May 17, 2024 at 03:39AM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added security flaws in D-Link routers to its Known Exploited Vulnerabilities list. The flaws include a CSRF vulnerability affecting D-Link DIR-600 routers and an information disclosure vulnerability impacting D-Link DIR-605 routers. Additionally, a vulnerability in Ivanti EPMM could permit an authenticated local user to execute arbitrary commands.
Key Takeaways from the Meeting Notes:
1. **Vulnerabilities in D-Link Routers:**
– CISA identified two security flaws in D-Link routers, CVE-2014-100005 and CVE-2021-40655, allowing attackers to change configurations and obtain username/password.
– Organizations using legacy D-Link products affected by CVE-2014-100005 (EoL) should retire and replace the devices.
– Unpatched security issues in DIR-X4860 routers were revealed, enabling remote unauthenticated attackers to access HNAP port and run commands as root.
2. **Ivanti EPMM Vulnerabilities:**
– A new vulnerability (CVE-2024-22026) in Ivanti EPMM could allow an authenticated local user to bypass shell restriction and execute arbitrary commands.
– Inadequate validation in the EPMM command-line interface’s installation command is the root cause of the issue.
– Two other SQL injection flaws (CVE-2023-46806 and CVE-2023-46807) were also patched by Ivanti.
3. **Mitigations and Updates:**
– Federal agencies urged to apply vendor-provided mitigations for D-Link router vulnerabilities by June 6, 2024.
– D-Link is working on fixes for identified flaws.
– Users advised to update to the latest version of EPMM to mitigate potential threats of SQL injection flaws.
4. **Implications and Precautions:**
– Despite no evidence of exploitation, organizations are advised to stay updated on vulnerabilities and follow recommended mitigations.
The mentioned vulnerabilities present substantial security risks, and it is crucial for relevant parties to take proactive measures to address these issues.