Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Wednesday 20 October 2021


Oracle

Patch

Oracle Quarterly Patches are out, with 419 security patches addressing multiple vulnerabilities in Oracle products, the worst of which could allow for remote code execution. 229 of these vulnerabilities may be remotely exploitable without authentication.
More info.


AUVESY

Patch

AUVESY Versiondog contains multiple vulnerabilities that could allow a remote attacker to achieve remote code execution, and acquire complete remote control over the machine. Highest CVSSv3 score of 9.8
More info.


Google

Patch

Google has published an update for Chrome for Desktop that includes 19 security fixes.
More info.


Dell

Patch

Dell EMC PowerFlex rack updates are available for a Cisco switch (Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches) security vulnerability. Dell rates this Critical.
More info.


Tenable

Patch

Tenable.sc has been updated to correct Apache vulnerabilities.  Highest CVSSv3 score of 9.0
More info.


VMware

Patch

The vRealize Operations Tenant App for VMware Cloud Director contains an information disclosure vulnerability. A malicious actor with network access to port 443 on the vRealize Operations Tenant App may access any set system environment variables, leading to information disclosure. CVSSv3 score of 5.3.
More info.


F5

New

Traffix SDC is vulnerable to a DoS in apache httpd. CVSSv3 score of 7.5
More info.


Linux

Patch

SUSE has updates for util-linux and others. More info.
OpenSUSE has updates for util-linux, xstream, and others. More info.
Red Hat has updated advanced cluster management and others. More info.
Ubuntu has updated the kernel. More info.


  

Tuesday 19 October 2021


HPE

Patch

A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. CVSSv3 score of 4.2
More info.


Linux

Patch

OpenSUSE has updated the kernel, systemd, glibc, and others. More info.
Red Hat has updated the kernel and systemd. More info.


  

Monday 18 October 2021


Weidmüller

Patch

The Weidmueller Remote I/O fieldbus couplers are affected by several vulnerabilities of the third-party TCP/IP Niche stack. An attacker may use crafted IP packets to cause a denial of service or breach of integrity of the affected products. CVSSv3 score of 7.5
More info.


IBM

Patch

Multiple security vulnerabilities in third-party software have been fixed in  IBM Security Access Manager. Highest CVSSv3 score of 9.1
More info.


StrongSwan

Patch

An integer overflow bug in the in-memory certificate cache may lead to a denial-of-service attack.
More info.


F5

Patch

Vulnerabilities in node.js affect BIG-IP and BIG-IQ products. An attacker may be able to exploit the vulnerabilities to perform domain hijacking or injection attacks. CVSSv3 score of 5.0
More info.

Vulnerabilities in Eclipse Jetty affect Traffix SDC. Affected systems may experience resource exhaustion when receiving an invalid large TLS frame. CVSSv3 score of 7.5
More info.


HCL Software

Patch

Multiple vulnerabilities in WebSphere Application Server and Apache Tomcat affect HCL Commerce. Highest CVSSv3 score of 8.8
More info. And here.


  

Friday 15 October 2021


IBM

Patch

There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could allow a remote attacker to cause a DoS, HTTP response splitting, bypass security restrictions, or obtain sensitive information. Highest CVSSv3 score of 9.1
More info.

Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson. Highest CVSSv3 score of 9.8
More info.

Cloud Pak for Security uses third-party software that contain multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.


SonicWall

Patch

A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
More info.


HCL Software

Patch

HCL Digital Experience is susceptible to Server Side Request Forgery. CVSSv3 score of 9.3
More info.


VMware

Patch

VMware vRealize Orchestrator contains an open redirect vulnerability due to improper path handling. CVSSv3 score of 6.5
More info.


Linux

Patch

SUSE has updated the kernel and rpm. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


  

Thursday 14 October 2021


Palo Alto
Networks

Patch

Palo Alto Networks Monthly Patches are out, with only 2 bulletins, 1 rated High and 1 rated Low. 
More info.

A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges. CVSSv3 score of 8.1
More info.


Juniper
Networks

Patch

Juniper has released their Quarterly Patches with 44 bulletins for JunOS, 2 rated Critical.
More info.

Multiple vulnerabilities have been resolved in Juniper Networks Contrail Service Orchestration (CSO), by updating dnsmasq software. CVSSv3 score of 8.2
More info.

The usage of an internal HTTP header created an authentication bypass vulnerability, allowing an attacker to view internal files, change settings, manipulate services and execute arbitrary code. CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in OpenSSL have been resolved in Juniper Networks Juniper Secure Connect Application. Highest CVSSv3 score of 8.1
More info.

Multiple vulnerabilities have been resolved in Contrail Insights  by updating third party software. CVSSv3 score of 9.8
More info.


TIBCO

Patch

TIBCO EBX products contain a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. CVSSv3 score of 9.8
More info.


F5

Patch

BigIP, F5 OS, and Traffix SDC are affected by a NULL pointer dereference in httpd, which allows an unauthenticated remote attacker to cause httpd to terminate by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. CVSSv3 score of 7.5
More info.


NetApp

Patch

Clustered Data ONTAP is missing an X-Frame-Options header which could allow a clickjacking attack. CVSSv3 score of 6.5
More info.

NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Apache

Patch

A DoS vulnerability has been fixed in Tomcat.
More info.


  

Wednesday 13 October 2021


Microsoft

Exploit

Microsoft Monthly Patches are out, with 81 vulnerabilities. Of these, 3 are critical, 3 were previously disclosed and 1 is being exploited according to Microsoft. The exploited vulnerability is an elevation of privilege affecting Win32k. The critical vulnerabilities include two Windows Hyper-V Remote Code Execution vulnerabilities and a Microsoft Word RCE vulnerability. Highest CVSS V3 of 9.0
More info. And here. And here.


Adobe

Patch

Adobe has released their Monthly Patches with updates for Acrobat and Reader, Connect, Reader Mobile, ops-cli, Commerce, and Campaign Standard.
More info.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address  multiple critical and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Highest CVSSv3 score of 7.8
More info.

Adobe has released a security update for Adobe Connect. This update resolves critical and  important vulnerabilities. Successful exploitation could lead to arbitrary code execution. Highest CVSSv3 score of 9.8
More info.

Adobe has released an update for Adobe ops-cli. This update resolves a critical vulnerability.  Successful exploitation could lead to arbitrary code execution in the context of the current user. Highest CVSSv3 score of 9.8
More info.

Adobe has released security updates for Adobe Campaign Standard. These updates address a critical cross-site scripting vulnerability that could result in arbitrary code execution.
More info.


Aruba

Patch

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities, including Exploitation of Encryption Endpoint and Information Disclosure leading to remote authentication bypass. Highest CVSSv3 score of 9.8
More info.  Bulletin from HPE here.


Advantech

Patch

Advantech WebAccess has been updated to correct Heap-based Buffer Overflow and Stack-based Buffer Overflow vulnerabilities. Successful exploitation of these vulnerabilities could allow an attacker to gain remote code execution. Highest CVSSv3 score of 9.8
More info.


Draytek

Patch

Multiple vulnerabilities in Draytek VigorConnect allow unauthenticated attacker to download or upload arbitrary files from the underlying operating system with root privileges. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel and systemd. More info.
OpenSUSE has updated the kernel and systemd. More info.
Scientific Linux has updated the kernel and others. More info.


  

Tuesday 12 October 2021


Apple

Exploit

Apple has published updates for iOS and iPadOS to fix an actively exploited security vulnerability that would allow an application to execute arbitrary code with kernel privileges.
More info.


Siemens

Patch

Siemens Monthly Patches are out, with 5 new bulletins and 16 updated bulletins. Of the new bulletins, 2 have a CVSSv3 score of 9.8, 1 is 8.8, and 2 are 7.5
More info.

The latest update for RUGGEDCOM ROX devices fixes a vulnerability that could allow an unauthenticated attacker to cause a permanent Denial-of-Service condition under certain conditions. CVSSv3 score of 7.5
More info.

A Denial-of-Service vulnerability found in SINUMERIK Controllers could allow an unauthenticated attacker with network access to the affected devices to cause system failure with total loss of availability. CVSSv3 score of 7.5
More info.

The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or trigger buffer overflows. CVSSv3 score of 9.8
More info.

The latest update for SIMATIC Process Historian (PH) fixes an authentication vulnerability in the configuration interface of redundant PH instances that could enable the execution of admin operations on the database. CVSSv3 score of 9.8
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches contain 6 bulletins, covering *LYnk, CNM, IGSS, Modicon, and Conext products.
More info.

The Modicon TM5 modules are affected by two “AMNESIA:33” embedded TCP/IP stacks vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Schneider Electric is aware of a vulnerability in its spaceLYnk, Wiser For KNX, and fellerLYnk products, that could allow data exfiltration and unauthorized access when accessing a malicious website. CVSSv3 score of 8.2
More info.

Multiple vulnerabilities exist in Data Collector module for IGSS product. Highest CVSSv3 score of 9.8
More info.

Modicon M218 Logic Controller contains a vulnerability that could cause a DoS when a crafted packet is sent to the controller over network port 1105/TCP. CVSSv3 score of 7.5
More info.

Multiple Microsoft Windows vulnerabilities exist in Schneider Conext Advisor 2 & Conext Control V2 products. Highest CVSSv3 score of 9.8
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge to include the latest security fixes from chromium.
More info.


SAP

Patch

SAP Security Patch Day includes 13 Security Notes. There was 1 update to previously released Security Note. Of the new notes, 2 are rated Hot News, 1 rated High, and the rest Medium.  Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


  

Monday 11 October 2021


IBM

Patch

IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution. CVSSv3 score of 9.8
More info.

IBM Sterling B2B Integrator has integrated multiple security vulnerability fixes from TIBCO JasperReports, Jackson Databind, Apache Log4j, and Bouncy Castle. Highest CVSSv3 score of 9.9
More info. And here. And here. And here.


Dell

Patch

Dell EMC Enterprise Hybrid Cloud updates are available for multiple VMware security vulnerabilities. Dell rates this Critical.
More info.


Hitachi

Patch

Multiple vulnerabilities have been found in JP1/IT Desktop Management 2, JP1/NETM/DM, JP1/Remote Control and Hitachi IT Operations Director, including Local Privilege Escalation and Remote Code Execution.
More info.


NetApp

Patch

NetApp Cloud Manager is susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy. CVSSv3 score of 7.5
More info.

NetApp has published 6 bulletins identifying vulnerabilities in third-party software that affects their products. No patches yet.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Friday 08 October 2021


MiR

Patch

Mobile Industrial Robots (MiR) has reported several vulnerabilities in MiR100, MiR200, MiR250, MiR500, MiR1000, and MiR Fleet products. Successful exploitation of these vulnerabilities could lead to privilege escalation, data exfiltration, control of the robot, and a denial-of-service condition. Highest CVSSv3 score of 9.8
Patches were provided in May.
More info. And here.


InHand

New

InHand Networks IR615 Router contains multiple vulnerabilities. Successful exploitation of these vulnerabilities may allow an attacker to have full control over the product, remotely perform actions on the product, intercept communication and steal sensitive information, session hijacking, and successful brute-force against user passwords. Additional successful exploitation may allow for the uploading of malicious files, deletion of system files, execution of remote code, and enumeration of user accounts and passwords. Highest CVSSv3 score of 9.8
Vendor is not responding to CISA.
More info.


Fatek

New

FATEK Automation Communication Server contains a Stack-based Buffer Overflow. Successful exploitation of this vulnerability may allow remote code execution. CVSSv3 score of 9.8
Fatek is not responding to CISA.
More info.


Apache

Exploit

Apache has released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities incompletely fixed in 2.4.50. These vulnerabilities have been exploited in the wild.
More info.


Google

Patch

Google has updated Chrome to fix 4 security vulnerabilities, all rated High.
More info.


  

Thursday 07 October 2021


Cisco

Patch

Cisco has published 16 new bulletins, 6 rated High, the rest Medium.
More info.

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to exhaust system memory and cause a DoS condition on an affected device. CVSSv3 score of 8.6
More info.

A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. CVSSv3 score of 7.5
More info.

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a  DoS condition on an affected device. CVSSv3 score of 8.8
More info.


Mitsubishi
Electric

New

A DoS vulnerability exists in MELSEC iQ-R series C Controller Module due to uncontrolled resource consumption. A remote attacker could prevent the module from starting up  by sending a large number of packets to the module starting up in a short time. CVSSv3 score of 6.8
Only Mitigations, no patches.
More info.


Johnson
Controls

Patch

Johnson Controls has confirmed a vulnerability impacting Exacq Technologies exacqVision. An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause DoS. 
More info.

Johnson Controls has confirmed a vulnerability impacting Exacq Technologies exacqVision Web Service. Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
More info.


  

Wednesday 06 October 2021


Honeywell

Patch

Honeywell Experion PKS and ACE Controllers contain multiple vulnerabilities. A CCL may be modified by a bad actor and loaded to a controller such that malicious code is executed by the controller, allowing remote code execution or DoS. Highest CVSSv3 score of 10
Note this original bulletin is dated February.
More info. And here.


Dell

Patch

Updates are available Dell EMC Integrated Data Protection Appliance that corrects multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.


Mozilla

Patch

Mozilla has published three new bulletins Firefox and Firefox ESR, all rated High.
More info.


Fortinet

Patch

Fortinet has published 7 new bulletins, one of which is remotely exploitable.
More info.

An insufficient session expiration vulnerability in FortiClientEMS may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID. CVSSv3 score of 7.9
More info.


HPE

Patch

A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely execute code as administrator. CVSSv3 score of 10
More info.


IBM

Patch

The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. CVSSv3 score of 9.1
More info.

In response to a security issue with BMC's IPMI LAN+ interface, a new Power System firmware update is being released. CVSSv3 score of 10
More info.


Aruba

Patch

Aruba has released patches for Aruba Instant that address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info. HPE bulletin here.


F-Secure

Patch

A vulnerability affecting the F-Secure antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
More info.


  

Tuesday 05 October 2021


Qualcomm

Patch

Qualcomm Monthly Patches are out, with 33 patched vulnerabiltiies.  Twenty are in Qualcomm software, all rated High, while 11 are in third-party software.  Highest CVSSv3 score of 8.6.
More info.


Google

Patch

Google's Monthly Patches for Android are out.  There are 17 vulnerabilties addressed, plus the Qualcomm patches. One vulnerability is rated Critical, the rest High.
More info.

Pixel Monthly Patches are out as well, with two additional vulnerabilities, one rated High and one Moderate.
More info.


Samsung

Patch

Samsung Monthly Patches are out, with 32 Samsung vulnerabilities plus Google's Android updates. Three are rated Critical.
More info.


Xerox

Patch

Xerox has updated FreeFlow Print Server to include Oracle, Java, and Firefox security updates.
More info.


NetApp

New

NetApp has published five new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Apache

Exploit

Apache has been updated to correct a null pointer dereference and a path traversal vulnerabilities, allowing a remote attacker to DoS the server or access files outside the document root. The path traversal is known to be exploited in the wild.
More info.


Linux

Patch

Red Hat has updated the kernel. More info.
Mageia has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.


  

Monday 04 October 2021


Microsoft

Exploit

Microsoft has updated Edge with the chromium security fixes for two vulnerabilities which have exploits in the wild.
More info.


ENDRESS+
HAUSER

Patch

Promass 83 devices utilizing 499ES EtherNet/IP Stack by Real Time Automation are vulnerable to a stack-based buffer overflow. CVSSv3 score of 9.8
More info.


Lenze

New

Several Lenze products contain a CODESYS Control runtime system and are affected by the vulnerability described in CODESYS Advisory 2021-06. Highest CVSSv3 score of 9.8
Products are either EOL or scheduled for update Q2 2022.
More info.


Bosch

New

The control systems series Rexroth IndraMotion MLC and IndraLogic XLC are affected by multiple vulnerabilities in the web server, which – in combination – ultimately enable an attacker to log in to the system. Highest CVSSv3 score of 10
More info.


NETGEAR

Patch

NETGEAR has released a firmware update for RAX200 to refine code and update third party software packages to reduce potential security vulnerabilities.  No further details available.
More info.


Squid

Patch

When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust when the trust is not valid. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services. This problem is guaranteed to occur when multiple CA have signed the TLS server certificate. It may also occur in cases of broken server certificate chains. CVSSv3 score of 8.4
More info.


F5

New

A remote attacker can exploit a vulnerability in OpenSSL by triggering an application to create an ASN1_STRING and process it with an affected OpenSSL function to access restricted information or cause a denial-of-service (DoS). This impacts all F5 products using OpenSSL. Highest CVSSv3 score of 6.5
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021