Emergency Response

Apache DolphinScheduler High-Risk Vulnerabilities (CVE-2020-11974, CVE-2020-13922) Threat Alert

September 23, 2020 | Mina Hao

1. Vulnerability Description On September 11, 2020, NSFOCUS detected that the Apache Software Foundation released security advisories fixing Apache DolphinScheduler permission overwrite vulnerability (CVE-2020-13922) and Apache DolphinScheduler remote code execution vulnerability (CVE-2020-11974). CVE-2020-11974 is related to mysql connectorj remote code execution vulnerability. When choosing mysql as database, an attacker could execute code remotely on the […]

BT.CN Unauthenticated phpmyadmin Vulnerability Threat Alert

September 22, 2020 | Mina Hao

Overview On August 23, 2020, Beijing time, BT.CN released an urgent security update announcing that BT-Panel for Linux 7.4.2 and BT-Panel for Windows 6.8 are vulnerable. Unauthenticated phpmyadmin causes direct database login by accessing a specific address. BT-Panel is server management software that improves the operation and maintenance efficiency. It supports more than 100 server […]

QEMU VM Escape Vulnerability (CVE-2020-14364) Threat Alert

September 18, 2020 | Mina Hao

Vulnerability Description On August 24, QEMU released a security patch to fix a VM escape vulnerability (CVE-2020-14364) which is the result of an out-of-bounds read/write access issue in the USB emulator in QEMU. This vulnerability resides in ./hw/usb/core.c. When the program handles USB packets from a guest, this vulnerability is deemed to exist if USBDevice […]

SANGFOR Endpoint Detection Response Remote Command Execution Vulnerability Handling Guide

September 16, 2020 | Mina Hao

Vulnerability Description On August 18, 2020, the China National Vulnerability Database (CNVD) listed SANGFOR Endpoint Detection Response (EDR) remote command execution vulnerability (CNVD-2020-46552) as a new entry. An unauthenticated attacker could exploit this vulnerability to send a maliciously crafted HTTP request to a target server, thereby obtaining the privileges of the target server and causing […]

Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert

September 11, 2020 | Mina Hao

Overview On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability. The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon […]

Update New Nginx Threat Backdoor Alert

September 8, 2020 | Mina Hao

Overview This is an update advisory. For details, please see “Verification Method”-“Local Verification”. On July 16, 2020, Beijing time, a competitor published an article stating that it captured a new Nginx backdoor recently which could bypass antivirus software. By the time this advisory is released, the backdoor had not been detected by any antivirus software […]

WebSphere Remote Code Execution Vulnerability (CVE-2020-4534) Threat Alert

September 4, 2020 | Mina Hao

1. Vulnerability Description On July 31, 2020, Beijing time, IBM released a security bulletin which addressed a remote code execution vulnerability (CVE-2020-4534) in WebSphere Application Server (WAS). The vulnerability is caused by improper handling of UNC paths. An authenticated local attacker could exploit the vulnerability to execute arbitrary code. The vulnerability has a CVSS score […]

Adobe Releases August’s Security Updates Threat Alert

August 31, 2020 | Mina Hao

Overview On August 11, 2020 (local time), Adobe released security updates to address multiple vulnerabilities in Adobe Acrobat, Reader, and Lightroom. For details about the security bulletins and advisories, visit the following link:

Microsoft’s August 2020 Patches Fix 120 Security Vulnerabilities Threat Alert

August 30, 2020 | Mina Hao

Overview   Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, […]

Cisco SD-WAN High-Risk Vulnerabilities (CVE-2020-3374, CVE-2020-3375) Threat Alert

August 28, 2020 | Mina Hao

Overview Recently, Cisco released an announcement stating that it has repaired two high-risk vulnerabilities in Cisco SD-WAN vManager Software (CVE-2020-3374) and SD-WAN Solution Software (CVE-2020-3375). Cisco SD-WAN is a secure cloud-scale architecture with openness, programmability, and scalability. Through the Cisco vManage console, you can quickly establish SD-WAN coverage structures to connect data centers, branch offices, […]