The vulnerabilities are as follows:
• CVE-2021-31166: A wormable HTTP protocol-stack issue in Windows 10 and some versions of Windows Server allowing remote code-execution (RCE)
• CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE
• CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding (OLE) Automation
• CVE-2021-28476: An RCE vulnerability in Microsoft Windows Hyper-V
• Microsoft Exchange Server. The flaws (CVE-2021-31198, RCE; CVE-2021-31207, spoofing; CVE-2021-31209, security bypass; and CVE-2021-31195, RCE), are all rated important or moderate
A vulnerability has been identified that could result in a local user escalating their privilege level to SYSTEM on the computer running Citrix Workspace app for Windows.
The vulnerability has the following identifier:
This vulnerability affects all supported versions of Citrix Workspace app for Windows but does not affect Citrix Workspace app on any other platforms.
Mitigating Factors
This vulnerability only exists if Citrix Workspace app was installed using an account with local or domain administrator privileges. It does not exist when a standard Windows user installed Citrix Workspace app for Windows.
Users with automatic updates enabled will automatically be updated to a fixed version.
What Customers Should Do
The issue has been addressed in the following versions of Citrix Workspace app for Windows:
• Citrix Workspace App 2105 and later
• Citrix Workspace App 1912 LTSR CU4 and later cumulative updates
Citrix strongly recommends that customers upgrade to a fixed version as soon as possible or check if the version they are running has been automatically updated.
The latest version of Citrix Workspace app for Windows is available from the following Citrix website location:
https://www.citrix.com/downloads/workspace-app/windows/
This vulnerability affects all supported versions of Citrix Workspace app for Windows but does not affect Citrix Workspace app on any other platforms.
https://www.citrix.com/downloads/workspace-app/workspace-app-for-windows-long-term-service-release/
PRODUCT AFFECTED:
This issue affects Mist Access Point Firmware versions 0.5, 0.6, 0.7, 0.8, 0.9. Affected platforms: AP12, AP21, AP32, AP33, AP41, AP43, AP61, AP63. This issue affects Wi-Fi Mini-Physical Interface Module (Mini-PIM). Affected platforms: SRX Series.
PROBLEM:
On May 11, 2021, the Industry Consortium for Advancement of Security on the Internet (ICASI) announced the coordinated disclosure of a series of vulnerabilities related to the functionality of Wi-Fi devices. The complete list of vulnerabilities is listed below. Exploitation of these vulnerabilities may result in data exfiltration.
Of these issues listed below, only CVE-2020-24588 affects Juniper Networks Mist Access Points (APs). Successful exploitation of CVE-2020-24588 may allow an attacker to inject arbitrary network packets which could be used to spoof servers and conduct man-in-the-middle (MITM) attacks, in protected Wi-Fi networks, including WEP, WPA, WPA2, and WPA3.
This issue affects Juniper Networks Mist Access Point Firmware:
• 0.5 versions prior to 0.5.17562 on AP21, AP41, AP61 Series;
• 0.6 versions prior to 0.6.19227 on AP43, AP63 Series;
• 0.7 versions prior to 0.7.20564 on AP41, AP43, AP61, AP63 Series;
• 0.8 versions prior to 0.8.21602 on AP12, AP32, AP33, AP41, AP43, AP61, AP63 Series;
• 0.9 versions prior to 0.9.22792 on AP12, AP32, AP33, AP41, AP43, AP61, AP63 Series.
Mist Access Points are not affected by any of the other vulnerabilities listed below. However, additional protective measures have been implemented to defend against the vulnerabilities identified as CVE-2020-24586 and CVE-2020-24587.
All of these vulnerabilities also affect the Wi-Fi Mini-Physical Interface Module (Mini-PIM) for branch SRX Series Services Gateways.
This issue was discovered during external security research.
The associated CVE IDs are as follows:
SOLUTION:
The following firmware versions for the Juniper Networks Mist Access Points have been updated to resolve this specific issue (CVE-2020-24588): 0.5.17562, 0.6.19227, 0.7.20564, 0.8.21602, 0.9.22792 and all subsequent releases.
WORKAROUND:
There are no known workarounds for this issue.
Lastly, to those who are leveraging our 24/7 Healthcare Security Operations Center (SOC) / SIEM, your network is being monitored and we will provide regular updates. To those who are not – please feel free to reach out to raheel.qureshi@isecurityconuslting.com or kees.pouw@isecurityconsulting.com and we will add you to our distribution list.
We will also provide updates to organizations we are servicing through our Incident Response Retainer.
Do not panic but stay safe and protected. We can always connect with you 1-on-1 to provide better guidance on how to gain better visibility into your controls, network, dark web, privileged user access protection and active threat hunting. The landscape around ransomware has evolved as the Healthcare sector is willing to pay ransom and malicious threat actors are now stronger than ever.
Please go ahead and share this with your peers.
For any other questions or concerns, please feel free to reach out to info@isecurityconsulting.com.
Best Regards,
The iSecurity Team
