Salesforce

Dashboard ToolBox - VM DASH DASHBOARD: DNS Vulnerabilities View & SIGRED RCE

« Go Back

Information

 
TitleDashboard ToolBox - VM DASH DASHBOARD: DNS Vulnerabilities View & SIGRED RCE
URL Name000006377
Created Modified ByDocument created by Felix Jimenez Saez on Jul 20, 2020. Last modified by Felix Jimenez Saez on Jul 20, 2020.
Description
This page contains template information to create a Vulnerabilities Dashboard leveraging data in Qualys Vulnerability Management / VMDR subscription. 

Run the attached dashboard to see your exposure to the DNS Vulnerabilities and the new RCE vulnerability dubbed as SIGRED!
 
On July 14, the bug, tracked as CVE-2020-1350, has been awarded a CVSS severity score of 10.0. The vulnerability relates to Microsoft Windows DNS, the domain name system service on Windows operating systems, and Server software. The vulnerability is of particular importance to the enterprise as it is wormable. The vulnerability is because how windows DNS server parses an incoming DNS query, and how forwarded DNS queries are handled. Sending a DNS response with a SIG record over 64KB can cause a controlled heap-based buffer overflow of roughly 64KB over a small allocated buffer. If triggered by a malicious DNS query, it triggers a heap-based buffer overflow, enabling the hacker to take control of the server and making it possible for them to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and more

 
  • CVEs:  CVE-2020-1350
  • Related Qualys TP Post:  
 
VM Dashboard Example:

 
IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

Powered by