System Filter: FireEye Exposure
Summary: Information regarding the FireEye Exposure system filter in Ivanti Neurons.
Nine out of the 16 vulnerabilities that exposed FireEye were included in RiskSense’s Attack Surface list first published on October 28th, 2020. The table below captures the vulnerabilities associated with the breach, along with their corresponding Common Vulnerability Scoring System (CVSS), Vulnerability Risk Rating (VRR) and whether it is present in the Attack Surface list.
Ivanti Neurons believes in the value of the Attack Surface list and FireEye’s attack is just one example of the apparent need to prioritize and fix the vulnerabilities on the Attack Surface first.
CVE |
Name |
Threat Type |
CVSS |
VRR |
In Attack Surface List? |
---|---|---|---|---|---|
CVE-2019-11510 |
Pre-auth arbitrary file reading from Pulse Secure SSL VPNs |
Web Apps |
10 |
9.66 |
Yes |
CVE-2018-13379 |
Pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN |
Web Apps |
9.8 |
9.13 |
No |
CVE-2018-15961 |
RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) |
Web Apps |
9.8 |
10 |
Yes |
CVE-2019-0604 |
RCE for Microsoft Sharepoint |
RCE |
9.8 |
10 |
Yes |
CVE-2019-11580 |
Atlassian Crowd Remote Code Execution |
RCE |
9.8 |
10 |
Yes |
CVE-2019-19781 |
RCE of Citrix Application Delivery Controller and Citrix Gateway |
RCE |
9.8 |
10 |
Yes |
CVE-2019-3398 |
Confluence Authenticated Remote Code Execution |
RCE |
8.8 |
10 |
No |
CVE-2020-0688 |
Remote Command Execution in Microsoft Exchange - requires auth |
RCE |
8.8 |
9.92 |
Yes |
CVE-2018-8581 |
Microsoft Exchange Server escalation of privileges - requires auth |
PE |
7.4 |
8.18 |
No |
CVE-2020-10189 |
RCE for ZoHo ManageEngine Desktop Central |
RCE |
9.8 |
10 |
Yes |
CVE-2019-8394 |
Arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus |
Web App |
6.5 |
6.47 |
No |
CVE-2020-1472 |
Netlogon Elevation of Privilege Vulnerability |
PE |
10 |
9.88 |
Yes |
CVE-2019-0708 |
Remote Desktop Services Remote Code Execution Vulnerability |
RCE |
9.8 |
10 |
Yes |
CVE-2014-1812 |
Group Policy Preferences Password Elevation of Privilege Vulnerability. |
PE |
9.0 |
9.18 |
No |
CVE-2016-0167 |
Win32k Elevation of Privilege Vulnerability |
PE |
7.8 |
8.44 |
No |
CVE-2017-11774 |
Microsoft Outlook Security Feature Bypass Vulnerability |
Exploit |
7.8 |
7.22 |
No |