threat intelligence briefing

Threat Intelligence

Reliance ACSN Threat Intelligence Report

11/06/2021 of 13

THREAT INTELLIGENCE

Weekly Briefing

04/06/2021 – 11/06/2021

TLD STATUS: Amber

WRITTEN BY: Reliance acsn TI team

DATE: 11/06/2021

SECURITY LEVEL: Onward Briefing

Threat Intelligence


11/06/2021 of 13

Table of Contents Executive Summary .......................................................................................................... 3

Risk Table ......................................................................................................................... 4

Advisory for Google Chrome Zero Day (CVE-2021-30551) ................................................ 6

Advisory for various SAP vulnerabilities ............................................................................ 7

Advisory for various Adobe vulnerabilities ...................................................................... 10

Advisory for various Cisco vulnerabilities ........................................................................ 12

Threat Intelligence


11/06/2021 of 13

Executive Summary

Reliance ACSN detail a weekly threat report that covers the key intelligence topics of the

past seven days. We are continuously monitoring, tracking, and analysing all areas of the

threat landscape which we will summarise within this report. During this week’s issue we will

discuss the threat’s we have observed by highlighting key behaviour, characteristics,

indicators of compromise and what we’ve done to protect you from these attacks.

This week’s report covers the following topics:

• Google Chrome

• SAP

• Adobe

• Cisco

Threat Intelligence


11/06/2021 of 13

Risk Table

Vulnerability Likelihood of

happening Impact If Exploited

Mitigation

Resources Needed

Chrome [CVE-2021-30551] MEDIUM HIGH LOW

SAP [2021-27602] LOW HIGH LOW































Threat Intelligence


11/06/2021 of 13









Adobe [2021-28579] LOW HIGH LOW















Cisco [2021-1402] LOW HIGH LOW



Threat Intelligence


11/06/2021 of 13

Advisory for Google Chrome Zero Day (CVE-2021-

30551)

Overview:

A vulnerability in Google Chrome called type confusion was discovered in the V8, which is part of

the browser responsible for running JavaScript.

An attacker can trick the V8 into digesting one sort of data item as different type of data item.

This may allow the attacker to bypass security checks or run unauthorised code as a result.

Vulnerable Versions:

All version prior to 91.0.4472.101.

Exploitation:

This vulnerability has been seen being actively exploited in the wild.

Recommendations:

Please upgrade to the latest version of Chrome, 91.0.4472.101 or later.

Threat Intelligence


11/06/2021 of 13

Advisory for various SAP vulnerabilities

Overview:

[CVE-2021-27602] Remote Code Execution vulnerability in Source Rules of SAP Commerce

[CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform

[CVE-2021-27635] Missing XML Validation in SAP NetWeaver AS for JAVA

[Multiple CVEs] Memory Corruption vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

• CVEs - CVE-2021-27606, CVE-2021-27629, CVE-2021-27630, CVE-2021-27631, CVE-2021-27632


• CVEs - CVE-2021-27597, CVE-2021-27633, CVE-2021-27634


• CVEs - CVE-2021-27607, CVE-2021-27628

[CVE-2021-33662] Information Disclosure in SAP Business One

[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution

[CVE-2021-21473] Missing Authorisation check in SAP NetWeaver AS ABAP and ABAP Platform

[CVE-2021-21490] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP (Web Survey)

[Multiple CVEs] Memory Corruption vulnerability in SAP IGS

• CVEs - CVE-2021-27620, CVE-2021-27622, CVE-2021-27623, CVE-2021-27624,

CVE-2021-27625, CVE-2021-27626, CVE-2021-27627

[CVE-2021-27637] Information Disclosure in SAP Enable Now (SAP Workforce Performance Builder -

Manager)

[CVE-2021-33663] Plaintext command injection in SAP NetWeaver AS ABAP

[CVE-2021-27621] Information Disclosure in SAP NetWeaver AS JAVA (UserAdmin Application)

[CVE-2021-33664] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications

based on Web Dynpro ABAP)

[CVE-2021-33665] Cross-Site Scripting (XSS) vulnerability within SAP NetWeaver AS ABAP (Applications

based on SAP GUI for HTML)

[CVE-2021-33666] MIME Sniffing Vulnerability in SAP Commerce Cloud

[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Threat Intelligence


11/06/2021 of 13

• CVEs - CVE-2021-27638, CVE-2021-27639, CVE-2021-27640, CVE-2021-33659,

CVE-2021-27642, CVE-2021-33661, CVE-2021-27641, CVE-2021-27643,

CVE-2021-33660


Product –

• SAP Commerce, Versions - 1808, 1811, 1905, 2005 & 2011

• SAP NetWeaver AS ABAP and ABAP Platform, Versions -

700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 & 804

• SAP NetWeaver AS for JAVA, Versions - 7.20, 7.30, 7.31, 7.40 & 7.50

• SAP NetWeaver AS for ABAP (RFC Gateway), Versions –

KRNL32NUC - 7.22,7.22EXT

KRNL64NUC - 7.22, 7.22EXT, 7.49

KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73

KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82 & 7.83

• SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), Versions –

KRNL32NUC - 7.22, 7.22EXT,

KRNL64NUC - 7.22, 7.22EXT, 7.49

KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73

KERNEL - 7.22, 8.04, 7.49, 7.53 & 7.73

• SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), Versions –

KRNL32NUC - 7.22, 7.22EXT

KRNL32UC - 7.22, 7.22EXT

KRNL64NUC - 7.22, 7.22EXT, 7.49

KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73

KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82 & 7.83

• SAP Business One, Version - 10.0

• SAP Manufacturing Execution, Versions - 15.1, 1.5.2, 15.3 & 15.4

• SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT), Versions –

700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 & 755

• SAP NetWeaver AS for ABAP (Web Survey), Versions –

700, 702, 710, 711, 730, 731, 750, 750, 752, 75A & 75F

• SAP NetWeaver AS (Internet Graphics Server – Portwatcher), Versions

7.20, 7.20EXT, 7.53, 7.20_EX2 & 7.81

• SAP Enable Now (SAP Workforce Performance Builder - Manager), Versions –

10.0 & 1.0

Threat Intelligence


11/06/2021 of 13

• SAP NetWeaver AS ABAP, Versions –

KRNL32NUC - 7.22, 7.22EXT

KRNL32UC - 7.22, 7.22EXT

KRNL64NUC - 7.22, 7.22EXT, 7.49

KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73

KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 & 7.84

• SAP NetWeaver AS for Java (UserAdmin), Versions –

7.11, 7.20, 7.30, 7.31, 7.40 & 7.50

• SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP),

Versions –

SAP_UI – 750, 752, 753, 754, 755 & SAP_BASIS – 702, 31

• SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML),

Versions –

KRNL64NUC - 7.49

KRNL64UC - 7.49, 7.53

KERNEL - 7.49 ,7.53, 7.77, 7.81 & 7.84.

• SAP Commerce Cloud, Version - 100

• SAP 3D Visual Enterprise Viewer, Version - 9

Exploitation:

These vulnerabilities have not been seen being exploited in the wild.

Recommendations:

Apply the latest patches recommended by SAP.

Threat Intelligence


11/06/2021 of 13

Advisory for various Adobe vulnerabilities

Overview:

CVE-2021-28579 - Improper Access vulnerability in Adobe Connect

• Successful exploitation could lead to privilege escalation in the context of the browser of the

victim.

CVE-2021-28554 & CVE-2021-28551 – Out-of -bounds Read vulnerability Adobe Acrobat and Reader

• Successful exploitation can lead to arbitrary code execution in the context of the current

user.

CVE-2021-28552 & CVE-2021-28631 & CVE-2021-28632 – Use After Free Adobe Acrobat and Reader

• Successful exploitation can lead to arbitrary code execution in the context of the current

user.

CVE-2021-28624– Heap Based Buffer Overflow - Adobe Photoshop

• Arbitrary code execution in the context of the current user.

CVE-2021-28582 – Buffer Overflow - Adobe Photoshop

• Arbitrary code execution in the context of the current user.

CVE-2021-28625 – Cross Site Scripting - Adobe Experience Manager

• Arbitrary JavaScript execution in the browser.

CVE-2021-28626 – Improper Authorization - Adobe Experience Manager


CVE-2021-28627 – Server Site Forgery Request - Adobe Experience Manager


CVE-2021-28628 – Cross Site Scripting - Adobe Experience Manager


CVE-2021-28633 - Creation of Temporary File in Directory with Incorrect Permissions - Creative Cloud

Desktop Application

Threat Intelligence


11/06/2021 of 13

CVE-2021-28594 - Uncontrolled Search Path Element - Creative Cloud Desktop Application

• Arbitrary code execution in a context of the current user.

CVE-2021-28588 – Path Traversal vulnerability- Adobe RoboHelp Server

• Arbitrary code execution in a context of the current user.


• Adobe Connect 11.2.1 and earlier versions.

• Adobe Acrobat and Reader.

o Acrobat DC - Continuous - 2021.001.20155 and earlier versions.         

o Acrobat Reader DC - Continuous - 2021.001.20155 and earlier versions.        

o Acrobat 2020 - Classic 2020 - 2020.001.30025 and earlier versions.

o Acrobat Reader 2020 - Classic 2020 - 2020.001.30025 and earlier versions.

o Acrobat 2017 - Classic 2017 - 2017.011.30196 and earlier versions.         

o Acrobat Reader 2017 - Classic 2017 - 2017.011.30196 and earlier versions. 

• Adobe Photoshop.

o Photoshop 2020 - 21.2.8 and earlier versions.

o Photoshop 2021 - 22.4.1 and earlier versions. 

• Adobe Experience Manager.

o Adobe Experience Manager (AEM) - AEM Cloud Service (CS).

o Adobe Experience Manager (AEM) - 6.5.8.0 and earlier versions.

• Adobe Creative Cloud Desktop Application.

o 2.4 and earlier version.

• Adobe RoboHelp Server.

o 2019.0.9 and earlier versions.

Exploitation:

These vulnerabilities have not been seen being actively exploited in the wild.

Recommendations:

Update to the latest fixed version.

Threat Intelligence


11/06/2021 of 13

Advisory for various Cisco vulnerabilities

Overview:

CVE-2021-1402 – Cisco Firepower.

• An unauthenticated remote attacker could cause an affected device to reload, due to a

vulnerability in the software-based SSL/TLS message handler. This could lead to Denial-of-

Service (DoS) attack.

CVE-2021-1245 & CVE-2021-1246 – Cisco Finesse and Virtualised Voice Browser OpenSocial Gadget

Editor.

• An unauthenticated remote attacker could cause a cross-site scripting (XSS) attack and

obtain potentially confidential information by leveraging a flaw in the authentication

mechanism.


Cisco Firepower

• 3000 Series Industrial Security Appliances (ISAs).

• ASA 5512-X Adaptive Security Appliance.





• Firepower 1000 Series.

• Firepower 2100 Series.

• Firepower Threat Defense Virtual (FTDv).

Cisco Finesse and Virtualised Voice Browser OpenSocial Gadget Editor.

• Prior to Release 12.0(1) ES3 and Release 12.5(1).

• Prior to Release 12.6(1).

Exploitation:

These vulnerabilities have not been seen being actively exploited in the wild.

Threat Intelligence


11/06/2021 of 13

Recommendations:

Cisco FTD Software Release First Fixed Release Recommended Fixed Release

Earlier than 6.2.2 Not vulnerable Migrate to a fixed release

6.2.2 Not vulnerable Migrate to a fixed release


6.3.0 Migrate to a fixed release Migrate to a fixed release

6.4.0 Not vulnerable 6.4.0.12 (May 2021)


6.6.0 Not vulnerable 6.6.4

6.7.0 Not vulnerable 6.7.0.2

• At the time of publication, Cisco Finesse releases 12.0(1) ES3 and 12.5(1) and later contained

the fix for these vulnerabilities.

• At the time of publication, Cisco Virtualized Voice Browser releases 12.6(1) and later

contained the fix for these vulnerabilities.

threat intelligence briefing

Documents