A recent security advisory, issued by Zyxel, warns administrators of multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. The main flaws in the announcement are:
- CVE-2022-0734: Medium severity (CVSS v3.1 – 5.8) cross-site scripting vulnerability in the CGI component, allowing attackers to use a data-stealing script to snatch cookies and session tokens stored in the user’s browser.
- CVE-2022-26531: Medium severity (CVSS v3.1 – 6.1) improper validation flaw in some CLI commands, allowing a local authenticated attacker to cause a buffer overflow or system crash.
- CVE-2022-26532: High severity (CVSS v3.1 – 7.8) command injection flaw in some CLI commands, allowing a local authenticated attacker to execute arbitrary OS commands.
- CVE-2022-0910: Medium severity (CVSS v3.1 – 6.5) authentication bypass vulnerability in the CGI component, allowing an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.
Looking at these vulnerabilities more closely for Digital Journal is Alastair Williams, Vice President of Worldwide Systems Engineering at Skybox.
Williams assesses the newly identified weaknesses, noting: “The fact that these vulnerabilities do not carry a critical rating does not mean organizations shouldn’t be quick to patch.”
He further cautions: “If organizations are relying on conventional approaches to vulnerability management, they may only move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System.”
The Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
This is a concern because: “Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.”
Williams clarifies to businesses that: “It is especially important to heed this new warning as we approach a holiday weekend. In the last year, we have seen a trend of bad actors taking advantage of holiday weekends in the U.S. to target organizations.”
Drawing on recent history, Williams finds: “We saw this happen with the Colonial Pipeline ransomware attack over Mother’s Day weekend [U.S. date], the attack on JBS over Memorial Day weekend, and the ransomware attack against Kaseya during the July 4th holiday [a U.S. national event].”
Williams turns his attention to practical advice, proposing: “To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape.”
He adds that: “Organizations should prioritize based on exposure-based risk scores, and close with prescriptive remediation options.”
In essence, Williams’ message is: “It’s essential for organizations to increase the maturity of their vulnerability management programs to ensure they can quickly discover if they are impacted by vulnerabilities and how urgent it is to remediate.”