Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Tuesday 26 May 2020


ABB

Patch

ABB has published seven bulletins regarding products that contain the Wind River VxWorks IPNet vulnerabilities that became public last July.  These include FOX615 Multiservice-Multiplexer, Relion 670, Relion 650, SAM600-IO Series, AFS66x, NSD570 Teleprotection Equipment, ETL600 Power Line Carrier System, REB500, and RTU500 series.
More info.


Fortinet

Patch

An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.
More info.


Linux

Patch

OpenSUSE has updated python, pdns-recursor, tomcat, gcc, and others.  More info.
Arch Linux has updated freerdp.  More info.
RedHat has updated the kernel and others.  More info.
Debian has updated netqmail.  More info.
Ubuntu has updated the kernel.  More info.
Mageia has updated the kernel, clamav, wireshark, dns resolvers, and others.  More info.


  

Friday 22 May 2020


Johnson
Controls

Patch

During installation or upgrade to C•CURE 9000 and victor Video Management System, the credentials of the Windows account used to perform the installation or upgrade is logged in a file. The install log file persists after the installation. This results in unintended plain text storage of the Windows user credentials. CVSSv3 score of 9.9
More info.


Microsoft

Patch

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.
More info.


NetApp

New

NetApp has published two security bulletins about vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated tomcat, bind, dovecot and others.  More info.
RedHat has updated .NET and dotnet.  More info.
CentOS has updated squid.  More info.
Debian has updated pdns-recursor.  More info.
Ubuntu has updated clamav, the kernel, and others.  More info.


  

Thursday 21 May 2020


Cisco

Patch

Cisco has published five security bulletins, one rated Critical, one rated High, and three rated Medium.
More info.

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
More info.

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
More info.


Apple

Patch

Apple has published updates for iOS, iPadOS, tvOS, and xCode.  Details for most are not yet available.
More info.


IBM

Patch

DB2 contains several vulnerabilities which can affect the IBM Performance Management product.  Highest CVSSv3 score of 9.8
More info.

IBM DataPower Gateway is affected by multiple vulnerabilities in Dojo. Highest CVSSv3 score of 7.5
More info.


Xerox

Patch

Xerox has published several bulletins regarding Solaris, Java, Firefox, and BIOS updates for the FreeFlow Print Server platforms.
More info.


F5

New

Traffix SDC contains a vulnerability that allows an attacker to trigger a DoS attack through memory exhaustion.  No patch yet
More info.


NetApp

Patch

Element OS and Element HealthTools are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
More info.


Fortinet

Patch

FortiAnalyzer and FortiManager are vulnerable to a 2004 CVE that allows remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet.
More info.


Linux

Patch

SUSE has updated bind and others.  More info.
Arch Linux has updated bind, unbound, chromium, and ant.  More info.
CentOS has updated firefox, squid, thunderbird, and the kernel.  More info.
Debian has updated dovecot.  More info.


  

Wednesday 20 May 2020


Google

Patch

Google has updated Chrome for Desktop to correct 38 security vulnerabilities.
More info.


Emerson

Patch

Emerson OpenEnterprise SCADA software contains several vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.  Highest CVSSv3 score of 10.0
More info.


DNS

Patch

NXNSAttack allows malicious parties to use recursive DNS services to attack third party authoritative name servers.
More info. And here.

PowerDNS Recursor has released a fix. More info.
Microsoft is aware, no patch. More info.
Unbound has updated their DNS resolver for the these issues. More info.
Same for Knot Resolver. More info.
ISC BIND has updated.  More info.


TIBCO

Patch

TIBCO JasperReports Server contains a vulnerability that allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can exploit the vulnerability consistently, remotely, and without authenticating. Highest CVSSv3 of 9.8
More info.


HPE

Patch

Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. CVSSv3 score of 9.9
More info.

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. CVSSv3 score of 9.9
More info.


Dell

Patch

Multiple components within the Dell EMC Unity, Dell EMC Unity VSA, and Dell EMC Unity XT Product Families require a security update to address various vulnerabilities.  Dell has rated this Critical.
More info.


Wireshark

Patch

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
More info.


Linux

Patch

SUSE has updated dpdk, python, and others.  More info.
Arch Linux has updated openconnect, powerdns, and dovecot.  More info.
RedHat has updated java, the kernel, and others.  More info.
Debian has updated bind.  More info.
Ubuntu has updated exim and bind.  More info.


  

Tuesday 19 May 2020


Moodle

Patch

Moodle contains two vulnerabilities rated Serious. The first allows RCE, the second allows stored XSS.
More info. And here.


Adobe

Patch

Adobe has published updates for Premier Rush, Audition, Premier Pro, and Character Animator.  Vulnerabilities fixed include OOB memory read leading to information disclosure, privilege escalation, and stack overflow reading to RCE.
More info.


Apple

Patch

Apple has published updates for watchOS.  Details aren't yet available.
More info.


IBM

Patch

Multiple vulnerabilities in Apache Solr (lucene) were addressed by IBM InfoSphere Information Server. CVSSv3 score of 9.8
More info.


F-Secure

Patch

A CSRF vulnerability was discovered in the web user interface of F-Secure Linux Security. An unauthenticated user can send the CSRF request to the web user interface. A successful attack can lead to the product settings being disabled remotely through the web interface. These include antivirus, the firewall, and the integrity protection settings.
More info.


ISC

Patch

An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients.
More info.

BIND does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral, resulting in degraded performance or use as a reflector in a reflection attack with a high amplification factor.
More info.


Linux

Patch

Debian has updated dpdk.  More info.
Ubuntu has updated the kernel and dpdk.  More info.


  

Monday 18 May 2020


Microsoft

Patch

Microsoft has revised the Security Updates table of CVE-2020-1108 to include PowerShell Core 6.2 and 7.0 because they are affected by CVE-2020-1108.
More info.


PHP

Patch

PHP 7 has been updated to fix two security bugs that allow long variables and long file names to cause OOM and possible crash.
More info. And here. And here.


HMS

Patch

Ewon eCatcher contains a vulnerability that may allow an attacker to eavesdrop the connection with a forged certificate.
More info.


IBM

Patch

IBM Sterling B2B Integrator has addressed multiple security vulnerabilities in jackson-databind.  CVSSv3 score of 9.8
More info.

A widely used function in the OpenJ9 JVM is vulnerable to buffer overflows. Multiple Java Runtime components use the vulnerable code, so the issue can manifest in a number of different ways.
More info.


MicroFocus

Patch

A potential XSS vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
More info.


NetApp

New

NetApp has published eight new security bulletins covering vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated mailman and others.  More info.
OpenSUSE has updated mailman and others.  More info.
Arch Linux has updated keycloak.  More info.
Oracle Linux has updated the kernel.  More info.
Debian has updated exim and apache-log4j.  More info.
Ubuntu has updated dovecot.  More info.
Mageia has updated ntp, flash, libreswan, and others.  More info.


  

Friday 15 May 2020


Emerson

Patch

Emerson WirelessHART Gateways contain a vulnerability which disables the internal gateway firewall if the VLAN feature is enabled. Once the gateway's firewall is disabled, a malicious user could issue specific commands to the gateway, which could then be forwarded on to the end user's wireless devices. CVSSv3 score of 10.0
More info.


Opto 22

Patch

Multiple security vulnerabilities exist in Opto 22 SoftPAC Project, a virtual PLC. Highest CVSSv3 score of 9.8
More info.


Veritas

Patch

APTARE has been updated to correct several security issues, including Information Disclosure, Authorization bypass, and Authentication weakness.
More info.


Dell

Patch

VMware Directory Service (vmdir) within Dell EMC VxFlex Integrated Rack requires a security update to address a vulnerability. CVSSv3 score of 9.8
More info.


Hitachi

Patch

Hitachi has published updates to correct a DoS vulnerability in JP1/Automatic Job Management System, Compute Systems Manager, Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor and Ops Center.
More info.


Linux

Patch

SUSE has updated the kernel and others.  More info.
RedHat has updated the kernel.  More info.
Gentoo Linux has updated freerdp, libmicrodns, chromium, and others. More info.
Amazon Linux has updated php, the kernel, java, and others.  More info.
Amazon Linux 2 has updated the kernel.  More info.


  

Thursday 14 May 2020


MicroFocus

Patch

Micro Focus has published an update for NetIQ Access Manager, that fixes an information leak in debug mode.
More info. And here.


IBM

Patch

Multiple security vulnerabilities in Jackson-databind Affect IBM Sterling B2B Integrator. Highest CVSSv3 score of 9.8
More info.


Dell

Patch

Multiple components within Dell EMC DCA require a security update to address various vulnerabilities in the kernel, sudo, ppp, openjdk, and php. Dell has rated this Critical.
More info.


PaloAlto

Patch

Palo Alto Networks has published 28 new bulletins. One is rated Critical, five are listed as exploitable by remote attackers with low complexity.
More info.

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls.
More info.

Improper restriction of XXE vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.
More info.


Linux

Patch

SUSE has updated apache2 and others.  More info.
RedHat has updated .NET core and others.  More info.
Debian has updated apt and libreswan.  More info.
Ubuntu has updated apt, iproute, squid, and others.  More info.


  

Wednesday 13 May 2020


Microsoft

Patch

Microsoft Monthly Patches are out.  There are 111 vulnerabilities, 16 rated Critical.  Affected products include Microsoft Windows, Microsoft Edge (HTML and Chromium based), ChakraCore, IE, Office and Office Services and Web Apps, Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI. Highest CVSSv3 score of 8.8
More info.  And here.


Adobe

Patch

Adobe has published Monthly Patches including updates for Acrobat and Reader for Windows and macOS, and DNG SDK for Windows and macOS.  Successful exploitation of some of these vulnerabilities could lead to arbitrary code execution.
More info.  And here.


Schneider
Electric

Patch

Schneider Electric has published Monthly Patches.  There are four new bulletins and five updated bulletins.  The new bulletins affect Pro-face GP-Pro EX Programming Software, Vijeo Designer, U.motion Servers and Touch Panels, and EcoStruxure Operator Terminal Expert.
More info.

Use of Hard-coded Credentials vulnerability exists which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.
More info.

U.motion Servers and Touch Panels contain an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability, which could cause arbitrary code to be executed when a malicious command is entered.
More info.


ClamAV

Patch

ClamAV has published a new release that fixes two CVEs, both of which could result in a DoS.
More info.


IBM

Patch

IBM WebSphere Cast Iron Solution & App Connect Professional has addressed the vulnerabilities reported in Apache Tomcat. Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector.
More info.


McAfee

Patch

McAfee has published an ePolicy Orchestrator update that fixes Java vulnerabilities, most of which can be exploited by remote attackers.
More info.


Linux

Patch

SUSE has updated the kernel.  More info.
RedHat has updated the kernel and others.  More info.
Oracle Linux has updated the kernel.  More info.
Gentoo Linux has updated squid, firefox, thunderbird, and others.  More info.


  

Tuesday 12 May 2020


SAP

Patch

SAP Monthly Patch day brings 18 security notes and 4 updated notes.  Six security Notes are rated Hot News, five are rated High, the rest Medium.  Three cover Missing Authentication Checks, one is Missing Authentication, two allow DoS.  Highest CVSSv3 score is 9.8
More info.


Siemens

Patch

Siemens has released their Monthly Patches.  There is one new bulletin for Urgent/ll in Power Meters, and six updated bulletins.
More info.


F5

Patch

BIG-IP Edge Client Windows contains a vulnerability which allows an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafts a malicious webpage and loads it into the Internet Explorer browser by BIG-IP Edge Client users.
More info.


IBM

Patch

IBM API Connect is impacted by vulnerabilities in PHP that could allow DoS or RCE. Highest CVSSv3 score of 9.8
More info.


Libreswan

Patch

A malicious IKEv1 packet can cause libreswan to restart.  While building a log message that the packet has been dropped, a NULL pointer dereference causes libreswan to crash and restart when it attempts to log the state name involved.
More info.


Linux

Patch

RedHat has updated libreswan, chromium, and others.  More info.
Oracle Linux has updated thunderbird and the kernel.  More info.


  


SAP

Patch

SAP Monthly Patch day brings 18 security notes and 4 updated notes.  Six security Notes are rated Hot News, five are rated High, the rest Medium.  Three cover Missing Authentication Checks, one is Missing Authentication, two allow DoS.  Highest CVSSv3 score is 9.8
More info.


Siemens

Patch

Siemens has released their Monthly Patches.  There is one new bulletin for Urgent/ll in Power Meters, and six updated bulletins.
More info.


F5

Patch

BIG-IP Edge Client Windows contains a vulnerability which allows an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafts a malicious webpage and loads it into the Internet Explorer browser by BIG-IP Edge Client users.
More info.


IBM

Patch

IBM API Connect is impacted by vulnerabilities in PHP that could allow DoS or RCE. Highest CVSSv3 score of 9.8
More info.


Libreswan

Patch

A malicious IKEv1 packet can cause libreswan to restart.  While building a log message that the packet has been dropped, a NULL pointer dereference causes libreswan to crash and restart when it attempts to log the state name involved.
More info.


Linux

Patch

RedHat has updated libreswan, chromium, and others.  More info.
Oracle Linux has updated thunderbird and the kernel.  More info.


  

Monday 11 May 2020


VMware

New

Two vulnerabilities were disclosed in Salt, an open source project by SaltStack, which have been determined to affect VMware vRealize Operations Manager. Highest CVSSv3 score of 10.  Patches are coming, workarounds recommended.
More info.


Synology

Patch

A vulnerability in SRM allows remote attackers to conduct DoS attacks via crafted network traffic. CVSSv3 score of 8.6
More info.


NetApp

New

NetApp has published six new bulletins covering vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated firefox, thunderbird, squid, and others.  More info.
OpenSUSE has updated squid, firefox, thunderbird, php, chromium, and others.  More info.
Arch Linux has updated thunderbird.  More info.
Debian has updated thunderbird and squid.  More info.
RedHat has updated thunderbird.  More info.
Oracle Linux has updated firefox.  More info.
Mageia has updated chromium.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020