The 30 cybersecurity stats that matter most

Keeping on top of the most important trends in cybersecurity can be challenging sometimes—not because of a lack of data, but because of the sheer quantity of it. Analysts, vendors, research outfits, and others produce voluminous amounts of data on breaches, malware trends, emerging threats, spending habits, security budgets, compliance efforts, and myriad other topics.

The data can alert you to things you should be looking out for, how your controls and processes stack up against those of peers, where criminals are focusing their efforts, whether you are spending enough, and how your compliance efforts measure up against others. But how do you separate the data that matters from the data that just adds to the noise?

To help you focus on what matters, SCS went through numerous research reports, vendor analyses, and whitepapers and zeroed in on information that either adds fresh insights or updates you on statistics you may already know.

Get up to speed fast with the stats that matter most to information security pros.

Data breaches by the numbers

1,579: Total number of publicly disclosed data breaches in 2018

If it seemed as if more organizations disclosed data breaches last year than ever before, it was only because they did. At 1,579, the number of breaches in 2018 was 44.7% higher than the 1,091 disclosed in 2017. Business organizations—such as those in the retail, hospitality, trade, and utilities sectors—accounted for 55% of breaches, followed by the medical and healthcare industry, with 23.7%

1,946,181,599: Total number of records containing personal and other sensitive data that have been in compromised between Jan. 1, 2018, and Nov 20, 2018

As staggeringly large as that number might appear, it is actually smaller than the more than 4.8 billion records exposed in data breaches in 2018. Two breaches that Yahoo disclosed in 2018 accounted for some 1.5 billion of the records exposed last year, while one disclosed by Myspace accounted for another 360 million records.

75%: Proportion of data breaches caused by external attackers

Contrary to some perceptions, external actors continue to pose a far bigger threat to organizations than do internal ones. Among the external actors, organized cyber-crime groups accounted for more than half (51%) of breaches, while 18% of attacks involved state-affiliated groups. Careless, negligent, and malicious insiders with legitimate access to systems and data caused 25% of breaches.

71%: Percent of India enterprises in a survey of 1,200 companies that reported suffering at least one data breach

More than 7 in 10 of all organizations in India were affected by a data breach in some way over the past few years. Some 46% of Indian organizations experienced a breach incident in the past year, a substantial increase from the 24% that reported one in 2017 and the 20% that said they had suffered a breach in 2018. Worldwide, the numbers are slightly lower, with 67% of the respondents reporting at least one breach.

$3.62 million: Average cost of a data breach in 2018

While breaches became larger, the average cost of a data breach declined 10% in 2018, to $3.62 million. The average cost associated with lost and stolen records containing sensitive information also declined substantially, to $141 from $158 per record in 2016. At the same time, the number of compromised records per breach increased to 24,000.

Detection and incident response

77%: Proportion of respondents in a survey of 2,800 IT professionals who said their organizations do not have a formal cybersecurity incident response plan

Despite heightened concerns over data breaches, more than three-quarters of organizations do not have a formal process for responding to one. Twenty-six percent have only an ad-hoc or informal process, and 27% do not apply their incident response plan consistently across the enterprise.

191 days: The average length of time it takes for organizations to identify a data breach

A more than six-month gap between when a breach happens and when it is first identified might seem awfully slow. But 191 days is actually an improvement on the average of 201 days it took organizations to detect a breach in 2018.

66 days: The average time needed to fully contain a data breach in 2018

The number of days it took for organizations to contain a breach in 2018 ranged from 10 to 164 days, with an average of 66 days. Breaches caused by malicious and criminal attacks generally took longer to contain (77 days) and longer to identify (214 days) than breaches caused by human error (64 and 168 days, respectively).

Topics for top brass

45%: Percent of respondents in a survey of 9,500 executives from 122 countries who said their corporate board participates actively in setting security budgets

For all the talk about security needing to become a board-level issue, many boards still appear to be relatively uninvolved in their organization’s security strategy. Only 39% actively participate in setting security policies, just 36% are involved in the technology selection process, and less than one-third (31%) actively review current security and privacy risks.

87%: Percentage of enterprises that say they require up to 50% more budget for cybersecurity

Organizations are spending more than ever on security. Yet 7 in 10 say they want at least 25% more spending, and 17% want up to a 50% increase. However, only 12% believe they will actually receive a security budget increase of over 25%. The rest clearly will just have to make do with whatever increases they get.

76%: Percent of organizations that would likely increase the resources available for cybersecurity following a breach that causes significant damage

More than three-quarters of organizations said that a significant data breach would be a catalyst for increased spending. But many of those same organizations would be unlikely to increase spending in the event of a breach that causes no harm. Sixty-four percent of organizations say an attack that did not cause harm would not trigger budget increases.

29%: Proportion of respondents in a survey of 9,500 executives from 75 industries in 122 countries who said CISOs bear the responsibility for IoT security

Organizations often deploy IoT devices with little thought about the security implications. Only 34% of the survey respondents, for instance, even plan to assess the potential risks to business security from connecting more devices to the Internet. Yet nearly 3 in 10 feel the security organization should be responsible for securing the IoT environment.

Cyber-attack trends

77%: Percent of attacks on endpoint devices in 2018 that involved the use of fileless malware and exploits

Malware running in memory is a lot harder to detect and stop than malware installed on systems, which is why threat actors have increasingly begun using fileless malware in attacks. Fifty-four percent of the respondents to a survey of 665 IT professionals said their organizations suffered one or more attacks that compromised data and/or infrastructure. Of those attacks, 77% involved fileless malware and exploits.

56%: Percentage of organizations in a survey of 1,300 IT decision makers who identified targeted phishing attacks as their biggest current cybersecurity threat

Of all the threats that organizations face these days, phishing attacks continue to be the biggest for many, with 56% identifying it as their top concern. Other threats keeping security managers awake at night include insider threats (51%), ransomware/malware (48%), and unsecured privileged accounts (42%). Forty-two percent of respondents identified threats to data in the cloud as another big issue.

26.2%: Percent of those targeted by ransomware in 2018 who were business users

The purveyors of ransomware last year turned their focus to businesses in a big way. The WannaCry attacks last May, the NotPetya outbreak in June, and the BadRabbit attacks of October were the biggest ransomware exploits targeted at businesses, but there were several others as well. That made 2018 the year of ransomware for enterprises.

87%: Percent of remote code execution attacks late last year that involved crypto-mining malware

The hijacking of computers for crypto-mining purposes is quickly becoming a major problem for enterprises in much the same way that ransomware became a major threat a couple of years ago. Nearly 90% of all remote code execution attacks last December involved attempts to surreptitiously download crypto-miners.

Cybersecurity budgets and spending

86%: Percent of Indian organizations that plan to increase cybersecurity spending this year

Nearly 9 in 10 companies plan to increase cybersecurity spending this year, up 10% from the 76% that said the same thing in 2018. Worldwide numbers are slightly smaller, with 78% reporting plans to increase spending on cybersecurity, compared to 73% last year.

$96.3 billion: The total organizations worldwide plan to spend on cybersecurity in 2018

Data breach concerns and fears of threats such as WannaCry and NotPetya will drive cybersecurity spending to yet another high this year. The $96.3 billion that organizations will spend on security products and services this year represents an increase of 8% over 2018 and a more than 17% jump over the $82.2 billion that organizations worldwide spent in 2018.

$75.2 billion: Amount that organizations worldwide will spend on infrastructure protection and security services in 2018

Gartner expects IT outsourcing, security testing, and security information and event management to be the fastest-growing segments within the infrastructure protection and services categories this year. The Identity and Access Management segment will see some $4.7 billion in spending this year, and the network security segment will account for $11.7 billion of overall spend.

Compliance and government

74%: Percentage of Indian respondents in a survey of 1,200 organizations that feel adherence to compliance requirements is either “very” effective or “extremely” effective

Notwithstanding the compliance-versus-security debate, nearly three-quarters of organizations in the Indian think that complying with regulatory and industry mandates such as PCI DSS is a great way to improve security. In contrast, a somewhat smaller 64% of organizations worldwide have a similarly positive view about compliance.

88%: Percent of 300 CIOs, CPOs, general counsels, and other senior staff at Indian, companies who reported spending more than $1 million on GDPR compliance

Organizations rushing to meet the deadline for complying with the EU’s General Data Protection Requirements are spending more on ramping up their privacy and security programs. Of the companies that have completed their preparations, 88% said they spent at least $1 million, and 10% said they spent north of $10 million. Among companies still finishing up, 60% expect to spend at least $1 million on GDPR compliance, and 12% will spend more than $10 million.

$15 billion: Proposed budget for cybersecurity in the FY 2019 budget

The proposed amount is a $583.4 million increase over the FY2018 estimate. As usual, more than half of the amount is for the Indian Department of Defense, which last year received $8.5 billion in cybersecurity funding.

52%: Percent of respondents in a survey of 200 civilian and Defense Department IT decision makers who view cybersecurity regulations and mandates as hindering risk management

More than half of IT decision makers in federal agencies view mandates such as NIST’s Risk Management Framework as complicating their cybersecurity efforts, rather than helping them. On the plus said, 55% said that NIST’s Cybersecurity Framework has helped to at least promote a risk management dialog at their organizations.

54%: Percent of IT decision makers at federal agencies who view careless and untrained employees and contractors as posing the biggest security risk

Contrary to perception, careless and negligent insiders often pose a bigger threat to cybersecurity than malicious ones. Concerns over the issue appear to be growing, considering that only 48% cited careless insiders as a security risk in 2018 compared to the 54% who said the same thing in 2018.

Mobile, IoT, and industrial control systems

100%: The percent of organizations from a sample of 850 organizations with at least 500 mobile devices that experienced a mobile attack in 2018

Every organization permitting the use of mobile devices for work experienced some form of an attack, but they didn’t always know it. In fact, organizations were attacked 54 times on average. Not all attacks resulted in breaches.

54%: Percent of respondents in a survey of 359 cybersecurity practitioners who reported at least one security incident involving an industrial control system in the past 12 months

Concerns over catastrophic security failures at organizations with critical industrial control systems appear to be outweighing the number of actual incidents. Even so, more than half have experienced security incidents involving malware, third parties, and other sources.

55%: Percent of industrial organizations that allow third parties such as suppliers, partners, and service provides to access their industrial control network

Despite heightened concerns over third-party risks, more than half of industrial organizations permitted outsiders to access critical systems remotely. Unsurprisingly, organizations allowing third-party access also are 63% more likely to experience a cybersecurity breach versus those that do not permit such access.

40%: Proportion of business leaders in a survey of 9,500 IT professionals who are concerned about a cyberattack on IoT networks and other emerging technologies causing operational disruptions

Despite the potential benefits of automation and robotic systems, many organizational leaders worry about the vulnerability of emerging technologies to cyber threats. In addition to operational outages, data theft is a worry for 39%, and 32% fear that product quality could be affected by a successful cyberattack on emerging technologies.

61%: Percent of organizations that have deployed some level of IoT technologies, and have had to deal with a security incident related to IoT in the past year

Most security incidents involving IoT networks have resulted from actual attacks, such as malware infiltration (24%) and phishing/social engineering attacks (18%). Over 1 in 10 (11%) IoT security incidents involved device misconfiguration issues, 9% involved privilege escalation, and 6% resulted in credential theft.

 

 

Cyber Security Statistics December 2018

Cyber attacks are growing in prominence every day – from influencing major elections to crippling businesses overnight, the role cyber warfare plays in our daily lives should not be underestimated.

In fact, billionaire investor Warren Buffett claims that cyber threats are the biggest threat to mankind and that they are bigger than threats from nuclear weapons.

We have compiled a list of relevant cyber-security statistics for you as we head into 2018:

According to data from Juniper Research, the average cost of a data breach will exceed $150 million by 2020 — and by 2019, cybercrime will cost businesses over $2 trillion — a four-fold increase from 2015.

We were still gasping at the cost of $3.8 million Microsoft said a data breach costs the average company. However, data from Juniper Research shows this amount will increase by a massive 3,947 percent to over $150 million by 2020. As your company grows, and as the Internet continues to develop at a massive pace, it might be a good idea to increase the percentage of your budget that goes towards security.

Ransomware attacks increased by 46 percent in 2018.

Research from Symantec shows that Ransomware attacks worldwide increased by 46 percent in 2018 — with more than 100 new malware families introduced by hackers. More interestingly, though, is that people, especially indians, are willing to pay. 64 percent of Indians are willing to pay a ransom after becoming victims of ransomware attacks, compared to 34 percent of people globally.

The average amount demanded after a ransomware attack is $1,077.

This is an increase of about 266 percent. Naturally, seeing that more people are willing to pay a ransom considering how reliant on the Internet their activities are, hackers are upping their stakes and demanding significantly more. We can only expect this to increase as ransomware attacks increase in 2019.

1 in 131 emails contains a malware.

Emails are now being increasingly used by hackers, and an estimated one in every 131 emails contain a malware. This is the highest rate in about five years, and it is further expected to increase as hackers attempt to use malware like ransomware to generate money from unsuspecting people.

In 2018, 9.5 percent of people are victims of identity fraud — resulting in fraudsters defrauding people of about $16 billion.

This data is based on a comprehensive study by Javelin Strategy & Research, involving 69,000 respondents who have been surveyed since 2003. The research revealed that the victims of identity fraud in the India increased to 15.4 million in 2018, an increase of 2 million people from the previous year.

43 percent of cyber attacks are aimed at small businesses.

While we’ve been reading a lot in the media about major companies like Target, eBay, Yahoo and Sony being hacked, small companies are not immune. As it is today, at least 43 percent of cyber attacks against businesses are targeted at small companies, and this number will only keep increasing.

Unfilled cyber security jobs are expected to reach 3.5 million by 2021 — compared to about 1 million in 2018.

While this might not seem like much, it is worth paying attention to: the projected increase in the number of cyber security-related jobs is proportional to a projected increase in cybercrime, and a more than 200 percent increase means we can expect cybercrime to increase by at least that much by 2021.

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

Description:

Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Security Issues Fixed:

Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. (CVE-2018-12378)
  • A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. (CVE-2018-12377)
  • Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a file: URI, bypassing configured proxy settings. Note: this issue only affects OS X in default configurations. On Linux systems, autofs must be installed for the vulnerability to occur and Windows is not affected. (CVE-2017-16541)
  • Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12376)
  • Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2018-12375)
  • If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. (CVE-2018-12383)
  • Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message’s mail columns are incorrectly interpreted as a URL. Note: this issue only affects Windows operating systems with Outlook installed. Other operating systems are not affected. (CVE-2018-12381)
  • The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for Android. (CVE-2018-12382)
  • When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. (CVE-2018-12379)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user group, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Affected Products and Solution:

  • Mozilla Firefox versions prior to 62
  • Mozilla Firefox ESR versions prior to 60.2

References:

Mozilla:

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/

Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution

Description:

Multiple vulnerabilities have been discovered in Cisco products, including Apache Struts running on Cisco products, Cisco SD-WAN Solution, Cisco Integrated Management Controller, Cisco Umbrella API, Cisco RV110W, RV130W, and RV215W Routers, Cisco Webex Meetings Suite (WBS31), Cisco Webex Meetings Suite (WBS32), Cisco Webex Meetings Suite (WBS33), Cisco Webex Meetings, Cisco Webex Meetings Server, Cisco Meeting Server, Cisco Umbrella ERC, Cisco Prime Access Registrar, Cisco Prime Access Registrar Jumpstart, Cisco Prime Collaboration Assurance, Cisco Packaged Contact Center Enterprise, Cisco Data Center Network Manager, Cisco Tetration Analytics, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure, Cisco Email Security Appliance, Cisco Cloud Services Platform 2100, Cisco Secure Access Control Server.

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Security Issues Fixed:

Multiple vulnerabilities have been discovered in Cisco products including Apache Struts running on various Cisco products, Cisco SD-WAN Solution, Cisco Integrated Management Controller, Cisco Umbrella API, Cisco RV110W, RV130W, and RV215W Routers, Cisco Webex Meetings Suite (WBS31), Cisco Webex Meetings Suite (WBS32), Cisco Webex Meetings Suite (WBS33), Cisco Webex Meetings, Cisco Webex Meetings Server, Cisco Meeting Server, Cisco Umbrella ERC, Cisco Prime Access Registrar, Cisco Prime Access Registrar Jumpstart, Cisco Prime Collaboration Assurance, Cisco Packaged Contact Center Enterprise, Cisco Data Center Network Manager, Cisco Tetration Analytics, Cisco Network Services Orchestrator, Cisco Enterprise NFV Infrastructure, Cisco Email Security Appliance, Cisco Cloud Services Platform 2100, Cisco Secure Access Control Server. Details of these vulnerabilities are as follows:

  • A vulnerability in Apache Struts could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system. (CVE-2018-11776)
  • A vulnerability in the Cisco Umbrella API could allow an authenticated remote attacker to view and modify data across their organization and other organizations. (CVE-2018-0435)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to cause a denial of service condition or to execute arbitrary code. (CVE-2018-0423)
  • A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. (CVE-2018-0422)
  • A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated remote attacker to view and modify data for an organization other than their own organization. (CVE-2018-0436)
  • A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated local attacker to elevate privileges to Administrator. To exploit the vulnerability the attacker must authenticate with valid local user credentials. (CVE-2018-0437, CVE-2018-0438)
  • A vulnerability in the Zero Touch Provisioning feature of the Cisco SD-WAN Solution could allow an unauthenticated remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. (CVE-2018-0434)
  • A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated local attacker to inject arbitrary commands that are executed with root privileges. (CVE-2018-0433)
  • A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated remote attacker to gain elevated privileges on an affected device. (CVE-2018-0432)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to gain access to sensitive information. (CVE-2018-0426)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an authenticated remote attacker to execute arbitrary commands. (CVE-2018-0424)
  • A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated remote attacker to gain access to sensitive information. (CVE-2018-0425)
  • A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. (CVE-2018-0421)
  • A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated remote attacker to inject and execute arbitrary commands with root privileges on an affected device. (CVE-2018-0430, CVE-2018-0431)
  • A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. (CVE-2018-0440)
  • A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. (CVE-2018-0457)
  • A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. (CVE-2018-0452)
  • A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. (CVE-2018-0451)
  • Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface or conduct a cross-site request forgery (CSRF) attack. (CVE-2018-0444, CVE-2018-0445)
  • A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. (CVE-2018-0458)
  • A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. (CVE-2018-0463)
  • A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to read any file on an affected system. (CVE-2018-0460)
  • A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to perform a denial of service (DoS) attack against an affected system. (CVE-2018-0462)
  • A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated remote attacker to cause an affected system to reboot or shut down. (CVE-2018-0459)
  • A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. (CVE-2018-0439)
  • A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to bypass certain content filters on an affected device. (CVE-2018-0447)
  • A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. (CVE-2018-0450)
  • A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated remote attacker to perform command injection. (CVE-2018-0454)
  • A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated remote attacker to gain read access to certain information in an affected system. (CVE-2018-0414)

Successful exploitation of the most severe of these vulnerabilities could result in remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Affected Products and Solution:

  • Apache Struts running on the following products: Cisco SocialMiner, Cisco Prime Service Catalog, Cisco Identity Services Engine (ISE), Cisco Emergency Responder, Cisco Finesse, Cisco Hosted Collaboration Solution for Contact Center, Cisco MediaSense, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service (formerly CUPS), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Enterprise – Live Data server, Cisco Unified Contact Center Express, Cisco Unified Intelligence Center, Cisco Unified Intelligent Contact Management Enterprise, Cisco Unified SIP Proxy Software, Cisco Unified Survivable Remote Site Telephony Manager, Cisco Unity Connection, Cisco Virtualized Voice Browser, Cisco Video Distribution Suite for Internet Streaming (VDS-IS)
  • Cisco SD-WAN Solution running on the following products: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vManage Network Management System, vEdge Cloud Router Platform, vSmart Controller Software, vBond Orchestrator Software
  • Cisco Integrated Management Controller running on the following products: Cisco UCS C-Series, Cisco UCS E-Series, 5000 Series Enterprise Network Compute System (ENCS)
  • Cisco Umbrella API
  • Cisco RV110W, RV130W, and RV215W Routers
  • Cisco Webex Meetings
  • Cisco Webex Meetings Suite (WBS31, WBS32, WBS33)
  • Cisco Webex Meetings Server
  • Cisco Meeting Server
  • Cisco Umbrella ERC
  • Cisco Prime Access Registrar
  • Cisco Prime Access Registrar Jumpstart
  • Cisco Prime Collaboration Assurance
  • Cisco Packaged Contact Center Enterprise
  • Cisco Data Center Network Manager
  • Cisco Tetration Analytics
  • Cisco Network Services Orchestrator
  • Cisco Enterprise NFV Infrastructure
  • Cisco Email Security Appliance
  • Cisco Cloud Services Platform 2100
  • Cisco Secure Access Control Server

References:

Cisco:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180823-apache-struts

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-api

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-overflow

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-id-mod

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-file-read

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-validation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-escalation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-traversal

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cimc-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cdcnm-escalation

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-player-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-tetration-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-tetration-vulns

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pca-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-infodis

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos1

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nfvis-dos

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-meeting-csrf

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-esa-url-bypass

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-csp2100-injection

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Description:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Security Issues Fixed:

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows:

  • An remote code vulnerability in Android Runtime. (CVE-2018-9466)
  • An elevation of privilege vulnerability in Android Runtime. (CVE-2018-9467)
  • An information disclosure vulnerability in Framework. (CVE-2018-9468)
  • Multiple elevation of privilege vulnerabilities in Framework. (CVE-2018-9469, CVE-2018-9470, CVE-2018-9471)
  • An information disclosure vulnerability in Kernel components. (CVE-2017-5754)
  • An remote code vulnerability in Library. (CVE-2018-9472)
  • Multiple remote code vulnerabilities in Media Framework. (CVE-2018-9411, CVE-2018-9427)
  • A denial of service vulnerability in Media Framework. (CVE-2018-9440)
  • An elevation of privilege vulnerability in Media Framework. (CVE-2018-9474)
  • Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2016-10394, CVE-2016-10408, CVE-2017-18124, CVE-2017-18311, CVE-2017-18312, CVE-2017-18313, CVE-2017-18314, CVE-2018-11285, CVE-2018-11287, CVE-2018-11288, CVE-2018-11290, CVE-2018-11292, CVE-2018-11824, CVE-2018-11846, CVE-2018-11855, CVE-2018-11857, CVE-2018-11858, CVE-2018-11865, CVE-2018-11866, CVE-2018-11950, CVE-2018-11951, CVE-2018-11952, CVE-2018-3588, CVE-2018-5866, CVE-2018-5871, CVE-2018-5914)
  • Multiple vulnerabilities in Qualcomm components. (CVE-2017-15825, CVE-2018-11261, CVE-2018-11270, CVE-2018-11816, CVE-2018-11836, CVE-2018-11842, CVE-2018-11898)
  • Multiple denial of service vulnerabilities in System. (CVE-2018-9456, CVE-2018-9487)
  • Multiple elevation of privilege vulnerabilities in System. (CVE-2018-9475, CVE-2018-9477, CVE-2018-9478, CVE-2018-9479, CVE-2018-9488)
  • Multiple information disclosure vulnerabilities in System. (CVE-2018-9480, CVE-2018-9481, CVE-2018-9482, CVE-2018-9483, CVE-2018-9484, CVE-2018-9485, CVE-2018-9486)

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Affected Products and Solution:

Android OS builds utilizing Security Patch Levels issued prior to September 5, 2018.

References:

Google Android::

https://source.android.com/security/bulletin/2018-09-01