What does it mean for your business?
Summary of the Statement
Last week, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a joint statement on five different vulnerabilities that the Foreign Intelligence Service of the Russian Federation (SVR RF) is known to be exploiting currently.
How does this affect your business?
Even if your business is not a target of the SVR RF, other threat actors such as ransomware gangs, are taking advantage of the same vulnerabilities. Therefore, if you have been using any of the affected product versions, you should take them offline, upgrade to the most recent version, and begin an incident response process to verify your servers are not compromised. Additionally, Raxis recommends performing the same process on other recently exploited products such as SolarWinds Orion and Microsoft Exchange Server.
Affected Product Versions & Associated CVEs
Fortinet FortiGate VPN
- Version: Fortinet FortiOS6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12
- CVE: CVE-2018-13379
Synacor Zimbra Collaboration Suite
- Version: Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10
- CVE: CVE-2019-9670
Pulse Secure Pulse Connect Secure VPN
- Version: Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
- CVE: CVE-2019-11510
Citrix Application Delivery Controller and Gateway
- Version: CitrixADC and Gateway versions before 13.0.47.24, 12.1.55.18, 12.0.63.13, 11.1.63.15 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b
- CVE: CVE-2019-19781
VMware Workspace ONE Access
- Version: VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager 3.3.1 -3.3.3 on Linux, VMware Identity Manager Connector 3.3.1-3.3.3 and 19.03, VMware Cloud Foundation 4.0-4.1, and VMware Vrealize Suite Lifecycle Manager8.x
- CVE: CVE-2020-4006
Remediation
If your business is running any of the aforementioned product versions, upgrade immediately to the most recent versions following the guides for each product below:
Fortinet FortiGate VPN
Synacor Zimbra Collaboration Suite
Pulse Secure Pulse Connect Secure VPN
- https://support.pulsesecure.net/product-service-policies/eol/software/pulse-connect-secure-software-dates-milestones/
- https://docs.pulsesecure.net/Content/A_PCS/Release_Notes.htm
Citrix Application Delivery Controller and Gateway
- Upgrading: https://support.citrix.com/article/CTX267027
- Check for Vulnerability: https://github.com/cisagov/check-cve-2019-19781
VMware Workspace ONE Access
Solarwinds Orion
Microsoft Exchange
- Version Details: https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/
Additionally, Raxis recommends beginning an incident response process on any servers exposed to the internet that are running these product versions, as they are actively being exploited in the wild.
Associated Links
NSA, FBI & CISA Statement: https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
CVE Links:
- CVE-2018-13379 Fortinet FortiGate VPN: https://nvd.nist.gov/vuln/detail/CVE-2018-13379
- CVE-2019-9670 Synacor Zimbra Collaboration Suite: https://nvd.nist.gov/vuln/detail/CVE-2019-9670
- CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN: https://nvd.nist.gov/vuln/detail/CVE-2019-11510
- CVE-2019-19781 Citrix Application Delivery Controller and Gateway: https://nvd.nist.gov/vuln/detail/CVE-2019-19781
- CVE-2020-4006 VMware Workspace ONE Access: https://nvd.nist.gov/vuln/detail/CVE-2020-4006
