Oct 7: CSW Patch Watch & Security Updates

 

In our Oct 7 edition of Patch Watch, we have 13 vendors (Apple, CISCO, IBM, RedHat, Dell, Android and others) who released 93 patches, hotfixes and security updates. A few interesting callouts would be 13 weaponized vulnerabilities with known exploits and 11 old vulnerabilities (2015 – 2019) that are getting patches released only now (two vulnerabilities ranked critical and one of them has a known exploit).

Read on to know what you need to patch first and why…

  1. We have 93 vulnerabilities in focus for this week –
    1. 14 Hotfixes
    2. 7 Patches
    3. 72 updates 
  2. Among the 93 vulnerabilities we found –
    1. 79 vulnerabilities are yet to be weaponized.
    2. 13 vulnerabilities have known exploits and are weaponized.
  3. We analyzed the 13 weaponized vulnerabilities and here are our findings
    1. 8 CVEs are associated with Remote Code Execution (RCE).

    2. CVE-2020-8166 has Cross-Site Request Forgery (CSRF) with medium severity that forces an end user to carry out unwanted actions on a web application given the CVSS score of 4.3.

    3. 3 CVEs were associated with Denial of Service (DoS) rendering online service unavailable for its intended users.

      1. CVE-2020-4414 (Medium Severity & CVSS Score 5.1)

      2. CVE-2020-25220 (High Severity & CVSS Score 7.8)

      3. CVE-2020-14364 (Medium Severity & CVSS Score 5.3) – this issue has affected both Huawei and RedHat Products.

    4. CVE-2020-5980 has Privilege Execution (PE) Capabilities with a CVSS score of 7.8, which may target systems or applications by allowing them to override the limitations of the current user account.

You can download patches for 13 weaponized vulnerabilities here –


Table 1: Patch Weaponized Vulnerabilities

  1. We also found 11 Old Vulnerabilities (out of 93) and these are our findings –
    1. Old vulnerabilities from the year 2015 to 2019 have been fixed this week.
    2. 2 vulnerabilities are rated critical while 4 vulnerabilities are high and 5 are medium.
    3. CVE-2019-11447 is not only rated critical but also has an exploit ready.

Old vulnerabilities are systematically exploited by threat actors to deliver ransomware and malware, therefore it’s critical to patch them.

Download the list of old vulnerabilities and their patches –

Table 2: Patch old vulnerabilities

Continuous vulnerability management and cyber hygiene can fend off 80% of cyber-attacks. Stay secure by updating patches and fix your vulnerabilities before they are weaponized. 

Download patches for all 79 vulnerabilities – 

Weaponized or not, it’s better to stay ahead of threat actors and patch vulnerabilities.

Happy Patching!

Team CSW

Share This Post On