Activity Feed

5
Ratings
  • Attacker Value
    Very High
Technical Analysis

This is an update based on the assessment provided in the more general topic for the Citrix vulns disclosed in https://support.citrix.com/article/CTX276688 which include this CVE. As API queries to this CVE do not contain this data, reflecting it in this topic.

Link to assessment:
https://attackerkb.com/assessments/50e7e3c5-644c-46ae-b650-1ef45cec22ad

Link to relevant url provided in the assessment:
https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/

Additional link which provides a PoC:
https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi

Also, as mentioned by @gwillcox-r7 already, it is included in the Oct 20 NSA advisory.

1

@elligottmc Sounds fair enough (not sure if Brent is active on here these days!), yep. This topic was our catch-all when Citrix hadn’t specified the included CVEs yet.

1

Would it be appropriate to include this analysis in CVE-2020-8195 and CVE-2020-8196 specifically?
Fetching those CVE via the API does not return this information and the associated attacker value, so any automation of this valuable assessment is being missed by API queries. I could add a link to this comment but again wanted to verify.

These are the urls:

https://attackerkb.com/topics/rSz4fDlp1Z/cve-2020-8195?referrer=search
https://attackerkb.com/topics/r0FRieLWQM/cve-2020-8196?referrer=search

1
Ratings
  • Attacker Value
    Very High
Technical Analysis

The generally short shelf life of many browser vulnerabilities is offset by their value to attackers—and in some cases very nicely offset. This Chrome 0day arises from a heap buffer overflow in FreeType, a commonly-used open-source font engine. The public availability of patch details significantly improves shelf life calculus for attackers and exploit developers.

Technical Analysis

Description

On October 20, 2020, Ben Hawkes of Google’s Project Zero warned Chrome users that Google had observed active exploitation of a zero-day in Chrome’s implementation of FreeType, a popular open-source font rendering library. As of October 20, the Chrome team has a new release out that includes a fix for the zero-day vulnerability, which is listed as a heap buffer overflow.

Rapid7 analysis

Like many zero-days, CVE-2020-15999 is an active threat. While Google itself rarely releases in-depth technical information on recent zero-day vulnerabilities in its software, FreeType’s bug tracker and source code are public and include details on the vulnerability’s fix, which greatly simplifies attacker efforts to reverse engineer the zero-day and accelerate exploit development.

Guidance

Upgrade Google Chrome to the latest stable version (86.0.4240.111) as quickly as possible. See Google’s advisory for further details.

While the zero-day (exploit) disclosed in the advisory is specific to Google Chrome, other FreeType implementations may also be affected by CVE-2020-15999, and FreeType users are strongly advised to upgrade to the latest stable version. See FreeType’s bug tracker for further information.

1
Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

2
Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

1
Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

1
Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

Also the public exploit for this has long since been available at https://github.com/ExpLife0011/CVE-2019-0803

1
Technical Analysis

This is now supposedly being exploited in the wild by Chinese state actors according to this NSA announcement: https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF