Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – APT Group Sidewinder Targeting Pakistani Officials
April 21, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOC’s
April 21, 2021
Severity
Medium
Analysis Summary
CVE-2021-1392
An authenticated attacker can exploit a vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software to retrieve the password for Common Industrial Protocol (CIP). The attacker can then remotely configure the affected device as an administrative user.
CVE-2021-1403
An unauthenticated, remote attacker can exploit a vulnerability in the web UI feature of Cisco IOS XE software to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.
CVE-2021-1352
An adjacent, unauthenticated attacker can exploit a vulnerability in DECnet protocol processing of Cisco IOS XE software to cause a denial-of-service condition on an affected device. The attacker can then remotely configure the affected device to reload and successfully cause denial-of-service conditions.
CVE-2021-1442
A local, authenticated attacker can exploit a vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software to elevate privileges to the level of an administrator on an affected Stratix 5800. The attacker can then remotely configure the affected device to disable Plug-and-Play after Express Setup has completed.
CVE-2021-1452
A physical, unauthenticated attacker can exploit a vulnerability in the Stratix 5800 switches, execute persistent code at boot time and break the chain of trust.
CVE-2021-1443
An authenticated, remote attacker can exploit a vulnerability in the web UI of the IOS XE software to execute arbitrary code with root privileges on the underlying operating system of the affected device. Admin credentials to the device are required for the attacker to exploit this vulnerability.
CVE-2021-1220
An authenticated, remote attacker can exploit a vulnerability in the web UI of the IOS XE software to equip themselves with read-only privileges to cause the web management software to hang and consume vty line instances. The consumption of the vty line instances results in a denial-of-service condition.
Impact
- Denial-of-service Conditions
- Unauthorized Privilege Escalation
- Web Socket Hijacking
- Command Injection
Affected Vendors
Rockwell Automation
Affected Products
- Stratix 5800: Versions 16.12.01 and earlier
- Stratix 8000: Versions 15.2(7)E3 and earlier
- Stratix 5700: Versions 15.2(7)E3 and earlier
- Stratix 5410: Versions 15.2(7)E3 and earlier
- Stratix 5400: Versions 15.2(7)E3 and earlier
Remediation
Refer to the ICS advisory for the complete list of affected products, mitigation methods, and their respective patches.
https://us-cert.cisa.gov/ics/advisories/icsa-21-110-02
In the Stratix 5800, apply version 17.04.01 or later.