Custom Best Practice Check for Detecting Juniper Firewall Vulnerabilities

/by

Name: Juniper Firewall Vulnerability Detection Description: This Custom Best Practice Check (CBPC) detects potential vulnerabilities in Juniper firewalls that could lead to unauthorized access and remote code execution.

Rule: Regex: ^ *web-management \{(\r?\n) *htt.*

 Explanation: This regular expression (regex) is designed to match specific configuration lines within a Juniper firewall’s configuration related to web management settings. It identifies lines that start with zero or more spaces, followed by the string “web-management {” and potentially followed by any characters related to HTTP settings.

 Purpose: Juniper firewalls are known to have vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) that can allow unauthenticated attackers to upload arbitrary files and potentially execute remote code. This CBPC aims to identify configurations related to web management, as attackers often exploit such configurations to gain unauthorized access and control over the device. Detecting such configurations will help security teams identify potential vulnerabilities and take appropriate action.

 Instructions:

  1. Log in to the RedSeal platform.
  2. Navigate to the “Best Practices Checks” section.
  3. Create a new CBPC and give it a meaningful name and description.
  4. Copy and paste the provided regex (^ *web-management \{(\r?\n) *htt.*) into the “Rule” field.
  5. Save the CBPC and run it against the target Juniper firewall configurations.

 Outcome: When the CBPC is run against Juniper firewall configurations, it will identify any lines that match the provided regex pattern. If matches are found, it indicates potential vulnerabilities related to web management settings that might need further investigation and remediation.

***Please note that while this CBPC can help in identifying potential vulnerabilities, it’s important to have a thorough understanding of your network environment and configurations. Always perform additional assessments and validations to ensure accurate results.***

Vulnerabilities Overview:

  1. CVE-2023-36846 and CVE-2023-36847: Remote Code Execution via J-Web:These two vulnerabilities allow an unauthenticated attacker to exploit the affected Juniper firewall devices. By sending specially crafted requests to the devices, attackers can upload arbitrary files to the file system through the J-Web interface. This can lead to remote code execution and compromise the integrity and availability of the firewall and the network it protects.
  2. CVE-2023-36844 and CVE-2023-36845: Unauthorized Modification of PHP Environment Variables:These vulnerabilities enable an unauthenticated attacker to modify specific PHP environment variables on the vulnerable Juniper firewall devices. By exploiting these flaws, attackers can manipulate the behavior of the firewall’s PHP environment, potentially gaining unauthorized access and control over the device.

Potential Impact: Successful exploitation of these vulnerabilities could result in:

  • Unauthorized remote code execution, enabling attackers to compromise the firewall and the entire network.
  • Unauthorized access to the firewall’s PHP environment, leading to potential data breaches, network disruption, and unauthorized control over the device.

Additional Resources:

RedSeal will continue to monitor and test vulnerabilities, please check back for updated versions with additional refinements. Let’s discuss your concerns and how RedSeal can help, contact us today.

What the Rockwell Automation ThinServer Vulnerabilities Mean for Industrial Cybersecurity

/by

The cybersecurity landscape is an ever-evolving domain with threats sprouting up constantly. The recent revelation concerning vulnerabilities in Rockwell Automation’s ThinManager ThinServer has highlighted the urgency for robust cybersecurity measures in the realm of industrial control systems (ICS).

Understanding the Rockwell Automation ThinServer Vulnerabilities

Rockwell Automation’s ThinManager ThinServer, a product designed for thin client and RDP server management, recently came under scrutiny after researchers from the cybersecurity firm Tenable discovered critical vulnerabilities. Classified as CVE-2023-2914, CVE-2023-2915, and CVE-2023-2917, these vulnerabilities center on improper input validation issues. They can potentially allow attackers, even without prior authentication, to induce a denial-of-service condition, delete, or upload files with system privileges.

What’s most alarming is that an attacker only needs access to the network hosting the vulnerable server for exploitation. This means that if the server is connected and exposed online – against the vendor’s best practices – it becomes susceptible to attacks directly from the internet.

The potential fallout from a successful exploitation? Complete control of the ThinServer. This presents an enormous risk, especially when considering the critical role of ICS in managing and overseeing essential industrial operations.

Enhancing Industrial Cybersecurity with RedSeal Capabilities

This backdrop brings to the fore the vital role of cybersecurity solutions like RedSeal. For existing and prospective customers, leveraging RedSeal’s capabilities can be the game-changer in fortifying their cybersecurity infrastructure.

  1. Network Visualization: RedSeal provides a detailed view of network architectures, including potential access paths. By visualizing these paths, organizations can understand how a potential attacker might navigate through their infrastructure, enabling them to take preventive measures.
  2. Risk Assessment: RedSeal’s platform assesses network risk, helping businesses identify vulnerabilities like the ones discovered in ThinManager ThinServer. By pinpointing these vulnerabilities early, proactive steps can be taken before they are exploited.
  3. Validation of Network Segmentation: Often, best practices dictate that sensitive servers, like ThinManager ThinServer, should be isolated from general network access. RedSeal can validate the effectiveness of this segmentation, ensuring that the server isn’t inadvertently exposed.
  4. Incident Response: In the unfortunate event of a breach, understanding the scope and the affected areas quickly is paramount. RedSeal’s capabilities assist in narrowing down affected segments, making response measures more targeted and effective.
  5. Continuous Monitoring: With RedSeal’s continuous monitoring, organizations can stay abreast of their network’s security posture. This ensures that as networks evolve and change, security measures evolve in tandem.
  6. Compliance Assurance: Adhering to industry standards and compliance requirements is a non-negotiable in the ICS space. RedSeal aids in ensuring that the cybersecurity measures in place align with the requisite standards, thus minimizing potential legal and reputational fallout.

In an era where cyber threats are pervasive and continuously evolving, relying on advanced cybersecurity solutions like RedSeal is no longer a luxury but a necessity. The vulnerabilities in Rockwell Automation’s ThinManager ThinServer underscore the fragility of ICS environments and the dire repercussions of lapses in cybersecurity measures. For businesses operating in the industrial domain, it’s essential to stay a step ahead. By leveraging the multifaceted capabilities of RedSeal, organizations can not only shield themselves from present vulnerabilities but also future-proof their operations against emerging threats. In the battle against cyber adversaries, being prepared and proactive is the key to victory.

Key Insights from Black Hat 2023: RedSeal’s Perspective

/by

Last week approximately 40,000 cybersecurity professionals, researchers, and experts, met in Las Vegas for the annual Black Hat conference to discuss the latest trends, emerging threats, and groundbreaking technologies in cybersecurity. The RedSeal team engaged in all the event had to offer and left with several key takeaways into the current state of cybersecurity and market transitions that are driving up cyber risk.

GenAI: Pioneering Technologies, Unveiling Novel Vulnerabilities

The advent of Artificial Intelligence (AI), particularly Generative AI, has ushered in a new era for organizations. Maria Markstedter, the founder of Azeria Labs—a prominent company specializing in ARM exploit development, reverse engineering, vulnerability research, and cybersecurity training—delivered an insightful keynote revolving around the emergence of AI. Confirming that while artificial intelligence and machine learning fuel innovation, they concurrently expose unprecedented security vulnerabilities. This dual nature of AI underscores the imperative for a proactive security approach.

On the heels of our experience at the Omdia Analyst Summit, Maria’s keynote fortified the belief in expanding strategies to deepen proactive measures. This entails educating teams, crafting new policies, deploying innovative cybersecurity technologies, and embracing a forward-thinking perspective. Central to this is the deployment of a robust cybersecurity solution, like RedSeal, to stop breaches by detecting vulnerable attack paths.

2023 White House Cybersecurity Strategy: A Path Forward Amid Challenges

The unveiling of the 2023 White House cybersecurity strategy heralded a new phase for national security initiatives. The prominence of the Cybersecurity and Infrastructure Security Agency (CISA) in this strategy symbolizes the government’s dedication to bolstering cyber defenses.

The introduction of a new rule mandating critical infrastructure entities to promptly report cyber-attacks within 72 hours, alongside ransom payments within 24 hours, holds immense potential for elevating incident response and coordination. The efficacy of this strategy hinges on seamless execution and adaptability in the face of the ever-evolving threat landscape and strives for collaboration across government and commercial accountability for establishing robust cyber defenses. Learn more about RedSeal’s position on the National Cyber Strategy here.

Bridging Silos: Navigating Cloud, OT/IoT, Data Center, and IT Convergence

As organizations embrace cloud migration, adopt IoT/OT devices, and integrate modern data center technologies, challenges arise—including the risks of lateral movement between these domains. Despite the ongoing convergence of these realms, numerous cybersecurity vendors remain entrenched within traditional infrastructure silos. Engaging discussions on enterprise applications and data during Black Hat highlighted the pressing need for product enhancements that streamline the incorporation of applications and data via ports and protocols information. “Attack Path Analysis” and “Security Graph” resonated within all security circles, underscoring the growing emphasis on mapping potential attack vectors, visualizing security postures and their impact within complex, hybrid environments.

Amidst these insights, RedSeal offered demos to hundreds of conference attendees. These demonstrations showcased how the RedSeal platform accurately uncovers potential lateral spread pathways across on-prem and cloud environments, enabling organizations to fortify their defense strategies comprehensively and address vulnerabilities proactively.

RedSeal also announced the unique support for third-party firewalls in public clouds, driven by experience that breaches stem from complexity. The automation of understanding third-party firewalls deployed in public clouds eliminates blind spots arising from distinct security consoles. With a unified view, the fragmentation of defenses is mitigated, preventing potential vulnerabilities. RedSeal’s integrated end-to-end perspective into cloud and on-prem environments calculate attack paths to critical data and applications, offering unparalleled insights to mitigate risk.

CISO Dialogues: Addressing the Cybersecurity Talent Gap

Engaging in conversations with Chief Information Security Officers (CISOs), we learned that while traditional IT security concerns and the rise of cloud and OT infrastructures remain top challenges, one concern consistently looms large – the scarcity of cybersecurity talent. As organizations grapple with a growing skills gap, CISOs are compelled to look outside the organization for resources to not only support team development but also have the people and tools required to confront evolving threats head-on.

Promisingly, solutions do exist. Organizations can bridge this gap by engaging with experts, allowing their teams to focus on core competencies. RedSeal’s recent case study, “Regional Health System Increases Network Visibility and Mitigates Cybersecurity Risk,” demonstrates the efficacy of engaging RedSeal’s Fully Managed Services (FMS) team to augment security teams to prioritize and focus on critical security issues, enabling the health network to redirect resources towards pivotal issues, deliverables, and patient care. Read more here.

Black Hat 2023 has our team exploring a myriad of insights into the present and future of cybersecurity challenges and opportunities. From the dynamics of cutting-edge technologies like GenAI to evolving governmental strategies and the indispensable need to bridge security gaps, the conference underscored the need for proactive approaches in securing our digital future with the right tools and the right teams. As we act on these key takeaways, RedSeal remains committed to driving innovation and empowering organizations with the most comprehensive, dynamic model of your hybrid network allowing you to navigate the dynamic cybersecurity landscape with confidence, trust and resilience. Get in touch to see how we can help you stay ahead in today’s fast-evolving digital environment.

RedSeal announces support for 3rd-party firewalls in public clouds

RedSeal unveils support for third-party firewalls in public clouds, empowering enterprises to understand all attack paths to stop breaches

/by

Seamlessly integrates with Next-Generation Firewalls from Palo Alto Networks, Cisco, Fortinet, and Check Point deployed in AWS and Azure clouds

Menlo Park, Calif., August 9, 2023 — RedSeal, a pioneer in cyber attack path management, announces support for third-party Next-Generation Firewalls (NGFWs) deployed in AWS, Azure and other clouds. With this capability, RedSeal continues its mission to enable enterprises to comprehensively understand all attack paths to critical data and applications and reinforce their defenses against evolving cyber threats.

Understanding attack paths to critical resources is paramount for enterprise customers to stay one step ahead in today’s complex hybrid cybersecurity landscape. As organizations increasingly adopt cloud-based services, risk exposure expands, defensive gaps inevitably open up, and defenders have to understand more complex interactions. RedSeal delivers support through prebuilt integrations with leading NGFW vendors including Palo Alto Networks, Cisco, Fortinet and Check Point.

“Today’s cyber threats are relentless and increasingly sophisticated. It is imperative for enterprises to have a comprehensive understanding of all attack paths to critical resources, especially in cloud environments,” said Greg Enriquez, CEO of RedSeal. “Introducing third-party NGFW support, we are reinforcing our commitment to delivering best-in-class cybersecurity solutions.”

RedSeal brings cloud-native and third-party security controls into a single view. This gives unprecedented visibility, eliminating blind spots caused by the different perspectives of separate management consoles. Without a single view, defenses are run in silos. Attackers accumulate anywhere the security team cannot see, so the defensive view must be seamless and complete—something only available through automated multi-vendor analytics.

With RedSeal, enterprises further benefit from:

  • Comprehensive Network Visibility: With RedSeal, enterprises gain a holistic view of their cloud and on-premises infrastructure without the need to install any agents. By mapping the entire hybrid network, customers can identify vulnerabilities, configuration errors, and security gaps.
  • Advanced Attack Path Analysis: With this new NGFW support, RedSeal strengthens its threat analysis capabilities. By assessing access controls, security rules, and network segmentation, enterprises can pinpoint weaknesses and take proactive steps to prevent cyber attacks and breaches.
  • Proactive Risk Prioritization: RedSeal delivers risk-based prioritization and actionable insights by applying network context, including that of third-party NGFWs, enabling organizations to proactively address security loopholes and implement effective security measures.
  • Continuous Compliance: RedSeal safeguards a full range of critical compliance and governance requirements with 100+ built-in integrations including PCI, NERC-CIP, CMMC, NIST, RMF, SAP, CIS, and DISA STIGs. RedSeal uniquely understands CIS controls for both cloud and third-party NGFWs.

“Our platforms provide insights with unprecedented speed and accuracy so that our clients stay ahead of cyber adversaries and thwart potential attacks,” said Dr. Mike Lloyd, Chief Technology Officer at RedSeal.

RedSeal’s support for third-party NGFWs in cloud is available now, enabling organizations to embrace cloud technologies with confidence, secure their data, and protect their business-critical assets from emerging cyber threats.

About RedSeal

RedSeal, a pioneer in cyber attack path management, delivers actionable insights to close defensive gaps across the entire network, on premises and in the cloud. Defenders gain the upper hand by knowing their cyber terrain and risk better than their adversaries do. RedSeal’s proven platform explains what is left open, and what it takes to block it, so that security teams can proactively and efficiently remediate issues, spend less effort on compliance, and stay one step ahead. Hundreds of Fortune 1000 companies and over 75 government agencies, including five branches of the U.S. military, depend on RedSeal for exceptionally secure environments.

Finding Internet-facing Vulnerabilities: RedSeal Perspective on The Five Eyes Advisory

/by

Today, the international cybersecurity consortium known as The Five Eyes (Australia, Canada, New Zealand, the UK, and the US) published a joint Cybersecurity Advisory. It’s a scary read, on several fronts. It details the top 12 vulnerabilities that are actively being exploited, in current breaches. The advisory doesn’t detail the breaches, because a lot of that data is not public, but we can safely assume that these organizations are trying to offer a wake-up call about what they are seeing in the real world.

One shocking aspect of the advisory is the vulnerabilities are quite old – the top spot is taken by a vulnerability that was disclosed in 2018! The lingering question is how can antiquated vulnerabilities still pose a threat? The answer lies in the struggles faced by organizations in locating and effectively patching patch their Internet facing equipment.

This is why RedSeal builds a digital twin of your network, then shows you where you have blind spots, defensive gaps, and (most relevant to this advisory) uncover exactly what you have that is exposed to the Internet.

The Five Eyes Advisory is an important reminder that vulnerabilities exist in our Internet-facing systems. RedSeal is a trusted partner to 75 federal agencies, 6 arms of the military, and 100s of F1000 organizations, helping identify and address vulnerabilities; securing networks against the growing complexity and frequency of threats.

Let’s talk about how we can help your organization stay secure. Contact us today.