Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Tuesday 23 April 2019


Lenovo

Patch

In Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
More info.


NetApp

New

NetApp has published four new bulletins about 3rd party software in their products, including Apache HTTP, Apache Tomcat, Java, and MySQL.  No updates yet.
More info.


Linux

Patch

SUSE has updated php7.
More info.

CentOS has updated openjdk.  More info.
RedHat has updated the kernel, python, and others.  More info.
Gentoo Linux has updated SQLite, apache, and others. More info.
Amazon Linux has updated wget and httpd.  More info.


Monday 22 April 2019


Polycom

Patch

Polycom has reported that VVX products using UCS software with BToE uses hard-coded credentials to establish connection between host application and device.  Note this is listed as Attack Vector: Physical.  But hard-coded credentials...
More info.


Linux

Patch

RedHat has updated java.
More info.

Oracle Linux has updated java and the kernel.  More info.

Friday 19 April 2019


Lenovo

NEW

Lenovo is reporting on a previously reported NetApp bulletin.  Certain versions of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution.  More info.


Linux

NEW

SUSE has updated php  More info.

Arch Linux has updated dovecot.  More info.


Thursday 18 April 2019


Cisco

NEW

Cisco has published 29 new bulletins and two updated bulletins. Of the new bulletins, five are marked High and one is Critical.  The rest are rated Medium.  More info.

A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the sysadmin VM.  A successful exploit could result in unstable conditions, including both a denial of service and remote unauthenticated access to the device.  More info.


Codesys

NEW

A crafted communication request may cause uncontrolled memory allocations in the affected CODESYS products and may result in a DoS condition.  More info.

The CODESYS Gateway does not correctly verify the ownership of a communication channel. The successful exploitation of this vulnerability may allow an attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.  More info.


Broadcom

NEW

Multiple vulnerabilities have been identified in Broadcom WiFi chipset drivers.  In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, these vulnerabilities will result in denial-of-service attacks.  This impacts multiple vendors that include these chipsets in their products.

More info.


Confluence

NEW

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs, or to create a new space or personal space, or who has 'Admin' permissions for a space, can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.  This vulnerability is listed as Critical, with a CVSSv3 score of 9 or higher.

More info.


Foxit

NEW

Foxit has updated PhantomPDF to correct a potential issue where the application could be exposed to Directory Traversal vulnerability, which could lead to remote code execution.

More info.


Wednesday 17 April 2019


Oracle

NEW

Oracle Quarterly Patches are out.  There are 297 new security fixes, two-thirds of which are remotely exploitable without authentication. Fifty-three of the fixes patch critical vulnerabilities, including 49 with a CVSS score of 9.8. Patched products include Database Server, Communications Applications, E-Business Suite, Financial Services Applications, Fusion Middleware, Hospitality Applications, Java SE, MySQL, PeopleSoft Products, Retail Applications, and Virtualization.

More info.  And here.

There are also Patch bulletins for Solaris third-party software (here), Oracle Linux (here), and Oracle VM Server (here).


ICS

NEW

Phoenix Contact has published a security bulletin for their AXC F 2152 product that includes updated third-party software in their firmware, and fixes for a DoS and User Authentication Token Exploit.

More Info Or here.


Linux

NEW

SUSE has updated kerberos, wget, python, and others. More Info.

CentOS has updated mod_auth_mellon.  More Info.
RedHat has updated mod_auth_mellon and python.  More Info.
Debian has updated ruby and ghostscript.  More Info.
Ubuntu has updated openjdk and others.  More Info.
Oracle Linux has updated mod_auth_mellon.  More Info.


Tuesday 16 April 2019


F5

NEW

All F5 products are vulnerable to a glibc heap-based buffer over-read. An attacker may run arbitrary code or cause a denial-of-service (DoS).  No fixes yet.


Foxit

NEW

Foxit has released updated Foxit Reader and Foxit PhantomPDF versions which address several security vulnerabilities, the worst of which allows a remote attacker to execute arbitrary code.


NetApp

NEW

NetApp has published ten bulletins about vulnerabilities in third-party software included as part of their products.   Third-party software includes kubernetes, apache, Linux kernel, Kerberos, and others.  Only two of the bulletins indicate patches are available.


ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2019