VERT’s Cybersecurity News for the Week of June 20, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.
Over a Dozen Flaws Found in Siemens’ Industrial Network Management System
Cybersecurity researchers have disclosed details of 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems, reports The Hacker News.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
15 vulnerabilities have been discovered in the Siemens SINEC network management system. Several of these vulnerabilities could be used to gain code execution on a vulnerable system. The vulnerabilities in question are tracked as CVE-2021-33722 through CVE-2021-33736. Siemens has provided an update for vulnerable systems, version V1.0 SP2 Update 1 was released on October 12, 2021.
Cisco will not address critical RCE in end-of-life Small Business RV routers
Cisco announced that it will not release updates to fix the CVE-2022-20825 flaw in end-of-life Small Business RV routers, notes Security Affairs. Instead, the company encourages upgrading to newer models.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Certain Cisco Small Business RV routers are subject to a code execute/denial of service vulnerability. This vulnerability requires that remote management is enabled on WAN connections. This vulnerability exists because of improper validation of user input. An attacker could potentially execute code or cause denial of service conditions. Successful code execution provides an attacker with root-level privileges.
WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin
Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a critical vulnerability affecting the Ninja Forms plugin. The Wordfence threat intelligence team spotted the flaw in June and documented it in an advisory by the company on Thursday, announced IT Security Guru.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
WordPress released an update that was automatically applied to vulnerable systems. This update fixed a vulnerability that allowed attackers to use Ninja Forms to inject objects. Attackers could use NF_Admin_Processes_ImportForm to execute code using deserialization. The patch was applied to the following versions: 3.0.34.2, 3.1.10, 3.2.28, 3.3.21.4, 3.4.34.2, 3.5.8.4 and 3.6.11.
Google Chrome extensions can be fingerprinted to track you online
A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online, reports Bleeping Computer. To track users on the web, it is possible to create fingerprints, or tracking hashes, based on various characteristics of a device connecting to a website.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Google Chrome extensions can be used to fingerprint a system and track it. Systems can be tracked using certain characteristics such as the GPU and installed Windows applications. “zoccc”, a web developer, determined that a hash can be generated using the extensions that are installed. This technique uses the “web_accessible_resources.” Chrome extensions make certain assets available to websites or other extensions. zoccc discovered a resource timing comparison method that can be used to determine if an extension is installed.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.
