SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Vulnerabilities in line of NETGEAR switches could lead to remote code execution
Description: NETGEAR disclosed multiple vulnerabilities, some of them considered critical, in two of its ProSAFE Plus networking switches. An adversary could exploit these vulnerabilities to execute unauthenticated code on the affected devices. NETGEAR could not fix five high-risk vulnerabilities due to “system-on-chip CPU and memory limitations of the switches.” However, an attacker could only exploit these vulnerabilities if the switches have Plus Utility enabled — a feature that’s been disabled by default since 2019. One of the most serious vulnerabilities, CVE-2020-35231, allows an attacker to bypass NSDP authentication, potentially allowing them to execute management actions on the device or wipe its configuration via a factory reset.
Snort SID: 57332 - 57334
Title: Attacks spike against F5 BIG-IP and BIG-IQ vulnerabilities
Description: Attackers are actively exploiting a critical vulnerability in F5 devices that could lead to remote code execution. F5 disclosed and patched the flaws earlier this month, but many devices remain unpatched. The unauthenticated remote command execution vulnerability exists in in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure. An attacker could exploit this flaw to fully take over a vulnerable system. Proof-of-concept exploit code made its way onto GitHub shortly after the vulnerability was disclosed, and security researchers say attackers are scanning for unpatched targets. The U.S. Cybersecurity and Infrastructure Security Agency also released a warning over the weekend urging users to patch as soon as possible.
Reference: https://threatpost.com/critical-f5-big-ip-flaw-now-under-active-attack/164940/
Snort SIDs: 57336, 57337