Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label High Severity Bugs. Show all posts

Decade-Old Critical Vulnerabilities Might Affect Infusion Pumps

 

According to scans of over 200,000 infusion pumps located on the networking of healthcare providers and hospitals, increasing numbers of gadgets are vulnerable to six critical-severity issues (9.8 out of 10) reported in 2019 and 2020.

According to Palo Alto Networks experts, 52% of scanned devices are vulnerable to two significant security issues discovered in 2019: CVE-2019-12255 (CVSS score of 9.8) and CVE-2019-12264 (CVSS score of 9.8). (CVSS score of 7.1) In a research report, the business stated over 100,000 infusion pumps were vulnerable to older, medium-severity issues (CVE-2016-9355 and CVE-2016-8375). 

"While some of these vulnerabilities and alerts may be difficult for attackers to exploit unless it is physically present in an organization," the researchers added, "all represent a potential risk to the general security of healthcare organizations and the safety of patients – particularly in situations where threat actors may be motivated to devote additional resources to attacking a target." 

Wind River, the company which supports VxWorks RTOS, has patched all URGENT/11 concerns since July 19, 2019. However, in the embedded device world, large delays in applying patches or not applying them at all are well-known issues. The last five critical-severity bugs that were discovered in June 2020, affect items made by the American healthcare corporation Baxter International. 

Malicious misuse of software security flaws might put human lives in danger, according to the firm. Infusion pumps are used to give medications and fluids to patients, and the company cautioned how malicious exploitation of software security flaws could put human lives at risk. The majority of the discovered flaws can be used to leak sensitive information and gain unauthorized access. Bugs that lead to the release of sensitive information harm not only infusion pumps, but also other medical devices, and may affect credentials, operational information, and patient-specific data.

Another area of concern is the use of third-party modules which may have security flaws. CVE-2019-12255 and CVE-2019-12264, for example, are significant vulnerabilities in the IPNet TCP/IP stack utilized by the ENEA OS of Alaris Infusion Pumps, according to the researchers. 

"Overall, most of the typical security alerts triggered on infusion systems imply avenues of attack which the device owner should be aware of," the security experts told. "For example, via internet access or default login and password usage."Given some infusion pumps are utilized for up to ten years, healthcare practitioners seeking to protect the security of devices, data, and patient information should consider the following.

McAfee Addresses Multiple Critical Bugs in McAfee Agent Software

 

McAfee (now known as Trellix) has fixed two high-severity bugs present in McAfee Agent software for Windows allowing malicious actors to escalate privileges and implement arbitrary code with SYSTEM privileges.

Earlier this week, the firm released a security advisory highlighting two CVEs tracked as CVE-2022-0166 and CVE-2021-31854 impacting previous versions of the McAfee ePolicy Orchestrator (ePO). The company released an updated version of the Agent that effectively remediates the vulnerabilities, both of which received high severity ratings.

McAfee Agent is a client-side feature of McAfee ePolicy Orchestrator (McAfee ePO) that downloads and enforces endpoint policies and deploys antivirus signatures, upgrades, patches, and new products on enterprise endpoints. 

The bug tracked as CVE-2021-31854 is a command Injection flaw in McAfee Agent (MA) for Windows prior to 5.7.5 allows threat actors to inject arbitrary shellcode into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges.

The second bug tracked as CVE-2022-0166 is a privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file. 

“By placing a specially-crafted openssl.cnf in a location used by McAfee Agent, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable McAfee Agent software installed,” reads the advisory published by CERT/CC researchers.

This is not the first instance wherein security researchers have uncovered flaws while examining McAfee's Windows security products. Last year in September, the company addressed another McAfee Agent privilege escalation bug (CVE-2020-7315) identified by Tenable security researcher Clément Notin that allowed local users to execute arbitrary code and kill the antivirus. 

Earlier in 2020, McAfee patched a security vulnerability impacting all editions of its Antivirus software for Windows (i.e., Total Protection, Anti-Virus Plus, and Internet Security) and allowing malicious attackers to escalate privileges and execute code with SYSTEM account authority.