News from the Wire

Positive Technologies helps Cisco fix vulnerabilities

Friday, June 18, 2021 — 17:33:42 (EDT)

June 18, 2021 -- Positive Technologies researchers Nikita Abramov and Mikhail Klyuchnikov have discovered three vulnerabilities in Cisco HyperFlex HX, a hyperconverged platform for building IT infrastructure from scratch that in 2019 was named the leader in the Gartner Magic Quadrant for Hyperconverged Infrastructure. Cisco has thanked the researchers in the two security advisories it published.

Nikita Abramov said: “These vulnerabilities can negatively affect the internal infrastructure of an enterprise, leading to disruption of its operation. Hyperconverged systems are basically out-of-the-box data centers, combining storage systems, servers, network functions, and software into one module. By exploiting the flaws, attackers can access an organization’s entire infrastructure management system and affect its performance, delete important files, disrupt business processes, and erase backup systems with critical data—scenarios are limited only by the attacker's imagination.”

In order to successfully exploit the vulnerabilities, an attacker only needs to gain access to the web interface of the device and send a specific request. Special rights, permissions, or authentication are not required. It’s difficult to estimate the number of vulnerable devices, since this type of equipment is most often located on an organization’s internal network. From a technical point of view, these are logic bugs; they often occur due to inattentiveness of the developer and insufficient testing of the code at the development stage.

Cisco has patched all three: CVE-2021-1497 (CVSS v3.1 score 9.8, discovered by Nikita Abramov), CVE-2021-1498 (scored 7.3, discovered by Mikhail Klyuchnikov), and CVE-2021-1499 (rated 5.3, discovered by Abramov and Klyuchnikov). The first two vulnerabilities are more dangerous, since their exploitation would allow attackers to execute arbitrary commands in the device’s operating system with maximum privileges (root user) and web server rights (Tomcat 8), respectively. The third vulnerability would allow criminals to upload arbitrary files without authorization with limited write access, and is not as dangerous in comparison to the others.

To eliminate the vulnerabilities, organizations should follow the recommendations specified in Cisco's official notices (1, 2). Deep Network Traffic Analysis (NTA/NDR) systems, in particular PT Network Attack Discovery, will allow enterprises to detect attempts to exploit vulnerabilities in Cisco's firewall. In the case of a successful attack, one of the ways to detect signs of penetration is to use SIEM solutions (for example, MaxPatrol SIEM), which help identify suspicious behavior on the server, register an incident, and prevent the intruders from moving laterally within the corporate network in a timely manner.

About Positive Technologies

For 19 years, Positive Technologies has been creating innovative solutions for information security. We develop products and services to detect, verify, and neutralize the real-world business risks associated with corporate IT infrastructure. Our technologies are backed by years of research experience and the expertise of world-class cybersecurity experts. Over 2,000 companies in 30 countries trust us to keep them safe. Follow us on social media (LinkedIn, Twitter) and the News section at ptsecurity.com.

CONTACT:

Paula Dunne CONTOS DUNNE COMMUNICATIONS +1-408-893-8750 (m) +1-408-776-1400 (o) paula@contosdunne.com

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information: bankcardlife.com?orid=33533&opid=1 .

Source: Company press release.