Threat intelligence and penetration testing team finds local privilege escalation issues in cloud-based secure internet gateway product; Cisco issues security advisory.
PLANO, Texas – September 5, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced its TEAMARES threat intelligence and security research team identified local privilege escalation vulnerabilities in Cisco Umbrella. The team followed standard vulnerability reporting procedures with Cisco so the vendor could issue a security advisory and patches.
Cisco Umbrella, a secure internet gateway, is a cloud-delivered security platform that protects employees both on and off corporate networks and stops threats over all ports and protocols, including access to malicious domains, URLs, IPs, and files before a connection is ever established or a file downloaded. Discovered during SECTION8‘s ongoing threat intelligence research, the vulnerabilities specifically impacted the Cisco Umbrella Enterprise Roaming Client and Enterprise Roaming Module and would enable a hacker or malicious user to escalate their privileges to gain administrator rights for full access to a specific system or machine.
More details on these vulnerabilities are available:
- Cisco security advisory: details on the vulnerability and response for Cisco Umbrella users
- TEAMARES blog: a post with details about the vulnerability discovered by Quentin Rhoads-Herrera (Paragonsec)
- Common Vulnerabilities and Exposures (CVE) catalog: listed as CVE-2018-0437 and CVE-2018-0438
The Cisco Umbrella discovery follows TEAMARES recently identifying an unauthenticated command injection vulnerability in VMware’s NSX SD-WAN by Velocloud.
“As an increasingly remote and distributed workforce accesses enterprise systems and data through a variety of cloud-based tools, a key part of our research is to ensure the security around those tools is hardened, whether the employee is in the office or a coffee shop across the country,” said Quentin Rhoads-Herrera, offensive security manager for CRITICALSTART’s TEAMARES. “Unlike penetration testing ‘mills’ that simply do quick scans and send check box reports, our team is focused on delivering real value to clients through in-depth analysis, detailed reports, and actionable recommendations as well as following responsible disclosure procedures for the security community.”
In addition to independent threat intelligence and security research, CRITICALSTART’s TEAMARES team delivers high-end offensive security solutions to clients in order to strengthen their information security posture in terms of systems, processes, locations, and people. This work includes research, assessments, reports, and remediation plans for the web application, wireless infrastructure, and physical location security, as well as penetration testing and adversarial simulations.
About CRITICALSTART
CRITICALSTART is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect your brand and reduce business risk. We help organizations of all sizes determine their security readiness condition using our proven framework, the Defendable Network. CRITICALSTART provides managed security services, incident response, professional services, and product fulfillment.