VERT’s Cybersecurity News Roundup – Week of January 17, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT.

Root-Level RCE Vulnerability Patched by Cisco

Bleeping Computer reported that Cisco had issued a fix for CVE-2022-20649. The bug enabled someone to remotely execute code with root-level privileges on machines running vulnerable versions of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. In a security advisory, the company clarified that the flaw arose from the fact that debug mode was incorrectly enabled for certain services.

Andrew Swoboda | Senior Security Researcher at Tripwire

Cisco Redundacy Configuration Manager is subject to a remote code execution vulnerability. This issue exists on Cisco StarOS software while running in debug mode. Command execution occurs with root privileges. Cisco is not aware of any attacks using this vulnerability.

Nearly 100K WordPress Sites Vulnerable to High-Severity Bug

According to DataBreachToday, security researchers discovered a cross-site request forgery vulnerability (tracked as CVE-2022-0215) with a CVSS score of 8.8. The flaw affected three plugins running across 84,000 WordPress sites. When exploited, the bug could allow a malicious actor to assume control over a vulnerable website.

Tyler Reguly | Senior Manager, Security R&D at Tripwire

They must convince that WordPress administrator to click a link or visit a website in order to execute the attack. Ultimately, I would compare this to the Windows problem. For years, we’ve heard that Windows is less secure that macOS and Linux, but in reality, there’s just more targets, making it more valuable.

Microsoft Fixed Issues with January Patch Tuesday Updates

Microsoft fixed several issues surrounding its security releases for January’s Patch Tuesday. Some organizations that implemented those updates witnessed their domain controllers unexpectedly restart, wrote The Register. Others encountered problems with VPN connections on Windows versions from the 2015 LTSB edition to Windows 11,

Andrew Swoboda | Senior Security Researcher at Tripwire

Microsoft’s cumulative patches appear to have cause issues with multiple services. Issues ranged from crashing services to problems with VPNs. If only you could select patches and test individual portions of the update to ensure the reliability of the updates. Unfortunately, we are stuck with either no patch or a patched system. A patched system is essentially more secure, but in this case a cumulative can leave you with the feeling that the patch is not worth the hassle.

Unofficial Patch Released for ‘RemotePotato0″ Zero-Day Flaw

On January 13, Bleeping Computer reported that Microsoft had released an unofficial patch for the “RemotePotato0” zero-day bug. Security researchers first discovered the vulnerability, which enables attackers to elevate privileges to domain administrator, back in April 2021. The bug didn’t receive a CVE ID at that time after Microsoft said it wasn’t planning on fixing the issue.

Andrew Swoboda | Senior Security Researcher at Tripwire

An interesting new exploit for NTLM. This vulnerability requires attackers to have local administrator credentials or obtain them from a user that does. No official path for this vulnerability exists at this point because Microsoft decided to mark this issue as they won’t fix. Domain admins were told to either disable NTLM or block relay attacks using Active Directory Certificate Services (AD CS).

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.

Previous VERT Cybersecurity News Roundups