Skip to the main content.
Contact
Contact

3 min read

Control Gap Vulnerability Roundup: November 19th to November 25th

Control Gap Vulnerability Roundup: November 19th to November 25th

This week saw the publication of 343new CVE IDs. Of those, 144 have not yet been assigned official CVSS scores, however, of the ones that were, approximately 31% were of critical severity, 30% were high, 38% were medium, and 1% were low. Listed below are the vulnerabilities that caught our attention:

  • Tailscale, the popular VPN and networking solution, could allow for remote code execution on Windows clients if users visit a malicious website.
  • Dolibarr, the popular ERP and CRM solution was found to be vulnerable to SQL injection.
  • The “Nighthawk” router made by NetGear has had 17 unique buffer overflow vulnerabilities disclosed this week for multiple firmware versions.
  • The privacy focused communications application Nextcloud Talk for Android was found to have flawed permissions which could allow for malicious apps to spy on user communications.

The modern threat landscape represents an ever-changing vista of vulnerabilities, tools, tactics, and procedures which pose an existential threat to the security of organizations’ IT infrastructures. A key part of an evergreen security program is to maintain an up-to-date knowledge base of actionable threat intelligence that an organization can leverage to improve its security posture. Where dozens of novel threats and vulnerabilities become public each week, it can be challenging for IT professionals to keep pace. Control Gap intends to separate the signal from the noise by highlighting in this weekly segment newly disclosed vulnerabilities that have been assigned a CVE ID and which may be exceedingly novel, widespread, critical, or otherwise noteworthy.

The available threat intelligence at time of writing is documented below. Updates will be clearly marked.


Tailscale Remote Code Execution

CG_Critical_sm-1

Real-World Exploitability

High

Exploited in the Wild

No

Available Public Exploits 

Yes

 

Tailscale has released a security bulletin disclosing a critical vulnerability which could allow for remote code execution via the Windows Tailscale client. The Tailscale client was found to utilize an insecure TCP socket for local API communications, if a node visited a malicious website an attacker could rebind the node’s DNS server and then change the node’s coordination server to one which is attacker controlled. A malicious coordination server can push executables to nodes or install SMB shares. The vulnerability, CVE-2022-41924, affects all Windows Tailscale clients below version 1.32.3 and Tailscale is claiming that the vulnerability was not exploited in the wild. The security researchers who disclosed the vulnerabilities to Tailscale have published a technical write-up of their findings which contains sufficient information for adversaries to exploit these vulnerabilities. Serious kudos to Tailscale for resolving all of the reported issues in less than 48 hours.


Dolibarr SQL Injection

CG_Critical_sm-1

Real-World Exploitability

High

Exploited in the Wild

No

Available Public Exploits 

Yes

 

Dolibarr is an open-source ERP and CRM software suite for organizations, the GitHub page indicates that the platform is fairly popular with downloads of at least 4,000 per week. Security researcher, Abdelrhman Allam, reported three distinct SQL injection vulnerabilities affecting the “s” parameter of the web application. SQL injection allowing attackers to directly access the underlying database of the Dolibarr platform could be particularly concerning given the sensitive financial information which could be stored by the application. Dolibarr has addressed the issue and released a patch on their GitHub. No additional security guidance appears to have been released, the vulnerability is being tracked as CVE-2022-4093.


NetGear R7000P Router Multiple Buffer Overflows

CG_Critical_sm-1

 

Real-World Exploitability

High

Exploited in the Wild

No

Available Public Exploits

No

 

The popular “Nighthawk” router made by NetGear has had a staggering 17 buffer overflow vulnerabilities disclosed this week affecting multiple aspects of firmware versions 1.3.0.8 and 1.3.1.64. While it does not appear any of the vulnerabilities have weaponized exploits available, buffer overflow vulnerabilities are typically a first step towards achieving remote code execution. Threat actors have been targeting internet connected “dumb” devices such as routers with increasing frequency to develop some of the largest botnets in existence. With the industry moving away from hard-coded credentials following mass exploitation by Mirai malware, threat actors are looking to other exploits such as buffer overflows to gain access to these devices. A complete list of all 17 vulnerabilities can be found here.


Nextcloud Talk Android Insecure Communications

CG_Medium_sm-1

 

Real-World Exploitability

Low

Exploited in the Wild

No

Available Public Exploits

No

 

Nextcloud Talk Android is the Android implementation of Nextcloud Talk, a communications platform “designed for privacy” which allows users to communicate using voice, text, or video. The application was found to improperly utilize broadcastPermission[s] on its receiver, which would allow a malicious application on the same Android device to spy on communications made through the Nextcloud Talk app. Nextcloud is recommending users upgrade to version 14.1.0, the vulnerability is being tracked as CVE-2022-41926.

Control Gap Vulnerability Roundup: November 12th to November 18th

Control Gap Vulnerability Roundup: November 12th to November 18th

This week saw the publication of 500 new CVE IDs. Of those, 144 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More
Control Gap Vulnerability Roundup: November 5th to November 11th

Control Gap Vulnerability Roundup: November 5th to November 11th

This week saw the publication of 507 new CVE IDs. Of those, 133 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More
Control Gap Vulnerability Roundup: October 29th to November 4th

Control Gap Vulnerability Roundup: October 29th to November 4th

This week saw the publication of 517 new CVE IDs. Of those, 9 have not yet been assigned official CVSS scores, however, of the ones that were,...

Read More