Issued: Monday, 2 August, 2021 |
Last Revision: Monday, 2 August, 2021 |
Vendor: |
Product: |
Severity Level: |
Advisory coauthored by The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide.
Organizations are strongly encouraged to identify the vulnerable system(s) in their environment and apply patches as soon as possible. Please refer the “Affected Products” and “Recommendations” section of the is directive to know the affected products by these vulnerabilities and its solution.
CVE-2020-0787: An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows BITS handles symbolic links.
CVE-2021-22893: Multiple use after free in Pulse Connect Secure before 9.1R11.4 allows a remote unauthenticated attacker to execute arbitrary code via license services.
CVE-2021-22894: Buffer overflow in Pulse Connect Secure Collaboration Suite before 9.1R11.4 allows a remote authenticated users to execute arbitrary code as the root user via maliciously crafted meeting room.
CVE-2021-22899: Command Injection in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated users to perform remote code execution via Windows File Resource Profiles.
CVE-2021-22900: Multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 allow an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface
Vulnerability / CVE | Affected Product(s) |
CVE-2020-0787 | Windows 7 for 32-bit Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server, version 1903 (Server Core installation) Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows Server, version 1909 (Server Core installation) Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows Server, version 1803 (Server Core Installation) Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems |
CVE-2021-22893 | PCS: 9.0R3/9.1R1 and Higher |
CVE-2021-22894 | PCS: 9.1Rx, 9.0Rx |
CVE-2021-22899 | PCS:9.1Rx, 9.0Rx |
CVE-2021-22900 | PCS: 9.1Rx, 9.0Rx |
- Apply the security updates as recommended in the Microsoft Netlogon security advisory for Elevation of Privilege Vulnerability CVE-2020-0787. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0787/.
- The solution for Pulse Secure vulnerabilities is to upgrade the Pulse Connect Secure server software version to the 9.1R.11.4. https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784.