Tech giants SAP, Intel, Cisco, Citrix, and Juniper have patched vulnerabilities in their respective products.
This week, as part of the Patch Day, SAP issued 11 Security Notes, one of which was a Hot News Note addressing a Critical vulnerability in Diagnostics Agent.
The bug, tracked as CVE-2019-0330 and featuring a CVSS score of 9.1, is an OS command injection that could result in the compromise of the entire SAP system.
On the other hand, another technology behemoth Cisco issued security updates for a “high” rated susceptibility in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could enable a remote attacker to cause a denial-of-service condition.
According to a July 10 security update, the flaw, tracked as CVE-2019-1873, is in the cryptographic driver of the products. The bug is due to inadequate input authentication of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header and can be misused by sending a crafted TLS/SSL packet to an interface on the targeted device.
Citrix suffered another blow as researchers found critical susceptibilities in Citrix SD-WAN, one of the most extensively used SD-WAN solutions , and are exhorting managers to patch them at the earliest.
All of the flaws can ostensibly be easily exploited remotely by an unverified attacker, and Tenable has published PoC exploit code for some.
Juniper Networks met the same fate as other tech giants, issuing 11 security alerts, two critical, five high and four medium, for a large number of flaws across numerous product lines.
The critical issues cover Steel Belted Radius Carrier Edition and Junos Space. The former product contains 21 CVEs and affects Steel Belted Radius Carrier Edition 8.4R14 on RHEL6 (32-bit), RHEL6 (64-bit), RHEL7, Sparc Solaris (32-bit), Sparc Solaris (64-bit) and 8.5R5 on RHEL6 (64-bit), RHEL7, Sparc Solaris (64-bit) and all subsequent releases, Juniper said.
Intel also underwent the same problem as it addressed a critical vulnerability in the Processor Diagnostic Tool and another issue in the Solid State Drives (SSD) for Data Centers (DC).
The “high severity” vulnerability, tracked CVE-2019-11133, was rated with a CVSS score of 8.2 and Prior impacts all previous versions.
It’s worth noting that the susceptibility could be misused by an attacker with access to the system running the tool to intensify privileges, acquire information, or activate a denial-of-service (DoS) condition.