Single unpatched vulnerability: A gateway for a serious breach
by Raymund Taylan, Senior Security Advisor
28 January 2021
The cost of leaving a high-risk vulnerability unpatched can be much greater than the cost of patching immediately
Cisco SD-WAN, a software-defined networking solution for wide area networks, has reported new critical vulnerabilities that expose affected systems to authenticated remote attackers that could execute arbitrary commands on devices and underlying operating systems with root privileges.
Cisco urges affected business users to apply software updates to address the latest identified vulnerabilities
The latest updates to patch these vulnerabilities are posted in Cisco’s Security Advisories page.
Here is the consolidated list of products where vulnerabilities are found:
- SD-WAN vBond Orchestrator Software
- SD-WAN vEdge Cloud Routers
- SD-WAN vEdge Routers
- SD-WAN vManage Software
- SD-WAN vSmart Controller Software
Cyber attacks continue and no one is excluded
In December of 2020, Solarwinds announced they had been hit by a supply-chain attack where identified affected customers were advised to apply critical patches to address Sunburst and Supernova vulnerabilities. And a month after, another top security vendor, Mimecast, announced that their product’s certificate used for authentication in Microsoft 365 Exchange Web Services had been compromised by another sophisticated threat actor where impacted customers were advised to update and replace the certificates.
Today, with the news of newly discovered Cisco vulnerabilities in their SD-WAN solution, we’re seeing a trend of top security vendors becoming targets for cyber criminals. This is because vendors serve as a bridge or gateway for criminals to gain unauthorised access to, and ultimately steal information from, private and public organisations.
Outdated solutions are your adversary when it comes to protecting yourself from cyber threats
Most established organisations have invested a lot in IT security to make sure that all data assets have the right level of protection against a data breach. But having a security solution to protect data assets is not enough. Patch and vulnerability management must take place to identify network appliances, servers or software applications that require patching to maintain adequate security by resolving system vulnerabilities.
Having an accurate inventory over systems that exist in the network contributes to effective patching and vulnerability management. In the event patching of a device or system requires impact analysis and may take more time to complete, adequate controls must be in place to mitigate the serious risk an un-remediated vulnerability can pose.
Automate your vulnerability and patch management
Both continuous vulnerability scanning and patching of solutions are critical in achieving a strong security posture. Working with a Managed Security Service Provider (MSSP) can deliver accurate internal and external scans across IT network assets. Automated vulnerability scans by a MSSP can reduce your internal resource needs through structured deployment, thus lowering your IT operations costs. MSSP’s certified experts ensure that patches get distributed and deployed to critical, actionable items in vulnerability scan results and not on false positives.
Having a MSSP as a partner gives additional benefits in threat hunting and monitoring. Aside from vulnerability and patch management, MSSPs also invest in detecting and analysing global threats using advanced threat intelligence systems. With all the capabilities that MSSPs have, strategic security projects can be attended full time by in-house IT security personnel while your MSSP can take the lead on tactical threat hunting and monitoring.