February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – KONNI APT Group
July 30, 2021Rewterz Threat Advisory –IBM Guardium Data Encryption Vulnerability
July 30, 2021Rewterz Threat Alert – KONNI APT Group
July 30, 2021Rewterz Threat Advisory –IBM Guardium Data Encryption Vulnerability
July 30, 2021
Severity
High
Analysis Summary
The following CVEs are being actively exploited in wild by threat actors. Immediate action is suggested.
CVE-2021-26855
A server-side request forgery (SSRF) vulnerability in Exchange Server
CVE-2021-26857:
An insecure deserialization vulnerability in the Unified Messaging service
CVE-2021-26858:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-27065:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-22893:
The Zero-day Pulse Connect Secure authentication bypass vulnerability allows an attacker to run an arbitrary code on the Pulse Connect Secure Gateway. A remote, unauthenticated attacker can send a specially crafted HTTP request to the victim to exploit the vulnerability and gain access to the target system.
CVE-2021-22894:
Pulse Connect Secure is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to connect to a maliciously-crafted meeting room, a remote authenticated attacker could overflow a buffer and execute arbitrary code with root privileges on the system.
CVE-2021-22899:
Pulse Connect Secure could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injectionflaw. By using Windows Resource Profiles Feature, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-22900:
Pulse Connect Secure could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the administrator web interface. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2021-27101:
Accellion File Transfer Appliance is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the document_root.html script using a specially crafted Host header, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-27102:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By using a local web service call, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-27103:
Accellion File Transfer Appliance is vulnerable to server-side request forgery. By sending a request with a specially-crafted POST request to wmProgressstat.html, an attacker could exploit this vulnerability to conduct an SSRF attack.
CVE-2021-27104:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By sending a specially crafted POST request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-21985:
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in the vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server
Impact
- Data Manipulation
- Remote Code Execution
- Data Breach
- Unauthorized Access
Affected Vendors
Microsoft
Pulse Secure
VMware
Acellion
Affected Products
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
- Pulse Connect Secure 9.1RX
- Pulse Connect Secure 9.0RX
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
- Pulse Secure Pulse Connect Secure 9.0R3
- Pulse Secure Pulse Connect Secure 9.0RX
- Pulse Secure Pulse Connect Secure 9.1RX
- Pulse Secure Pulse Connect Secure 9.1R1
- Accellion File Transfer Appliance 9_12_370
Remediation
Refer to CISA advisory from more update affected product and their respective patches