SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Information disclosure vulnerability in Linux Kernel
Description: Cisco Talos recently discovered an information disclosure vulnerability in the Linux Kernel. The Linux Kernel is the free and open-source core of Unix-like operating systems. This vulnerability specifically exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux. CVE-2020-28588 is an information disclosure vulnerability that could allow an attacker to view Kernel stack memory. Talos researchers first discovered this issue on an Azure Sphere device (version 20.10), a 32-bit ARM device that runs a patched Linux kernel. An attacker could exploit this vulnerability by reading /proc/<pid>/syscall, a legitimate Linux operating system file — making it impossible to detect on a network remotely. If utilized correctly, an attacker could leverage this information leak to successfully exploit additional unpatched Linux vulnerabilities.
Reference: https://blog.talosintelligence.com/2021/04/vuln-spotlight-linux-kernel.html
Title: Cisco discloses multiple vulnerabilities in Adaptive Security Appliance
Description: Cisco disclosed multiple vulnerabilities in its Adaptive Security Appliance software and Cisco Firepower Threat Defense. One high-severity vulnerability, CVE-2021-1493, could allow an attacker to cause a buffer overflow condition. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition. Another medium-risk vulnerability could allow an adversary to inject commands that could be executed with root privileges on the underlying operating system.
References:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-cmdinj-TKyQfDcU
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-memc-dos-fncTyYKG
Snort SIDs: 57486, 57488, 57489