23.06.2022

Main / THE MOST CRITICAL VULNERABILITIES IN KAZNET SINCE THE BEGINNING OF 2022

THE MOST CRITICAL VULNERABILITIES IN KAZNET SINCE THE BEGINNING OF 2022

The KZ-CERT Computer Incident Response Team (KZ-CERT Service), as part of the analysis of current threats to information security in the Kazakh segment of the Internet, has discovered more than 1,000 IP addresses potentially exposed to vulnerabilities of various levels of criticality since the beginning of this year.

In December last year, the National Institute of Standards and Technology (NIST) published a study in which it reported a record number of vulnerabilities in various software, noting that for the fifth year in a row this figure has reached its maximum value.

Cybersecurity issues are becoming a daily threat, including for business. “Almost half of all cyberattacks are aimed at small businesses,” Cybint Solutions says in its report.

Companies that face information security violations need to allocate funds to fix various vulnerabilities, investigate incidents that have occurred, as well as to increase both the awareness of employees in cybersecurity issues and their qualifications.

While companies are spending money on security, attackers continue to “hone their skills” by preparing exploits to exploit this vulnerability. Companies are advised to pay more attention to reducing the time spent on fixing vulnerabilities, find effective flexible and adapted security tools and act faster than attackers trying to break into the system.

Specialists of the KZ-CERT have discovered a number of vulnerabilities in the Kazakh segment of the Internet, the exploitation of which can negatively affect the security and reputation of Kazakhstani companies.

Of these, the most critical vulnerabilities are:

CVE-2022-22536 – CVSS criticality score 10 out of 10. The vulnerability affects SAP products using Internet Communication Manager. Successful exploitation of the vulnerability allows attackers to target SAP users, business information and processes, steal credentials, initiate a denial of service, remotely execute code and, ultimately, completely compromise any uncorrected SAP applications. The SAP system is a software with which you can automate the professional activities of representatives of different specializations. Such applications are “sharpened” for a specific industry and significantly simplify work in it and communication with other structural units.
CVE-2022-21971 – CVSS criticality score is 7.8 out of 10 (critical). The vulnerability affects the Runtime component in Microsoft products. The vulnerability allows you to execute arbitrary code, and as a result of exploiting the vulnerability, full disclosure of information is possible, as a result of which all system files are disclosed, which leads to compromise of the entire system.
CVE-2021-44142 – The CVSS criticality score is 9.9 out of 10 (critical). The affected product is Samba. Samba is a package of programs that allow accessing network drives and printers on various operating systems using the SMB/CIFS protocol. Exploiting the vulnerability may allow a remote attacker to execute arbitrary code on behalf of the administrator. Samba can act as a domain controller and an Active Directory service compatible with the Windows 2000 implementation, and is capable of servicing all Microsoft-supported versions of Windows clients.
CVE-2021-42321 – The CVSS criticality score is 9.9 out of 10 (critical). The vulnerability allows an authenticated attacker to remotely execute code on Microsoft Exchange servers. Microsoft Exchange Server is a software product for messaging and collaboration. The main functions of Microsoft Exchange: processing and forwarding of mail messages, shared access to calendars and tasks, support for mobile devices and web access, support for instant messaging systems. As a result of exploiting the vulnerability, an attacker can intercept control of the system or its individual components, as well as steal confidential user data.
CVE-2021-35395 – The CVSS criticality score is 9.8 out of 10 (critical). According to the researchers, this vulnerability affects about a million devices with Realtek SDK chipsets, including routers for travel, Wi-Fi repeaters, IP cameras for lightning gateways, smart devices and others. The vulnerability allows attackers to completely compromise devices and gain control over them. CVE-2021-35395 also affects the web interface, which is part of the SDK (software development kit).
CVE-2021-32648 – CVSS criticality score 9.1 out of 10 (critical). Vulnerability of CVE-2021-32648 CMS system “October” is associated with a lack of a password recovery mechanism. Exploiting the vulnerability may allow an intruder acting remotely to gain access to an arbitrary account using a specially created request. October is an open source site content management system (CMS) written in PHP, based on components of the Laravel web application framework.
CVE-2019-12815 – The CVSS criticality score is 9.8 out of 10 (critical). Vulnerability of arbitrary copying of files to mod_copy in ProFTPD prior to version 1.3.5b. ProFTPd is an open source cross—platform FTP server that supports most UNIX-like systems and Microsoft Windows. All versions of ProFTPd up to and including 1.3.6. The bug allows an authenticated user (including an anonymous one) to copy files, even if he does not have write permission.
CVE-2017-12542 – CVSS criticality score 10 out of 10 (critical). Vulnerability of authentication bypass and code execution in HPE Integrated Lights-out 4 (iLO 4) versions up to 2.53. The HP integrated Lights Out (iLO) platform is a complex of integrated technologies that allow remote management of servers, which greatly facilitates the operation of the IT infrastructure. The vulnerability in HP iLo can be exploited remotely. The bug allows you to bypass authentication and gain access to the HP iLO console, which subsequently allows you to extract passwords in plain text format, execute malicious code and even replace the iLO firmware.

The KZ-CERT service carried out work to inform organizations and telecom operators with a request to assist in notifying the owners of IP addresses with recommendations for eliminating information security vulnerabilities.

It is important to note that the implementation and compliance with a set of organizational and technical measures to ensure information security in companies helps to minimize the risks of various information security incidents. We hope that the information published in the material will help Kazakhstani users to protect themselves and their companies from cyber attacks.

If you encounter an information security incident, please inform our specialists by toll-free number 1400 (around the clock) or send a request to the Telegram chat: https://t.me/kzcert .

Similar news