CISA comes with a warning of Chinese state sponsered hackers targetting some age old bugs from various security devices and servers.
Crisp details of those bugs given below
CVE-2020-0688: This bug exists in Exchange Control Panel (ECP) component of Microsoft Exchange Server and could enable an attacker to perform remote code execution on the server with SYSTEM privileges.
Microsoft patched the bug in February, but less than 15 per cent of vulnerable systems had either been patched or remediated after one month, according to security researchers from Kenna Security. The researchers also found that the bulk of installs were 2016 versions, with some 74 per cent found to be ‘vulnerable’ and 26 per cent ‘potentially vulnerable’.
CVE-2019-19781: This flaw impacts Citrix Gateway (formerly NetScaler Gateway) and Citrix Application Delivery Controller (formerly NetScaler ADC) servers and could allow remote unauthenticated attackers to run commands to gain access to a network. In January, researchers at Positive Technologies warned that the flaw could put more than 80,000 organisations at risk.
CVE-2020-5902: This vulnerability in F5 Network’s Big-IP Traffic Management User Interface (TMUI) allows remote cyber threat actors to run arbitrary system commands, disable services, create or delete files, and execute Java code, without authentication.
To exploit the vulnerability, an attacker would need to send a specially crafted HTTP request to the server hosting the TMUI utility for BIG-IP configuration. As of July, nearly 8,000 users of BIG-IP family of networking devices had not applied the patch to secure their systems against the critical flaw.
CVE-2019-11510: This bug in Pulse Secure VPN appliances lets a remote, unauthenticated attacker to send a specially crafted URIs to establish a connection with vulnerable servers and read files containing user credentials. The attacker can use the information to take full control of an organisation’s systems.
In February, security researchers revealed that nearly 2500 Pulse Secure VPN servers worldwide were still vulnerable to CVE-2019-11510, more than six months after the security flaw was first publicised.
“If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network,” .