Request a Demo
Rewterz
Rewterz Threat Alert – Amadey Botnet – Active IOCs
December 2, 2021
Rewterz
Rewterz Threat Alert – Remcos RAT – Active IOCs
December 3, 2021

Rewterz Threat Advisory – New Vulnerabilities Added to the Exploited-in-the-wild Category

Severity

High

Analysis Summary

Following are the five vulnerabilities that are being actively exploited by threat actors. These exploits pose a great threat to organizations if not patched and mitigated. The Zoho vulnerabilities are being actively exploited by state sponsored threat groups (APTs). Cisco and cyber security agencies have warned against the exploitations of the Apache HTTP servers. Google also warned against the exploitation of the Qualcomm vulnerability as it is being used by threat actors for targeted and limited attacks. 

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the /RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2018-14847

Mikrotik RouterOS could allow a remote attacker to bypass security restrictions, caused by improper validation by the Session ID in Winbox. By sending a specially-crafted Session ID, an attacker could exploit this vulnerability to read arbitrary files on the system.

CVE-2021-40438

Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in mod_proxy. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to forward the request to an origin server chosen by the remote user.

CVE-2020-11261

Qualcomm multiple chipsets could allow a local attacker to gain elevated privileges on the system, caused by improper validation of input by the Graphics component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.

CVE-2021-37415

Zoho ManageEngine ServiceDesk Plus could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability to allow a few REST-API URLs without authentication.

Impact

  • Access Gain
  • Security Bypass
  • Privilege Escalation

Affected Vendors

  • Apache
  • Zoho
  • Qualcomm

Affected Products

  • Zoho ManageEngine ServiceDesk Plus 11305
  • Zoho ManageEngine ServiceDesk Plus MSP 10527
  • Zoho ManageEngine ServiceDesk Plus MSP 10529
  • Zoho ManageEngine SupportCenter Plus 11012
  • MikroTik RouterOS 6.29
  • MikroTik RouterOS 6.42
  • Apache HTTP Server 2.4.48 and older
  • Qualcomm kernel/msm 4.18 and older
  • Zoho ManageEngine ServiceDesk Plus 11301

Remediation

Upgrade to the latest version of Zoho ManageEngine ServiceDesk Plus, available at:

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013

Upgrade to the latest version of Mikrotik RouterOS, available from the mikrotik Web site.

https://mikrotik.com/

Upgrade to the latest version of Apache, available from the Apache Web site.

http://httpd.apache.org/security/vulnerabilities_24.html

Upgrade to the latest version of Qualcomm, available from the Qualcomm Web site.

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Upgrade to the latest version of Zoho ManageEngine ServiceDesk Plus, available from the Zoho Web site.

https://www.manageengine.com/products/service-desk/on-premises/readme.html