The Hacker News - Cybersecurity News and Analysis: Vulnerability

Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday  added  two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. Tracked as  CVE-2022-30525 , the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. Source: Shadowserver Merely a day later, the Shadowserver Foundation  said  it began detecting exploitation attempts,

SonicWall has published an  advisory  warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282  (CVSS score: 8.2) - Unauthenticated Access Control Bypass CVE-2022-1702  (CVSS score: 6.1) - URL redirection to an untrusted site (open redirection) CVE-2022-1701  (CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key Successful exploitation of the aforementioned bugs could allow an attacker to unauthorized access to internal resources and even redirect potential victims to malicious websites. Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities. SonicWall noted that the flaws do not affect SMA 1000 series running versions earlier than 12.4.0, SM

Google on Thursday  announced  the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out  Open Source Insights  as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers can understand how their software is put together and the consequences to changes in their dependencies," the company said. The development comes as security and trust in the open source software ecosystem has been increasingly thrown into question in the aftermath of a  string  of  supply chain   attacks  designed to compromise developer workflows. In December 2021, a critical flaw in the ubiquitous open source  Log4j logging library  left several companies scrambling to patch their systems against potential abuse. The announcement also comes less than

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company  said  in an advisory published Thursday. Cybersecurity firm Rapid7, which  discovered  and reported the flaw on April 13, 2022, said that the weakness could permit a remote unauthenticated adversary to execute code as the "nobody" user on impacted appliances. Tracked as  CVE-2022-30525  (CVSS score: 9.8), the flaw impacts the following products, with patches released in version ZLD V5.30 - USG FLEX 100(W), 200, 500, 700 USG FLEX 50(W) / USG20(W)-VPN ATP series, and  VPN series Rapid 7 noted that there are at least 16,213 vulnerable Zyxel devices exposed to the internet, making it a

Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked  CVE-2022-1388  (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system. This could range anywhere from deploying cryptocurrency miners to dropping web shells for follow-on attacks, such as information theft and ransomware. "We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP," cybersecurity company Positive Technologies  said  in a tweet on Friday. "Patch ASAP!" The critical security vulnerability impacts the following versions of BIG-IP products - 16.1.0 - 16.1.2 15.1.0 - 15.1.5 14.1.0 - 14.1.4 13.1.0 - 13.1.4 12.1.0 - 12.1.6 11.6.1 - 11.6.5 Fixe