Security vulnerabilities are part of our day to day world. Patching equipment will always mitigate risks. Below we keep track of the big ones for our vendors.

Sonicwall

October 12 2020

Source - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0010

​

A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and SonicOSv 6.5.4.v.

Windows Servers

September 28 2020

Source - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

​

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

​

To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.