This Week in Cyber: Dec 6th – 10th

Digital Security by Design

 

Digital Security by Design

One of the major cybersecurity stories that broke last week was related to a critical bug in SonicWall’s SMA 100 series appliances. SonicWall ‘strongly urged’ all organisations using SMA 100 series appliances to immediately patch them against multiple security flaws rated with CVSS scores ranging from medium to critical. The highest severity flaws patched by SonicWall last week were CVE-2021-20038 and CVE-2021-20045, two critical Stack-based buffer overflow vulnerabilities that could allow remote unauthenticated attackers execute as the ‘nobody’ user in compromised appliances.

Other bugs patched by the company last Tuesday enable authenticated threat actors to gain remote code execution, inject arbitrary commands, or upload crafted web pages and files to any directory in the appliance following successful exploitation. However, the most dangerous one if left unpatched is CVE-2021-20039. This high severity security issue can let authenticated attackers inject arbitrary commands as the root user leading to a remote takeover of unpatched devices.

John Goodacre, UKRI Challenge Director Digital Security by Design and Professor of Computer Architectures at Manchester University, took part in a short Q&A, which resulted in 7 pieces of coverage across the ISMG estate of publications

  • The advisory says there have been no signs of exploitation in the wild. However, which type of threat actors may be interested in attacking by exploiting these vulnerabilities?

“Gaining root access enables an attacker to gain complete control of a device. As the SonicWall devices are secure gateways designed to provide secure remote access then an attacker could be interested in compromising them to gain access to systems.”

  • Do you think future exploitation is on the cards?

“It is important that this be patched.”

  • Why do you think threat actors will be interested in the exploitation of these vulnerabilities?

“Exploiting to gain control in devices but also of concern given the history that Mandiant have highlighted them being used to distribute ransomware and the warning issued here to release these.”

  • Can these vulnerabilities be used to create backdoor and persistence?

“As the vulnerability does create root access this is possible, but something can be cleaned up.”

  • What’s your take on this whole vulnerability fix?

“In addition to patching practices, the future of digital security should include devices that make the vulnerabilities blocked by design. The UK Government has an initiative called Digital Security by Design working across industry and academia to achieve such a future.”


You can follow updates @DSbDTech or via LinkedIn here  #DSbDtech

Follow Innovate UK

Twitter @innovateuk

Innovate UK on Linkedin

You can find out more about the Industrial Strategy Challenge Fund here

Delivered by Digital Catapult, funded by UKRI through the Digital Security by Design programme.