Page 11 - AccumeView June
P. 11
Internal Threats
Good heavens, is it time to patch Cisco kit again? Prime Infrastructure root privileges hole plugged -
Among a bumper crop of 57 security issues Cisco divulged on Wednesday was a fix for a trio of vulns,
one critical, in networks management tool Prime Infrastructure. The latter potentially allows
unauthenticated miscreants to execute arbitrary code with root privileges on PI devices. "These
vulnerabilities exist because the software improperly validates user-supplied input," Switchzilla
continued. "An attacker could exploit these vulnerabilities by uploading a malicious file to the
administrative web interface. A successful exploit could allow the attacker to execute code with root-
level privileges on the underlying operating system.“ So far Cisco's PSIRT has said it is not aware of any
proof-of-concepts or active exploits in the wild, but that's no excuse not to get patching ASAP.
Source: https://www.theregister.co.uk/2019/05/17/cisco_prime_infrastructure_critical_vuln/
Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter - More security vulnerabilities
were publicly disclosed in the first quarter of this year than in any previous three-month period.
Troublingly, nearly four-in-10 (38.2%) of them currently have no known fixes, according to Risk Based
Security, which recently analyzed vulnerability data for the firts quarter of 2019 collected from its own
proprietary search engine and from various security vulnerability-reporting sites. The analysis showed a
total of 5,501 vulnerabilities were disclosed via coordinated and uncoordinated disclosures during the
first three months of this year. Nearly 38% of the vulnerabilities currently have publicly available exploits.
Source: https://www.darkreading.com/application-security/q1-2019-smashes-record-for-most-
reported-vulnerabilities-in-a-quarter/d/d-id/1334757
Open Source Vulnerabilities Increase in 2018 - Many organizations are still struggling to identify and
manage open source risk across their application portfolios, according to the Open Source Security &
Risk Analysis (OSSRA) report. The report says, "while the number of vulnerabilities in open source is
small compared to proprietary software, over 7,000 open source vulnerabilities were discovered in 2018
alone. Over 50,000 have emerged over the past two decades."
Source: https://www.securitymagazine.com/articles/90175-open-source-vulnerabilities-increase-
in-2018
Bug-hunter reveals another 'make me admin' Windows 10 zero-day – and vows: 'There's more where
that came from‘ - Updated A bug-hunter who previously disclosed Windows security flaws has publicly
revealed another zero-day vulnerability in Microsoft's latest operating systems. The discovered hole can
be exploited by malware and rogue logged-in users to gain system-level privileges on Windows 10 and
recent Server releases, allowing them to gain full control of the machine. No patch exists for this bug,
details and exploit code for which were shared online on Tuesday for anyone to use and abuse.
Source: https://www.theregister.co.uk/2019/05/22/windows_zero_day/
www.accumepartners.com
11