Blog

top CVE list

Top CVE List for Q1 2021: CloudPassage Vulnerability Report

The Threat Intelligence team at CloudPassage is in a continuous ARR (Anticipate, Research, Respond) loop. Our Real-Time Vulnerability Alerting Engine harnesses public data and applies proprietary data analytics to cut through the noise and get real-time alerts for highly seismic cloud vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past. Since its first launch at BSidesSF we have made enormous improvements in our real-time vulnerability alerting engine. It has been humming and churning data ever since. Here is the most recent vulnerability report, including the top CVE list for the first quarter of 2021.

Top CVE List for Q1 2021: CloudPassage Vulnerability Report

Figure 1: CloudPassage Vulnerability Report from the Real-Time Vulnerability Alerting Engine

The X-axis for the CloudPassage Vulnerability Report graph represents each day of the first quarter from 1 Jan to 31 March 2021. The Y-axis represents the vulnerability trending quotient calculated by the engine (see the BSides presentation for more info). For simplicity, the Y-axis has been divided into four colors—Red, Orange, Yellow, and Green—which represent the criticality of each vulnerability. Each blue dot represents a vulnerability. Its placement on the X-axis represents the date on the timeline and placement on the Y-axis represents criticality (i.e., the vulnerability trending quotient). It’s possible for the same vulnerability to appear on multiple days, especially vulnerabilities with a high X-axis value.

Top CVE List for Q1

#1 CVE-2021-3156: Sudo Privilege Escalation to Root

The ‘sudo’ command allows users to run programs with the security privileges of another user. Due to this vulnerability, when running sudoedit with the flags -s or -i, the command will not result in an exit with an error, and the sudoers policy plugin will not remove the escape characters. This will result in it reading beyond the last character of a string and may allow attackers to run random commands.

#2 CVE-2021-21972: vSphere Remote Code Execution Vulnerability in Server Plugin

A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. A proof-of-concept exploit is available that demonstrates the use of this vulnerability.

#3 CVE-2021-22986: BIG-IP iControl REST Interface Unauthenticated Remote Command Execution

This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management interface and self IP addresses, to execute arbitrary system commands, create or delete files, and disable services. A proof-of-concept code is available that demonstrates exploitations of this vulnerability.

#4 CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability

On March 2, Microsoft released an out-of-band patch for an Exchange zero-day vulnerability that was exploited in the wild. In a blog post, Microsoft attributes the exploitation of these flaws to a state-sponsored group HAFNIUM. Volexity, one of the groups credited with discovering CVE-2021-26855, wrote in their blog post that it observed an attacker leverage this vulnerability to – steal the full contents of several user mailboxes. CVE-2021-26855 opens the door to the other three vulnerabilities that are chained together (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065). An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted HTTP request to a vulnerable Exchange Server over port 443.

The complete top CVE list for the first quarter 2021 are below:

Number

Vulnerability

Description

1

CVE-2021-3156 Sudo privilege escalation to root

2

CVE-2021-21972 vSphere remote code execution vulnerability in a vCenter Server plugin

3

CVE-2021-22986 BIG-IP iControl REST interface unauthenticated remote command execution

4

CVE-2021-26855 Microsoft Exchange Server Remote Code Execution Vulnerability

5

CVE-2021-1782 MacOS race condition and privilege escalation

6

CVE-2021-1732 Windows Win32k Elevation of Privilege Vulnerability

7

CVE-2021-1647 Microsoft Defender Remote Code Execution Vulnerability

8

CVE-2020-17519 Apache Flink JobManager process file read

9

CVE-2021-3449 TLSv1.2 renegotiation ClientHello DoS

10

CVE-2021-2109 Oracle WebLogic Server remote code execution

11

CVE-2021-21193 Google Chrome use after free vulnerability

12

CVE-2021-3450 OpenSSL non-CA certificates check bypass

 

How CloudPassage Halo Can Help

CloudPassage Halo Customers can use Halo’s Server Secure or Container Secure service, our software vulnerability manager, to identify and prioritize vulnerabilities lurking in their environments from the top CVE list.

CloudPassage Halo software vulnerability manager

Figure 2: Use the Halo software vulnerability manager to identify and prioritize vulnerabilities

Customers can also create custom reports to view details on the Q1 vulnerabilities for 2021.

Create custom reports to view vulnerabilities

Figure 3: Use Halo to create custom vulnerability reports and view CVE details

Amol will be speaking at the CloudPassage Halo Spring Product Update WebinarRegister now to learn more about new CVEs and the work his Threat Research Team performs.

Learn more about CloudPassage Halo Server Secure.

Get a free vulnerability assessment of your infrastructure in 30 minutes.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts