In July, Secunia research issued 674 advisories for 83 unique vendors in 361 products and 475 unique versions, while issued 97 rejection notice advisories. An increase of 34.5% advisories from the previous month.
A Zero-day vulnerability was reported in Cisco ASA firewall and FDA products.
Oracle overtook RedHat as a top vendor with most vulnerabilities.
The amount of browsers vulnerabilities and their relevant patches are Achilles’ heel of effective patch management.
A vulnerability is reported in the web service system that allows remote access to Cisco ASA (Adaptive Security Appliance) – a network firewall and Cisco’s Firepower Threat Defence. An attacker can send a specially crafted HTTP request that can traverse the servers’ file system and also establish an SSL VPN or AnyConnect VPN session to the devices by impersonating another user. A lack of proper input validation causes it. There are reports of a publicly available exploit being used in targeted attacks.
Cisco ASA 9.6 till 9.14 are affected. Secunia Research has issued SA96432, which has further details.
Key Points
Secunia Advisory criticalities are further explained at this link.
65% of vulnerabilities can be exploited from remote, which makes the remediation efforts even more critical.
A CVSS score is a metric that is used to measure the severity of a vulnerability. CVSS3 specifications and the criteria details can be found at this link.
CVSS ranges from 0 to 10. 0 being the lowest and 10 being the highest score; the advisories spread is as below:
An add-on by Software Vulnerability Research and Software Vulnerability Manager is Threat Intelligence. We give a score from 0 to 100 depending upon its severity, exploit availability, inclusion in penetration testing tools and the likelihood of being exploited. A detailed explanation of Threat Score calculation is available at this link.
The amount of reported vulnerabilities is on the rise. Linux/Unix based OS are most vulnerable. Browers patches are released from 3 to 6 times a month which makes patching effort quite tricky especially for Google Chrome and Mozilla Firefox. Zero days must be prioritized as a likelihood of an attack is very high.
A complete list of vulnerabilities affected versions, criticality, threat score, and relevant patch information are available in the Software Vulnerability Research and Software Vulnerability Manager solutions from Flexera.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.