VERT’s Cybersecurity News for the Week of July 25, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories.
SonicWall fixed critical SQLi in Analytics and GMS products
Security company SonicWall addressed a critical SQL injection (SQLi) vulnerability, tracked as CVE-2022-22280 (CVSS score 9.4), in Analytics On-Prem and Global Management System (GMS) products, reports Security Affairs. “There is no workaround available for this vulnerability,” SonicWall said.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
SonicWall’s Analytics On-Prem and Global Management System are subject to a SQL injection vulnerability. This vulnerability can be exploited by an unauthenticated attacker. It is possible that the Web Application Firewall could detect and block SQLi attacks. Upgrade GMS to 9.3.1-SP2-Hotfix-2 and Analytics to 2.5.0.3-2520-Hotfix1 to resolve this vulnerability.
Drupal developers fixed a code execution flaw in the popular CMS
The Drupal development team released security updates to fix multiple issues in the popular CMS, including a critical code execution flaw, Security Affairs noted. The most severe one is tracked as CVE-2022-25277 with the other three rated “moderately critical.”
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Drupal is subject to a PHP code execution vulnerability. This vulnerability exists because the protections for SA-CORE-2020-012 and SA-CORE-2019-010 conflicted with each other. Drupal sites that are configured to allow upload with a htaccess extension are vulnerable. Drupal versions 9.4 and 9.3 running on Apache (with specific configurations) are affected by this vulnerability.
Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak
Atlassian has warned customers that a vulnerability in Questions for Confluence will likely be used in attacks, Security Week reports. The announcement came after someone made public a piece of information needed to exploit a recently addressed vulnerability.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
Atlassian Confluence is subject to this exploit because someone leaked the hardcoded password Questions for Confluence creates when enabled – the username is “disabledsystemuser”. Once configured this account has access to non-restricted pages within Confluence. The hardcoded credentials has been released on Twitter. Systems running Questions for Confluence versions 2.7.34, 2.7.35, or 3.0.2 are impacted by this issue. Atlassian has resolved this issue with Questions for Confluence versions 2.7.38 and 3.0.5. To resolve this vulnerability Questions for Confluence should be upgraded or the hardcoded account should be disabled.
Critical FileWave MDM Flaws Open Organization-Managed Devices to Remote Hackers
FileWave’s mobile device management (MDM) system has been found vulnerable to two critical security flaws, states The Hacker News. If exploited, these vulnerabilities could be leveraged to carry out remote attacks and seize control of a fleet of devices connected to it.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
FileWave’s mobile device management system has an authentication bypass vulnerability and a hard-coded cryptographic key. These vulnerabilities could be used to exfiltrate information and install malicious packages. Vulnerable instances of the product have been located on the internet. FileWave has released 14.7.2 to resolve these issues.
Keep in Touch with Tripwire VERT
Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.