Flash Notice: Vulnerabilities Impacting Pixel Phones and Sunhillo SureLine Software

overview

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding recently discovered vulnerabilities affecting Pixel phones and Sunhillo SureLine software. 

Pixel Phones 

CVE-2023-21237 (CVSS 5.5), a flaw within the Framework component, could allow attackers to access sensitive information without requiring additional privileges or user interaction. Although no public exploits have been found, CVE-2023-21237 is suspected to be part of a potential exploit chain used by malicious actors. 

Sunhillo SureLine software 

CVE-2021-36380 (CVSS 9.8) could allow for complete system compromise due to an unauthenticated OS command injection vulnerability. Exploitation attempts have been seen in the wild, possibly linked to the Mirai botnet, which targets a variety of IoT devices. 

This week, CISA has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring action by federal agencies by March 26th. Although the mandate pertains to governing bodies, all organizations are encouraged to apply the necessary patches as soon as possible.  

avertium's recommendationS

• For Pixel phone users, see Android’s security advisory to ensure your device is updated with the latest security patches from Google.  
• Sunhillo SureLine users should immediately update to version 8.7.0.1.1. Find patch guidance in Sunhillo Sureline’s advisory.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
  • Risk Assessments 
  • Pen Testing and Social Engineering  
  • Infrastructure Architecture and Integration  
  • Zero Trust Network Architecture 
  • Vulnerability Management 

• We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

SUPPORTING DOCUMENTATION