The United States NSA or National Security Agency has recently published a detailed in-depth report listing down the top 25 vulnerabilities they know that are currently being targeted, scanned, and even exploited by some state-sponsored Chinese hacking groups.
All of the 25 security bugs are very well known and also include patches that are available from their own vendors and are ready to be installed. These known exploits for the multiple vulnerabilities appear to be publicly available. Some have even been exploited not just by the Chinese hackers, but have fallen into the ransomware of different low-level malware groups, ransomware gangs, and even nation-state actors that come from other countries like Russia or Iran.
It was revealed in an article by ZDnet that the United States NSA urges the US public as well as the private sector to patch the following systems for the vulnerabilities that are listed below:
25 Security Bug Vulnerabilites:
1) CVE-2019-11510 - Sending a specially crafted URI can expose keys or even passwords.
2) CVE-2020-5902 - Vulnerable to Remote Code execution or RCE giving hackers the ability to take over the BIG-IP device.
3) CVE-2019-19781 - Vulnerable to a directory traversal bug. This can lead to remote code execution even without having the valid credentials.
4+5+6) CVE-2020-8193, CVE-2020-8195, CVE-2020-8196 - This is another set of the Citrix ADC as well as Gateway bugs. They impact SDWAN WAN-OP systems at the same time. The three bugs will also allow authenticated access even to certain different URL endpoints as well as information disclosure to certain low-privileged users.
7) CVE-2019-0708 (aka BlueKeep) - This remote code execution vulnerability is present within the Remote Desktop Services on the Windows OS.
8) CVE-2020-15505 - This vulnerability allows remote attackers to be able to execute arbitrary code resulting in over run of remote company servers.
9) CVE-2020-1350 (aka SIGRed) - This vulnerability can be exposed when the Windows Domain Name System servers fail to handle requests properly.
10) CVE-2020-1472 (aka Netlogon) - This is an elevation of the privilege vulnerability that happens when the attacker establishes a sort of vulnerable Netlogon secure channel connection towards the domain controller.
11) CVE-2019-1040 - This vulnerability happens in Microsoft Windows when an attacker bypasses the NTLM MIC.
12) CVE-2018-6789 - Handcrafted messages are sent to an Exim mail transfer agent that can execute code remotely as well as over run email servers.
13) CVE-2020-0688 - This vulnerability happens when Microsoft Exchange software fails to handle objects in memory properly.
14) CVE-2018-4939 - The exploitation of Adobe ColdFusion could result in arbitrary code execution.
15) CVE-2015-4852 - Allows remote attackers to execute arbitrary commands by using crafted serialized Java objects.
16) CVE-2020-2555 - Allows unauthenticated attacks access via T3 to compromise the Oracle coherence systems.
17) CVE-2019-3396 - Allows attackers to remotely execute codes on the Confluence Server or even the Data Center instance.
18) CVE-2019-11580 - Attackers can exploit this particular vulnerability and install arbitrary plugins.
19) CVE-2020-10189 - Allows remote code execution due to deserialization of the untrusted data.
20) CVE-2019-18935 - Exploitation can lead to remote code execution.
21) CVE-2020-0601 (aka CurveBall) - Allows attackers to exploit the vulnerability just by using spoofed code-signing certificates.
22) CVE-2019-0803 - This vulnerability happens when Win32k components fail to handle objects properly in memory.
23) CVE-2017-6327 - The known Symantec Messaging Gateway can hit an issue in remote code execution.
24) CVE-2020-3118 - Attackers can execute arbitrary code by using Cisco Discovery Protocol vulnerability.
25) CVE-2020-8515 - Attackers can execute remote code as root through shell metacharacters.
Related Article: Google: Chinese Government-Linked Hackers Use McAfee to Install Malware to Victims' Devices
This article is owned by Tech Times
Written by Urian Buenconsejo