Skip to content

CISAnalysis – September 23, 2022

And that’s a wrap for another week in cybersec! Phew! How did we make it through this one….first the Uber hack, then the Rockstar Games hack and now two vulns added to the ‘log amidst all the Mudge/Musk drama at Twitter! Another popcorn here! 🍿

Zoho RCE

First up is a remote code execution vulnerability in ManageEnginePAM360, Password Manager Pro, and Access Manager Plus. An attacker can obtain system level privileges with a successful exploit. You know what that means? Dun, dun, dunnnnnn 💀

As we know from last week’s additions, this vulnerability poses a significant amount of risk, given the nature of the resources available to system users. The vulnerability is currently being exploited in the wild and there is PoC publicly available. Zoho is one of the largest technology companies in the world with over 80 million users, so security engineers should not throw caution to the wind if they have products with the affected versions. The fix was released back in June, so it’s likely this has already been exploited. As is typical, the recommended action forward is to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus stat.

Sophos code injection

The other vuln is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall. Although this is basic perimeter defense, the fact that remote code execution is possible means you can Frankenstein the situation from afar. Who wouldn’t want to execute random scripts from the comfort of their basement? Hotfixes have been published for version v19.0 MR1 and older. If you’re not rocking those, make sure you are not exposed to the WAN and get that VPN up and running before sunset.

#cisa #cisanalysis #zoho #sophos #rce #vulnerabilities

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.