Top Five Exploited Vulnerabilities By Chinese State-Sponsored Actors
Back on October 20, 2020, the United States National Security Agency (NSA) published a cybersecurity advisory about Chinese state-sponsored malicious cyber activity. This post we will be covering 5 of those vulnerabilities.
“Since these techniques include exploitation of publicly known vulnerabilities, it is critical that network defenders prioritize patching and mitigation efforts,” said the NSA advisory. It also recommended “critical system owners consider these actions a priority, in order to mitigate the loss of sensitive information that could impact U.S. policies, strategies, plans, and competitive advantage.”
1. Draytek Vigor Command Injection (CVE-2020-8515)
A critical vulnerability (CVSS base score of 9.8) in various versions of DrayTek Vigor, a series of VPN routers.
2. Microsoft Windows NTLM Authentication Bypass (CVE–2019–1040)
A vulnerability (CVSS base score of 5.8) in various Microsoft Windows versions.
3. Citrix Multiple Products Directory Traversal (CVE–2019–19781)
A critical vulnerability (CVSS base score of 9.8) in Citrix Application Delivery Controller (ADC) and Citrix Gateway
4. Pulse Connect Secure File Disclosure (CVE-2019-11510)
A critical vulnerability (CVSS base score of 10) in Pulse Connect Secure, the SSL VPN solution of Pulse Secure.
5. F5 BIG-IP Remote Code Execution (CVE–2020–5902)
A critical vulnerability (CVSS base score of 9.8) in various versions of BIG-IP, popular F5 products.
Qualys VMDR Detection
vulnerabilities.vulnerability.cveIds: [CVE-2020-8515,CVE–2019–1040,CVE–2019–19781,CVE-2019-11510,CVE–2020–5902]Recommendations
CISA recommends the following to protect assets from exploiting:
- Minimize gaps in personnel availability and consistently consume relevant threat intelligence.
- Keep a close eye on indications of compromise (IOCs) as well as strict reporting processes.
- Regular incident response exercises at the organizational level are always recommended as a proactive approach.
Remediation and Mitigation
- Patch systems and equipment promptly and diligently.
- Implement rigorous configuration management programs.
- Disable unnecessary ports, protocols, and services.
- Enhance monitoring of network and email traffic.
- Use protection capabilities to stop malicious activity.
References:
Recent Posts
Posts by Month
- November 2024 (1)
- October 2024 (1)
- August 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- October 2023 (1)
- February 2023 (1)
- November 2021 (2)
- October 2021 (1)
- December 2020 (2)
- November 2020 (2)
- October 2020 (4)
- September 2020 (1)
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2018 (1)
- March 2018 (5)
- February 2018 (3)
- January 2018 (5)
- December 2017 (3)
- November 2017 (3)
- October 2017 (6)
- May 2017 (1)
- January 2016 (3)
- November 2015 (1)
- October 2015 (1)