The US National Security Agency (NSA) has published a new cybersecurity advisory (opens in new tab) in which it details 25 of the most dangerous vulnerabilities actively being exploited in the wild by Chinese state-sponsored hackers and other cybercriminals.
Unlike zero-day vulnerabilities (opens in new tab)where hardware and software makers have yet to release a patch, all of the vulnerabilities in the NSA's advisory are well-known and patches have been made available to download from their vendors. However, the problem lies in the fact that organizations have yet to patch their systems, leaving them vulnerable to potential exploits and attacks.
The NSA provided further details on the nature of the vulnerabilities in its advisory while urging organizations to patch them immediately, saying:
- We've put together a list of the best antivirus (opens in new tab) software around
- Keep your applications up to date with the best patch management software (opens in new tab)
- Also check out our roundup of the best secure router (opens in new tab)
“Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and should be prioritized for immediate patching.”
Publicly known vulnerabilities
In its cybersecurity advisory, the NSA provides detailed information on each of the 25 vulnerabilities as well guidance on how to mitigate them. In the interest of time, we'll just be looking at a few of the most severe vulnerabilities but the full list can be found here (opens in new tab).
The first bug in the list, tracked as CVE-2019-11510 (opens in new tab), relates to Pulse Secure VPN (opens in new tab) servers and how an unauthenticated remote attacker can expose keys or passwords by sending a specially crafted URI to perform an arbitrary file reading vulnerability.
Another notable bug from the list, tracked as CVE-2020-5902 (opens in new tab), affects the Traffic Management User Interface (TMUI) of F5 BIG-IP proxies and load balancers and it is vulnerable to a Remote Code Execution (RCE) vulnerability that if exploited, could allow a remote attacker to take over an entire BIG-IP device.
The Citrix Application Delivery Controller (ADC) and Gateway systems are vulnerable to a directory traversal bug, tracked as CVE-2019-19781 (opens in new tab), that can lead to remote code execution where an attacker does not need to possess valid credentials for the device.
To avoid falling victim to any potential attacks exploiting these vulnerabilities, the NSA recommends that organizations keep their systems and products updated and patched as soon as possible after vendors release them.
- We've also highlighted the best endpoint protection (opens in new tab) software
Via ZDNet (opens in new tab)