FireEye, Kaspersky Labs' Zero-Day and Application Stack Vulnerabilities

Posted by UpGuard

UpGuard's FireEye, Kaspersky Labs' Zero-Day and Application Stack Vulnerabilities

A rising concern amongst IT professionals is the degree to which security vendors and products are themselves susceptible to compromises. This past weekend critical flaws were discovered in the products of not one, but two leading security vendors: FireEye and Kaspersky Labs. Because all systems are exploitable—even security products—a layered approach to security is crucial for maintaining a strong security posture in today’s cyber landscape. Enterprises heavily reliant on a single monolithic solution are best advised to diversify their security strategies to combat ongoing threats.

In Kaspersky Labs’ case, a buffer overflow vulnerability was discovered by security researcher Tavis Ormandy, which led to a global fix rollout less than 24 hours later. Of course, Kaspersky Labs has been having a bit of a rough year with its corporate networks falling victim to attack back in June. In addition to the buffer overflow zero-day, Ormandy discovered a slew of other vulnerabilities in Kaspersky Labs’ products—so the security giant may not be in the clear just yet.

FireEye’s zero-day vulnerability is likely to draw more public ire than Kaspersky Labs’, as the company was reportedly aware of its existence for over 18 months. The flaw— known as a file disclosure vulnerability— gives hackers unauthorized remote root file system access via a PHP script flaw on the FireEye appliance itself. And like Kaspersky’s case, Kristian Erik Hermansen—the security researcher who discovered the FireEye vulnerability—announced the discovery of three other critical vulnerabilities with FireEye’s products, the details of which have yet to be disclosed. 

Free DevOps and Security eBooks

Vulnerabilities Per CVE

These latest sobering zero-day vulnerabilities from FireEye and Kaspersky Labs certainly won’t be the last. In fact, both vendors have their fair share of documented vulnerabilities in MITRE’s CVE database:

 

Vendor Name

# Products

# Total Vulnerabilities

Kaspersky

5

18

Kaspersky Labs

15

39

Mandiant (acquired by FireEye)

1

3

 

Again—for the record—all software and systems are flawed, even security products. For example, popular security vendor Tripwire has its share of documented vulnerabilities per the CVE database. We compared FireEye with leading security solution Tripwire in our FireEye vs. Tripwire article

The inherent vulnerability of software makes it critical for organizations to adopt a layered approach to security, one that includes continuous monitoring and validation of all infrastructure security devices: firewalls, security appliances, IDPS, and others. And as the application stack is increasingly being targeted for attack, software and underlying components must also be regularly monitored for vulnerabilities. For example, FireEye’s latest appliance vulnerability involves exploiting Apache and PHP running as the root user. A simple UpGuard policy can detect this configuration issue easily and automatically.

In short, leading security solutions can offer competent enterprise protection—but are no less vulnerable than the IT assets they are protecting. UpGuard validates that security mechanisms are working/configured as expected and are free from critical vulnerabilities and flaws. Our platform’s OVAL-backed vulnerability detection and monitoring suite enables organizations to easily discover the latest vulnerabilities, security gaps and exposures in their infrastructures before hackers do.

Request a Free Demo  

More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >

Source(s):

http://www.csoonline.com/article/2980937/vulnerabilities/researcher-discloses-zero-day-vulnerability-in-fireeye.html

http://www.zdnet.com/article/fireeye-kaspersky-hit-with-zero-day-flaw-claims/

Topics: vulnerabilities

UpGuard Customers