Select Page

Mar 8, 2024

Breaking the Mold: Halting a Hacker’s Code ep. 21 – RCE CVEs 2023


What is Remote Code Execution (RCE) Vulnerability?

Remote Code Execution (RCE) vulnerability is a severe security vulnerability that allows an attacker to execute arbitrary code on a remote server or client over a network. Such vulnerabilities typically occur when applications fail to validate user input properly or lack adequate restrictions on system calls and command execution. Once successfully exploited, an attacker could take full control of an affected system, including but not limited to installing malware, stealing sensitive data, tampering with or deleting files, creating new accounts, and performing other unauthorized operations. 

Top RCE Vulnerability in 2023:

CVE-2023-26360 within Adobe ColdFusion

CVE-2023-3519 (CVSS: 9.8), Citrix NetScaler ADC and NetScaler Gateway

CVE-2023-36884 (CVSS: 8.8), Microsoft Windows

CVE-2023-24489 (CVSS: 9.8), Citrix Content Collaboration

CVE-2023-27997 (CVSS: 9.8), Fortinet FortiGate SSL-VPN

CVE-2023-20887 (CVSS: 9.8), VMware Aria Operations for Networks

CVE-2023-33009 and CVE-2023-33010 (CVSS: 9.8), Zyxel

CVE-2023-0669 (CVSS: 7.2), Fortra GoAnywhere MFT

CVE-2023-37450 (CVSS: 8.8), Apple

CVE-2023-22952 (CVSS: 8.8), SugarCRM

How to get protected from RCE CVEs?

Remote code execution (RCE) attacks are a significant threat to organizations. There are several prevention and mitigation strategies that can help to protect against remote code execution (RCE) attacks:

Input validation: Ensure that all input from users is rigorously filtered and validated and that no potentially harmful data is accepted or translated. 

Parameterized queries: Use parameterized queries when interacting with databases to prevent code execution caused by attacks such as SQL injection. 

Output encoding: Appropriate encoding of memorable characters, such as HTML entity encoding, when presenting data to browsers or other output environments to prevent cross-site scripting (XSS) attacks that can lead to indirect RCE. 

Principle of least privilege: The account running the application should have the minimum privileges necessary to complete the task so that even if an exploit occurs, the damage is limited to a small area. 

Security updates and patch management: Timely application of security updates for operating systems, frameworks, libraries, and applications to fix known RCE vulnerabilities. 

Security configuration: Configure your server environment correctly, such as setting a reasonable $PATH variable, to avoid executing unexpected programs. 

Firewall and access control: Enforce strict firewall rules and open only necessary ports and services to reduce exposure. 

Security Coding Practices: Adopt security coding standards and best practices to avoid hard-coded credentials, improper file manipulation, and other conditions that could lead to RCE. 

Containerization and sandboxing: Limit direct access of malicious code to host systems by isolating the runtime environment. 

Using a Web Application Firewall (WAF): Utilizing a WAF to detect and block certain types of attacks, including attempts to exploit RCE vulnerabilities. 

In summary, preventing remote code execution vulnerabilities requires a combination of comprehensive security policies and technical measures to effectively reduce the security risks posed by such vulnerabilities.

Hillstone Products:

Hillstone’s Future-Ready Next-Generation Firewall Platform

The Next-Generation Firewall(NGFW) provides a higher level of network security than traditional firewalls. NGFW, with advanced features like Application Awareness, Deep Packet Inspection(DPI), Unified Threat Management (UTM), and User Identity Awareness, provides more comprehensive and precise protection against RCE and other attacks.