All Articles

Unveiling Critical CVEs: From Apache Spark to TP-Link Routers by Jitendra Chauhan

Posted by Priya R on May 23, 2024 at 12:57am in Blog

 

Unveiling%20Critical%20CVEs%20From%20Apache%20Spark%20to%20TP-Link%20Routers%20(1).png?profile=RESIZE_710x

 

Welcome to a comprehensive exploration of critical vulnerabilities that demand immediate attention from cybersecurity professionals worldwide. In this discussion, we delve into the intricacies of vulnerabilities affecting widely used technologies such as Apache Spark, TP-Link routers, and IBM ASA software. Led by Jendra Chan, Head of Research at Fire Compass, this webinar sheds light on exploitable weaknesses that pose significant risks to organizational security. Join us as we dissect the nuances of these vulnerabilities and explore strategies to mitigate their impact on organizational networks.

 

 

Here is the verbatim discussion:

I think we have already covered ZK and for foro anywhere another interesting vulnerability is in Apache spark UI and in very popular you know 40 o path Travers rce uh TP Link router which has which also has a you know huge attack surface and IBM ASA you know software from from IBM which have been targeted by somewh now uh Apache spark UI I think this a very interesting one u a Pache spark as you know that uh is being used by organizations to do you know big data processing and it has a management interface which is exposed outside which can be exposed outside for remote you know word manageability Etc now what has happened is that it has a vulnerability which is which does not require authentication by the way right and where you know you can go and run inject a command that can run on the management on the instance of the Management console and as a result it leads to the remote code execution similar you know vulnerability was another vulnerability which I want to highlight is for 40 path which is in 4et you know Fireballs which are exposed outside which has a path traversability and it exploit is available online you know being exploited in the wild for a while now uh and it has a large attch surface again because it is a firewall exposed it has to be exposed outside and uh you know the one liity what it does it goes and read uh the file location from certain place which can also lead to in certain cases it can also you know allow attacker to go and you know place a file at a specific place and as a result it can lead to remote code execution which is again very dangerous uh because it is on theh may not be available right away so many of these alerts actually are generated even before even the vulnerability scanners may not have the signatures to scan these vulnerabilities right uh and uh there may not be a patch available and even if the patch is available it will not be able to possible the system bash the system so you can go and you know Place some other you know compensatory security controls which include qu your Fireball so that you can make the life of a techer harder uh and then next step will be to safely validate your security control which means go and validate.

 

Highlights:

Apache Spark UI Vulnerability:

  • Apache Spark, a cornerstone of big data processing, faces a critical vulnerability in its management interface.
  • Exploitable without authentication, this vulnerability enables remote code execution, posing a severe risk to organizations utilizing Apache Spark for data processing tasks.

Path Traversal in TP-Link Routers:

  • TP-Link routers, ubiquitous in many networks, are vulnerable to path traversal exploits, allowing attackers to navigate file systems beyond authorized directories.
  • With a large attack surface due to their exposure to the internet, exploited vulnerabilities in TP-Link routers can lead to remote code execution, compromising network security.

Vulnerabilities in IBM ASA Software:

  • IBM ASA software, a staple in many organizational infrastructures, has become a target for ransomware attacks due to exploitable vulnerabilities.
  • These vulnerabilities highlight the importance of proactive vulnerability management and the need for organizations to prioritize patching and securing their IBM ASA deployments.

Challenges in Vulnerability Management:

  • The dynamic nature of emerging vulnerabilities presents challenges for traditional vulnerability management practices.
  • Vulnerability scanners may lag behind in detecting newly identified vulnerabilities, necessitating proactive security measures to safeguard against exploitation.

Implementing Compensatory Security Controls:

  • In cases where patches are unavailable or impractical to apply, organizations can deploy compensatory security controls to mitigate the risk of exploitation.
  • Compensatory measures, such as firewall rules and network segmentation, can impede attackers' ability to exploit vulnerabilities and minimize the impact of potential breaches.

 

As organizations navigate the evolving threat landscape, it is imperative to remain vigilant against emerging vulnerabilities and cyber threats. By understanding the intricacies of critical CVEs affecting technologies like Apache Spark, TP-Link routers, and IBM ASA software, organizations can proactively fortify their defenses and mitigate the risk of exploitation. Let us forge ahead with a commitment to proactive vulnerability management and adaptive security practices, ensuring the resilience and integrity of organizational networks in the face of evolving cybersecurity challenges. Together, we can strengthen our collective defenses and safeguard the digital assets entrusted to our care.

 

Speaker:

Jitendra Chauhan has over 16+ years of experience in the Information Security Industry in key areas such as Building and Managing Highly Scalable Platforms, Red Teaming, Penetration Testing, and SIEM. He holds multiple patents in Information Security. He loves to visualize problems, solutions and ideas. He is very strong with modelling and inductive learning (he can mentally make math models based on a few examples). He is very passionate about machine learning and its applications, Cyber Security and Micro Services.

https://www.linkedin.com/in/jitendrachauhan/
https://x.com/jitendrachauhan

 

Views: 23
Tags: ransomeware, riskreduction, cves, jitendrachauhan
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Breakfast at BlackHat Las Vegas 2024!

Aug 8, 2024 from 9:00am to 11:30am
https://docs.google.com/forms/d/e/1FAIpQLSeHr8y6I83L0zPXRew8E8Ut52o4C3_KwgFWTyF4qSy6qRT-lQ/viewform
  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.

     

    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa