« 米国GAOのブログでDeepfakeが取り上げられていますね。。。 | Main | NISTが測位・航法・計時(PNT)に関連するサービスに関連したセキュリティプロファイルに関する文書(NISTIR 8323)のパブコメを募集していますね。 »

2020.10.23

中国政府支援攻撃者が利用する25の脆弱性 by 米国 国家安全保障局 中央保安部

こんにちは、丸山満彦です。

米国 国家安全保障局 中央保安部 (National Security Agency Central Security Service (NSA|CSS))が中国政府支援攻撃者が利用する25の脆弱性を公表し、注意を呼びかけていますね。。。

NSA|CSS Cybersecurity Advisories & Technical Guidance

・2020.10.20 (news) NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs

・2020.10.20 [PDF] Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities 

・[PDF]  infographic  (printable version)

CVE Number Vulnerability Description Affects
CVE-2019-11510 In Pulse Secure VPNs,® 7 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This may lead to exposure of keys or passwords. Pulse Connect Secure® (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4.
CVE-2020-5902 In F5 BIG-IP® 8 proxy / load balancer devices, the Traffic Management User Interface (TMUI) - also referred to as the Configuration utility - has a Remote Code Execution (RCE) vulnerability in undisclosed pages. F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1.
CVE-2019-19781 An issue was discovered in Citrix® 9 Application Delivery Controller (ADC) and Gateway. They allow directory traversal, which can lead to remote code execution without credentials.y Citrix ADC and Gateway versions before 13.0.47.24, 12.1.55.18, 12.0.63.13, 11.1.63.15 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b.

CVE-2020-8193

CVE-2020-8195

CVE-2020-8196

Improper access control and input validation, in Citrix® ADC and Citrix® Gateway and Citrix® SDWAN WAN-OP, allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users. Citrix ADC and Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18, ADC FIPS versions before 12.1-55.179 and SD-WAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7. 
CVE-2019-0708 A remote code execution vulnerability exists within Remote Desktop Services®10 when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. Microsoft Windows® XP - 7, Microsoft Windows Server® 2003 - 2008.
CVE-2020-15505 A remote code execution vulnerability in the MobileIron® mobile device management (MDM) software that allows remote attackers to execute arbitrary code via unspecified vectors. MobileIron® Core and Connector versions 10.6 and earlier, and Sentry versions 9.8 and earlier.
CVE-2020-1350 A remote code execution vulnerability exists in Windows® Domain Name System servers when they fail to properly handle requests. Microsoft Windows Server® 2008 - 2019
CVE-2020-1472 An elevation of privilege vulnerability exists when an
attacker establishes a vulnerable Netlogon secure
channel connection to a domain controller, using the
Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon
Elevation of Privilege Vulnerability'.
Microsoft Windows Server® 2008 - 2019
CVE-2019-1040 A tampering vulnerability exists in Microsoft Windows® when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. Microsoft Windows® 7 - 10, Microsoft Windows Server® 2008 - 2019.
CVE-2018-6789 Sending a handcrafted message to Exim mail transfer agent may cause a buffer overflow. This can be used to execute code remotely. Exim before 4.90.1. 
CVE-2020-0688 A Microsoft Exchange® validation key remote code execution vulnerability exists when the software fails to properly handle objects in memory. Microsoft Exchange Server® 2010 Service Pack 3 Update Rollup 29 and earlier, 2013 Cumulative Update 22 and earlier, 2016 Cumulative Update 13 and earlier and 2019 Cumulative Update 2 and earlier. 
CVE-2018-4939 Certain Adobe ColdFusion® versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe ColdFusion (2016 release) Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions. 
CVE-2015-4852 The WLS Security component in Oracle WebLogic® Server allows remote attackers to execute arbitrary commands via a crafted serialized Java® object. Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0.
CVE-2020-2555 A vulnerability exists in the Oracle® Coherence product of Oracle Fusion® Middleware. This easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle® Coherence.  Oracle Coherence 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. 
CVE-2019-3396 The Widget Connector macro in Atlassian Confluence® Server allows remote attackers to achieve path traversal and remote code execution on a Confluence® Server or Data Center instance via server-side template injection. Atlassian Confluence before 6.6.12, 6.7.0 to before 6.12.3, 6.13.0 to before 6.13.3, and 6.14.0 to before 6.14.2.
CVE-2019-11580 Attackers who can send requests to an Atlassian® Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution.  Atlassian Crowd from 2.1.0 to before 3.0.5, 3.1.0 to before 3.1.6, 3.2.0 to before 3.2.8, 3.3.0 to before 3.3.5, and 3.4.0 to before 3.4.4
CVE-2020-10189 Zoho ManageEngine® Desktop Central allows remote code execution because of deserialization of untrusted data. Zoho ManageEngine Desktop Central before 10.0.479.
CVE-2019-18935 Progress Telerik® UI for ASP.NET AJAX contains a .NET deserialization vulnerability. Exploitation can result in remote code execution. Progress Telerik UI for ASP.NET AJAX through 2019.3.1023. 
CVE-2020-0601 A spoofing vulnerability exists in the way Windows® CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear that the file was from a trusted, legitimate source. Microsoft Windows® 10, Server® 2016 - 2019.
CVE-2019-0803 An elevation of privilege vulnerability exists in Windows® when the Win32k component fails to properly handle objects in memory Microsoft Windows® 7 - 10, Microsoft Windows Server® 2008 - 2019
CVE-2017-6327 The Symantec® Messaging Gateway can encounter a remote code execution issue. Symantec Messaging Gateway before 10.6.3-267
CVE-2020-3118 A vulnerability in the Cisco® Discovery Protocol implementation for Cisco IOS® XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. Cisco IOS XR 5.2.5, 6.5.2, 6.5.3, 6.6.25, 7.0.1.
CVE-2020-8515 DrayTek Vigor® devices allow remote code execution as root (without authentication) via shell metacharacters.  Cisco IOS XR 5.2.5, 6.5.2, 6.5.3, 6.6.25, 7.0.1.


 

■ 参考(報道等)

xakep.ru
・2020.10.23 АНБ опубликовало список уязвимостей, наиболее популярных у китайских хакеровNSAは、中国のハッカーの間で最も人気のある脆弱性のリストを公開しています

Security Week
・2020.10.21 NSA Lists 25 Vulnerabilities Currently Targeted by Chinese State-Sponsored Hackers by Ionut Arghire

The U.S. National Security Agency this week released an advisory containing information on 25 vulnerabilities that are being actively exploited or targeted by Chinese state-sponsored threat actors.

Breaking Defense
・2020.10.22 NSA Warns Companies China Is Exploiting 25 Unpatched Vulnerabilities b

The NSA cannot mandate patching on its own, but the new Cybersecurity Maturity Model Certification (CMMC) allows the Pentagon to penalize companies in its supply chain that fail to adequately protect their networks.

PSBE CYBER NEWS GROUP
・2020.10.22 US NSA Says – ‘Patch 25 Vulnerabilities To Deter Chinese Hackers!’ by

In hope that enterprises patch them, the US NSA shared a list of 25 vulnerabilities currently being targeted by Chinese hackers.

The US Govt. has long warned about cyber threats emanating from China. Now, the National Security Agency (NSA) is outlining specific vulnerabilities its observed Chinese state-sponsored actors are using.

 

 

|

« 米国GAOのブログでDeepfakeが取り上げられていますね。。。 | Main | NISTが測位・航法・計時(PNT)に関連するサービスに関連したセキュリティプロファイルに関する文書(NISTIR 8323)のパブコメを募集していますね。 »

Comments

Post a comment



(Not displayed with comment.)




« 米国GAOのブログでDeepfakeが取り上げられていますね。。。 | Main | NISTが測位・航法・計時(PNT)に関連するサービスに関連したセキュリティプロファイルに関する文書(NISTIR 8323)のパブコメを募集していますね。 »