Vulnerability 1: ManageEngine ADSelfService Plus CSV Injection Vulnerability (9.3 Critical)
Description: A CSV injection vulnerability lies within ManageEngine AD Self Service Plus system. A CSV injection attack involves an attacker exploiting improper validation techniques used by websites and web applications and by doing this they can execute applications and code. These types of attacks can be exploited by unauthenticated users, granting them access to key systems.
Likelihood: High – This vulnerability could enable an attacker to generate a ‘reverse shell’ which would mean that they would be able to gain access to systems from a completely different location. Furthermore, the ability to be unauthenticated makes it easier for an attacker to exploit this vulnerability.
Recommendation: No solution has yet been identified for this vulnerability, but it would be advised to not use the ManageEngine AD Self Service Plus solution, until a solution is found. Also, ensure to update from 6.100 to 6.111 immediately.
Vulnerability 2: Fortinet FortiWeb OS Command Injection (8.0 High)
Description: The Fortinet FortiWeb OS has a command injection vulnerability. A command injection attack is where an attacker compromises an OS through the use of arbitrary command execution on the via a vulnerable application. So, in Fortinet’s case the attacker can leverage the FortiWeb application to infiltrate and compromise your system. The impact is that an attacker would be able to take complete control of an affected device, with the highest possible privileges.
Likelihood: High – Due to the nature of the vulnerability, an attacker would just have to take control over the application itself, this is possible through Social Engineering and MiTM attacks.
Recommendation: A patch for this vulnerability has not yet been developed, as a result, it is recommended that the FortiWeb device management interface be disabled for untrusted networks and shouldn’t be exposed in any way to the internet.
Vulnerability 3: Citrix ADC & Gateway Session Fixation (5.8 Medium)
Description: A session fixation vulnerability in Citrix ADC & Gateway devices. A session fixation attack enables attackers the ability to ‘hijack’ a valid user session. This is a common vulnerability in web applications and the implications of this is that attackers will be able to take control of high value users with higher privileges to conduct further probing of the site or even delete, change or add users, in a legitimate manner. In this instance, it would enable an attacker the ability to modify and control Citrix infrastructure.
Likelihood: High – The reward for exploiting such a vulnerability is high as the attackers will be able to have full control, if they target the user well, over Citrix systems.
Recommendation: It is recommended that Citrix ADC & Citrix Gateway versions be updated to that latest to ensure that security holes are patched. Brace168 also provides a SIEM/SOAR solution which will enable us to ingest your Citrix logs so that they can be monitored 24/7.