Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3439 Security Bulletin: IBM QRadar Network Security is affected by hard-coded credentials exploits. 14 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar Network Security Publisher: IBM Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2020-4157 Original Bulletin: https://www.ibm.com/support/pages/node/6602931 Comment: CVSS (Max): 6.8 CVE-2020-4157 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- IBM QRadar Network Security is affected by hard-coded credentials exploits. Document Information Document number : 6602931 Modified date : 11 July 2022 Product : IBM QRadar Network Security Software version : 5.4.0, 5.5.0 Operating system(s): Firmware Summary IBM QRadar Network Security has addressed the hard coded cryptographic keys in multiple places.(ase id:462652, ase id:462653, ase id:462654) Vulnerability Details CVEID: CVE-2020-4157 DESCRIPTION: IBM QRadar Network Security contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVSS Base score: 6.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174337 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions IBM QRadar Network Security 5.4.0 IBM QRadar Network Security 5.5.0 Remediation/Fixes +----------------------------------+------+------------------------------------------------------------------------------------------+ |Product |VRMF |Remediation/First Fix | +----------------------------------+------+------------------------------------------------------------------------------------------+ | | |Install Firmware 5.4.0.16 from the Available Updates page of the | | | | | | | |Local Management Interface, or by performing a One Time Scheduled | | | | | | | |Installation from SiteProtector. | | | | | | | |Or | | | |Download Firmware 5.4.0.16 from | | | | | | | |IBM Security License Key and Download Center and upload and | | | | | |IBM QRadar Network Security |5.4.0 |install via the Available Updates page of the Local Management Interface. | +----------------------------------+------+------------------------------------------------------------------------------------------+ | | |Install Firmware 5.5.0.11 from the Available Updates page of the | | | | | | | |Local Management Interface, or by performing a One Time Scheduled | | | | | | | |Installation from SiteProtector. | | | | | | | | | | | |Or | | | |Download Firmware 5.5.0.11 from | | | | | | | |IBM Security License Key and Download Center and upload and | | | | | |IBM QRadar Network Security |5.5.0 |install via the Available Updates page of the Local Management Interface. | +----------------------------------+------+------------------------------------------------------------------------------------------+ Workarounds and Mitigations None Acknowledgement Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Kamil Sarbinowski, Vince Dragnea, Troy Fisher and Elaheh Samani from IBM X-Force Ethical Hacking Team. Change History 14 Jul 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYs+r/8kNZI30y1K9AQj7QA//eF9OCgXQIAzc6Hd3e8reVxL1rIKaMSNu 4WhT5I5043DQWQBzy0JB7IH0oPJzoi9fSwxfrctVLBui/mR5aBcNZJ3uiS0lV903 a7Pk3Vu/LqblWKKAo5eSAoh2+03EiPxfFEQNOd2tiVSvsJ8JbRUTx2lXDJA+b2Vh UysCwODlDpccRQ1hXedo+SOc6cNygwmC/O9+/u+jRG1ZuGomTbtm8Nt4imzu307Y I6CN5PnHfcT5wj71hX3AN0moWRmypm9jYE/eAZV0bDWgXXmYLqLWO1Fn1BBYkjkV 3Ixdtg15DJyLmOlJpRGVV/DcX7tJj7OgzXVvAVroYRpOp7tPfKUBrSJwYzjPhdnU EpWD7WNAH5IlgdKeTCbsBynQcdPyr7bR7sd38Sk0mgs1+RsSqq6GQqosiHfuQc00 HH/FEXR0jbndYzl7kMiTtm1nu/pGrsKtMlTKOICiJUB/j0WzeFEs8Dpd3L3kcy0O tXpQbqD7QYBy27Ah0RIGSpEYBAO9Wmpr3BxlHcP4raN4tQjucaFm5mFmramCrvJ0 mswiQkUxJMvfNO0G7FTMAHXqwg4VdONtYnAqiKFWE2e7cvEcQ40HoLe9mA5nT4o0 5pdL79LH5uhK17BigcD7vdJHBnM+nwobpkf2kcosJVNV+FO4TBlxOpq4glbIWKBc tnZKIgWyQ20= =X7fg -----END PGP SIGNATURE-----