Hello, welcome to the Monday, October 10, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Riyadh, Saudi Arabia.

FortyNet advised its customers late last week of a vulnerability in its 40 Net 40 OS and 40 proxy products.

This is significant as this is an irregular update not following 40 Net's usual patch dates.

Now, 40Net, as far as I know, did not provide a reason for the scheduling of this update,

so whether or not it's already exploited or so.

We don't really know a lot of it was really only release the two customers directly and not made public.

I'm not aware of a public exploit at this point.

It's an authentication bypass that we're dealing with here

that would give an attacker administrative access

to the admin interface of the device.

Software update has been made available,

and customers definitely should apply the update soon.

In the advisory that is only accessible to customers directly, there are also some mitigation

techniques that you may want to apply. And as usual, of course, the administrative interface should not be accessible publicly.

But, well, you probably already do that if you listen to this podcast for a while.

And then we got an exploits, or a newish exploit, I should call it, for Simpra that's apparently

already being exploited in the wild. Simpra is an open source, a webmail system. Now,

the vulnerability here is really an older vulnerability, CVE 2015-1194.

And as a CVEE number implies, well, it came out in 2015, was patched in 2015.

The tricky part here is it's not really a CIMPRA vulnerability that we're talking about.

Simpra is just a vector how the vulnerability is being exploited. The vulnerability

...