yet to patch their systems.
Sophos Firewall is subject to a code execution vulnerability
Sophos Firewall was subject to a remote code execution vulnerability. This vulnerability was patched in December 2022. WAN access should be disabled for systems that are unable to be patched. An attacker would need to include an automated captcha solver to exploit this issue because the Sophos Firewall requires clients to solve a captcha during authentication. With a captcha solver, it would be easier to attack systems automatically.
Accounts breached in credential stuffing attack
PayPal notifies users who had their account breached in a credential stuffing attack. Credential stuffing attacks are made possible by previous leaks from other websites. It is estimated that this attack impacted around 35,000 users. Passwords were reset for users that were affected by this breach. It is recommended that users use strong and complex passwords and minimize password reuse across websites.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.