top of page

NSA, FBI, CISA Statement on Russian SVR Activity

Summary of the Statement

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a joint statement on five different vulnerabilities that the Foreign Intelligence Service of the Russian Federation (SVR RF) is known to be exploiting currently.


How does this affect your business?

Even if your business is not a target of the SVR RF, other threat actors such as ransomware gangs, are taking advantage of the same vulnerabilities. Therefore, if you have been using any of the affected product versions, you should take them offline, upgrade to the most recent version, and begin an incident response process to verify your servers are not compromised. Additionally, Cymonix recommends performing the same process on other recently exploited products such as SolarWinds Orion and Microsoft Exchange Server.


Affected Product Versions & Associated CVEs

  • Fortinet FortiGate VPN

  • Version: Fortinet FortiOS6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12

  • CVE: CVE-2018-13379


  • Synacor Zimbra Collaboration Suite

  • Version: Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10

  • CVE: CVE-2019-9670


  • Pulse Secure Pulse Connect Secure VPN

  • Version: Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4

  • CVE: CVE-2019-11510


  • Citrix Application Delivery Controller and Gateway

  • Version: CitrixADC and Gateway versions before 13.0.47.24, 12.1.55.18, 12.0.63.13, 11.1.63.15 and 10.5.70.12 and SD-WAN WANOP 4000-WO, 4100-WO, 5000-WO, and 5100-WO versions before 10.2.6b and 11.0.3b

  • CVE: CVE-2019-19781


  • VMware Workspace ONE Access

  • Version: VMware One Access 20.01 and 20.10 on Linux, VMware Identity Manager 3.3.1 -3.3.3 on Linux, VMware Identity Manager Connector 3.3.1-3.3.3 and 19.03, VMware Cloud Foundation 4.0-4.1, and VMware Vrealize Suite Lifecycle Manager8.x

  • CVE: CVE-2020-4006


Remediation

If your business is running any of the aforementioned product versions, upgrade immediately to the most recent versions following the guides for each product below:








Additionally, Cymonix recommends beginning an incident response process on any servers exposed to the internet that are running these product versions, as they are actively being exploited in the wild.


Associated Links

NSA, FBI & CISA Statement: https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/


CVE Links:






If you would like to discuss further on any of the above topics feel free to Contact Us!

7 views0 comments

Recent Posts

See All

Cybersecurity attacks are on the rise, especially since the onset of the COVID-19 pandemic. Cybercriminals are attacking all businesses, including critical infrastructure and members of the global sup

Microsoft warns about the recently patched Windows MSHTML remote code execution vulnerability tracked (CVE-2021-40444) that has been under active exploitation by multiple threat actors including ranso

The fourth industrial revolution, dubbed Industry 4.0, introduces the use of Cyber Physical Systems (CPSs) in production processes, where the industrial internet of things (IIoT), machine learning, an

bottom of page