CyberSecurity Threats

Cybersecurity Threats Report: May 19th, 2020

Every week, CyberSecure compiles the list of the most recent vulnerabilities on the National Vulnerability Database, uses social signals and tech types to categorize which ones might be the best to surface for average users and businesses. While this condensed list is useful in order to fully contextualize solutions and the urgency of applying patches for certain issues, it certainly isn’t the full picture. 

As always, these are meant to be informational in nature, and not meant as formal advice.

If you’d like a full spreadsheet of the latest vulnerabilities contextualized by technology and social traffic, email us at [email protected], and we’ll provide that for you. 

List of CVEs

CVE-2020-2018 (pan-os)
CVE-2020-12717 (abtracetogether, covidsafe, protego_safe, tracetogether)
CVE-2020-13109
CVE-2020-12651
CVE-2020-12856
CVE-2020-2017 (pan-os)

CVE Descriptions

CVE-2020-2018 (pan-os): An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6.

CVE-2020-12717 (abtracetogether, covidsafe, protego_safe, tracetogether): The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.

CVE-2020-13109: Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.

CVE-2020-12651: SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.

CVE-2020-12856: OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.

CVE-2020-2017 (pan-os): A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator’s browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0.

What does that actually mean and how can I solve these issues?

CVE-2020-2018 (pan-os) and CVE-2020-2017 (pan-os): PAN-OS is the operating system behind the Palo Alto firewall network. PAN-OS instances and versions earlier than 7.1.26 for 7.1, earlier than 8.1.1.3 for 8.1 versions earlier, and 9.0 versions before 9.0.06 and all versions of PAN-OS 8.0 have multiple vulnerabilities that need to be patched, that could affect you by having unauthenticated users enter your firewall and register it for their devices, or take over administrator actions remotely with a targeted phishing attack by executing code arbitrarily. This can be mitigated by updating PAN-OS instances and by following Best Practices for Securing Administrator Access. Most notably, you and any team members should be aware of the latest and best anti-phishing practices and maintain vigilance over emails sent from unknown sources. 

CVE-2020-12717 (abtracetogether, covidsafe, protego_safe, tracetogether) and CVE-2020-12856: For these, inherent insecurities on OpenTrace, used by multiple COVID-tracking apps, seem to allow attackers the ability to access location data of devices. While this vulnerability is still under embargo, and full details haven’t been released yet, it’s a good idea to track updates, especially if you’re in a jurisdiction where you’d be potentially affected (ex: Alberta, Singapore, Australia). 

CVE-2020-12651: SecureCRT provides SSH access to files, or secure files remotely. Versions before 8.7.2 could have been remotely attacked, corrupting memory and allowing for attackers to arbitrarily execute code or crash a particular system. If you have a tech team and they’re using SSH and accessing remote systems, it’s possible they might use SecureCRT as a way of doing that. This attack can be replicated by pasting a line in a terminal and making a remote connection. You would need to update SecureCRT versions beyond 8.7.2 in order to ensure that you have a higher level of security.   

CVE-2020-13109 (BONUS): If you happen to play Morita Shogi 64, the only official N64 game to include a modem in its cartridge for the online game, you should be aware that remote attackers can run arbitrary code on your N64. If anything else, it’s a reminder that old devices can always be attacked.  

CVE Links for more details

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2018
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12717
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13109
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12651
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12856
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2017

Leave a Reply

Your email address will not be published. Required fields are marked *