All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT.

Root-Level RCE Vulnerability Patched by Cisco

Bleeping Computer reported that Cisco had issued a fix for CVE-2022-20649. The bug enabled someone to remotely execute code with root-level privileges on machines running vulnerable versions of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. In a security advisory, the company clarified that the flaw arose from the fact that debug mode was incorrectly enabled for certain services.

Andrew Swoboda | Senior Security Researcher at Tripwire

Cisco Redundacy Configuration Manager is subject to a remote code execution vulnerability. This issue exists on Cisco StarOS software while running in debug mode. Command execution occurs with root privileges. Cisco is not aware of any attacks using this vulnerability.

Nearly 100K WordPress Sites Vulnerable to High-Severity Bug

According to DataBreachToday, security researchers discovered a cross-site request forgery vulnerability (tracked as CVE-2022-0215) with a CVSS score of 8.8. The flaw affected three plugins running across 84,000 WordPress sites. When exploited, the bug could allow a malicious actor to assume control over a vulnerable website.

Tyler Reguly | Senior Manager, Security R&D at Tripwire

They must convince that WordPress administrator to click a link or visit a website in order to execute the attack. Ultimately, I would compare this to the Windows problem. For years, we’ve heard that Windows is less secure that macOS and Linux, but in reality, there’s just more targets, making it more valuable.

Microsoft Fixed Issues with January Patch Tuesday Updates

Microsoft fixed several issues surrounding its security (Read more...)