Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3439
Security Bulletin: IBM QRadar Network Security is affected
by hard-coded credentials exploits.
14 July 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar Network Security
Publisher: IBM
Operating System: Network Appliance
Resolution: Patch/Upgrade
CVE Names: CVE-2020-4157
Original Bulletin:
https://www.ibm.com/support/pages/node/6602931
Comment: CVSS (Max): 6.8 CVE-2020-4157 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM QRadar Network Security is affected by hard-coded credentials exploits.
Document Information
Document number : 6602931
Modified date : 11 July 2022
Product : IBM QRadar Network Security
Software version : 5.4.0, 5.5.0
Operating system(s): Firmware
Summary
IBM QRadar Network Security has addressed the hard coded cryptographic keys in
multiple places.(ase id:462652, ase id:462653, ase id:462654)
Vulnerability Details
CVEID: CVE-2020-4157
DESCRIPTION: IBM QRadar Network Security contains hard-coded credentials, such
as a password or cryptographic key, which it uses for its own inbound
authentication, outbound communication to external components, or encryption of
internal data.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
Remediation/Fixes
+----------------------------------+------+------------------------------------------------------------------------------------------+
|Product |VRMF |Remediation/First Fix |
+----------------------------------+------+------------------------------------------------------------------------------------------+
| | |Install Firmware 5.4.0.16 from the Available Updates page of the |
| | | |
| | |Local Management Interface, or by performing a One Time Scheduled |
| | | |
| | |Installation from SiteProtector. |
| | | |
| | |Or |
| | |Download Firmware 5.4.0.16 from |
| | | |
| | |IBM Security License Key and Download Center and upload and |
| | | |
|IBM QRadar Network Security |5.4.0 |install via the Available Updates page of the Local Management Interface. |
+----------------------------------+------+------------------------------------------------------------------------------------------+
| | |Install Firmware 5.5.0.11 from the Available Updates page of the |
| | | |
| | |Local Management Interface, or by performing a One Time Scheduled |
| | | |
| | |Installation from SiteProtector. |
| | | |
| | | |
| | |Or |
| | |Download Firmware 5.5.0.11 from |
| | | |
| | |IBM Security License Key and Download Center and upload and |
| | | |
|IBM QRadar Network Security |5.5.0 |install via the Available Updates page of the Local Management Interface. |
+----------------------------------+------+------------------------------------------------------------------------------------------+
Workarounds and Mitigations
None
Acknowledgement
Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane,
Kamil Sarbinowski, Vince Dragnea, Troy Fisher and Elaheh Samani from IBM
X-Force Ethical Hacking Team.
Change History
14 Jul 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYs+r/8kNZI30y1K9AQj7QA//eF9OCgXQIAzc6Hd3e8reVxL1rIKaMSNu
4WhT5I5043DQWQBzy0JB7IH0oPJzoi9fSwxfrctVLBui/mR5aBcNZJ3uiS0lV903
a7Pk3Vu/LqblWKKAo5eSAoh2+03EiPxfFEQNOd2tiVSvsJ8JbRUTx2lXDJA+b2Vh
UysCwODlDpccRQ1hXedo+SOc6cNygwmC/O9+/u+jRG1ZuGomTbtm8Nt4imzu307Y
I6CN5PnHfcT5wj71hX3AN0moWRmypm9jYE/eAZV0bDWgXXmYLqLWO1Fn1BBYkjkV
3Ixdtg15DJyLmOlJpRGVV/DcX7tJj7OgzXVvAVroYRpOp7tPfKUBrSJwYzjPhdnU
EpWD7WNAH5IlgdKeTCbsBynQcdPyr7bR7sd38Sk0mgs1+RsSqq6GQqosiHfuQc00
HH/FEXR0jbndYzl7kMiTtm1nu/pGrsKtMlTKOICiJUB/j0WzeFEs8Dpd3L3kcy0O
tXpQbqD7QYBy27Ah0RIGSpEYBAO9Wmpr3BxlHcP4raN4tQjucaFm5mFmramCrvJ0
mswiQkUxJMvfNO0G7FTMAHXqwg4VdONtYnAqiKFWE2e7cvEcQ40HoLe9mA5nT4o0
5pdL79LH5uhK17BigcD7vdJHBnM+nwobpkf2kcosJVNV+FO4TBlxOpq4glbIWKBc
tnZKIgWyQ20=
=X7fg
-----END PGP SIGNATURE-----