Hello,
Can someone from IBM clarify the scope of the CVSS 10 remote code execution vulnerability here:
https://www-01.ibm.com/support/docview.wss?uid=swg21996375
Does this effect all BigFix components from server to relay and agent?
Are there any IOCs for detecting a compromise?
I’ll see if I can find someone to give you the statement on the CVE
Hello
This vulnerability (CVE-2016-6802) applies to BigFix relays and servers.
As far as IOCs, there is nothing left in the system to track such as an md5 digital signature.
If you have Network Monitoring you could look into IPs accessing this URL, keeping in mind that simply accessing the URL doesn’t necessarily mean there was an attack.
Thank you
Doug W.
Are there any mitigations that can help? Do Authenticating relays or Message-level encryption help at all?