It has come to our attention that there are security risks that could affect some customers. They involve:
- Cisco Routers
- Microsoft Exchange.
CISCO
Cisco have released a High security advisory in relation to their routers. CVE-2019- 1652 and CVE-2019-1653 which have been given an average base and temporal score of 7.2 and 7.5 respectively.
What is the vulnerability?
The vulnerability, CVE-2019-16521 could allow an authenticated, remote attacker with administrative privileges on an affected device to arbitrary commands. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious HTTP POST request to the web-based management interface of an affected device.
The vulnerability, CVE-2019-16532 could allow an unauthenticated, remote attacker to retrieve information. The vulnerability is due to improper access controls for URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
Vulnerable Products
Cisco Small Business RV320 Dual Gigabit WAN VPN Routers
Cisco Small Business RV325 Dual Gigabit WAN VPN Routers
How do I Remediate?
These issues are addressed in Routers Firmware Releases 1.4.2.19 and later.
Microsoft Exchange
A proof of concept has been produced which illustrates a vulnerability to a privilege escalation attack that allows any user with a mailbox to become a Domain Admin.
What is the Vulnerability?
Due to the fact that Exchange has high privileges by default in the Active Directory domain, theExchange Windows Permissions group has WriteDacl access on the Domain object om Active Directory, which enables any member of this group to modify the domain privileges. This allows an attacker to synchronize the hashed passwords of the Active Directory users through the Domain Controller operation, which then would allow an attacker to impersonate users and authenticate to any service using NTLM or Kerberos authentication within that domain.
Vulnerable Products
Exchange 2013(CU21) on Windows Server 2012 R2 relayed to Windows Server 2016 DC
Exchange 2016 (CU11) on Windows Server 2016 and relayed to a Server 2019 DC
How Do I Remediate?
Microsoft have not released a patch for this at this stage. The have released a statement saying “Microsoft has a strong commitment to security and a demonstrated track record of investigating and proactively updating impacted devices as soon as possible, Our standard policy is to release security updates on Update Tuesday, the second Tuesday of each month.”3
How Can Ward Help?
For Managed Service customers, the Ward Support team will be reviewing individual environments and making recommendations on appropriate patching for all supported devices.
For all other customers, if you would like additional information or would like support in assessing and protecting your environment, please contact support@ward.ie or your account manager, as appropriate.
Further reading: