Tuesday, March 24, 2020

Vulnerability Spotlight: Intel Raid Web Console 3 denial-of-service bugs


Geoff Serrao of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered two denial-of-service vulnerabilities in the web API functionality of Intel RAID Web Console 3. The Raid Web Console is a web-based application that provides several
configuration functions for the Intel RAID line of products, which includes controllers and storage expanders. The console monitors, maintains and troubleshoots these products. An attacker could exploit both of these bugs by sending a malicious POST request to the API.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Intel to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details


Intel Raid Web Console 3 add server denial-of-service vulnerability (TALOS-2019-0894/CVE-2019-8688)

A remote, exploitable denial-of-service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can lead to a null pointer dereference in the Intel Raid Web Console server. This would result in a denial of service until the user restarts LSA.exe. A remote unauthenticated attacker can send a POST request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Intel Raid Web Console 3 DISCOVERY denial of service (TALOS-2019-0914/CVE-2020-8688)

An exploitable denial of service vulnerability exists in the web API functionality of Intel Raid Web Console 3. A specially crafted request can cause the LSA.exe service to exit, resulting in a denial of service. A remote unauthenticated attacker can send a malicious POST request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos researchers tested and confirmed that these vulnerabilities impact Intel RAID Web Console 3, version 007.009.011.000.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 51684, 51652

No comments:

Post a Comment