Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 23 July 2021


Atlassian

Patch

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which could allow attackers to execute arbitrary code in Jira through deserialization due to a missing authentication vulnerability.
More info. And here.


CODESYS

Patch

The CODESYS web server is used by the CODESYS WebVisu to display CODESYS visualization screens in a web browser. Specific crafted requests may cause a heap-based buffer overflow. Further on this could crash the web server, lead to a DoS or may be utilized for RCE. CVSSv3 score of 9.8
More info.

The CODESYS Control runtime system enables embedded or PC-based devices to be a programmable industrial controller, and includes a platform adaptation layer. The adaptation layer for VxWorks does not handle a shortage of sockets correctly, so that existing socket connections may be disconnected and cannot be re-established for some time. This vulnerability affects various communication servers in the CODESYS V3 Runtime Toolkit for VxWorks such as OPC UA or the UDP communication driver and others. CVSSv3 score of 7.5
More info.

The CODESYS Gateway routes the online communication between clients like the CODESYS Development System and CODESYS Control runtime systems. As optional component of CODESYS Control runtime systems, it may also run on PLC devices.  Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a DoS. CVSSv3 score of 7.5
More info.

The CODESYS web server is used by the CODESYS WebVisu to display CODESYS visualization screens in a web browser. Specific web server requests may have read access to all files stored in the "visu" subfolder/placeholder of the PLC's file system, including private files, which may contain user IDs and password hashes of visualization users. CVSSv3 of 7.5
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge with the latest security updates for chromium.
More info. And here.


Tenable

Patch

Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain vulnerabilities, highest rating for the vulnerable software is Critical.
More info.


Asterisk

Patch

If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk.
More info.

Depending on the timing, it’s possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake.
More info.


HPE

Patch

Multiple security vulnerabilities have been identified in HPE fibre channel and SAN switches with Brocade Fabric OS. These vulnerabilities could be remotely exploited to cause DoS, bypass authentication, and disclose sensitive information. CVSSv3 score of 5.3
More info.

Multiple security vulnerabilities have been identified in HPE SAN switches with Brocade Fabric OS. These vulnerabilities could be locally exploited to execute arbitrary code, and could allow an authenticated CLI attacker to write arbitrary content to files. The other vulnerabilities could be remotely exploited to cause DoS, and inject arbitrary HTTP headers. Highest CVSSv3 score of 7.8
More info.


Linux

Patch

SUSE has updated the kernel and curl. More info.
CentOS has updated the kernel. More info.
Amazon Linux and Amazon Linux 2 have updated the kernel. More info. And here.


  

Thursday 22 July 2021


Cisco

Patch

Cisco has published 6 new bulletins and one updated bulletin.  One is rated High, the rest Medium. Highest CVSSv3 score of 8.3
More info.

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. CVSSv3 score of 5.3
More info.


MBConnect

Patch

Two issues have been discovered in mymbCONNECT24 and mbCONNECT24, including allowing a remote attacker to enumerate valid users by checking what kind of response the server sends. Highest CVSSv3 score of 7.5
More info. And here.


Apple

Patch

Apple has published security updates for macOS Big Sur, Catalina, Mojave, and iPadOS.  They've also published the bulletins for the recent updates for iOS, Safari, watchOS, and tvOS.
More info.


Linux

Patch

SUSE has updated the kernel, curl and linuxptp. More info.
OpenSUSE has updated the kernel and curl. More info.
Arch Linux has updated the kernel, systemd, and curl. More info.
Oracle Linux has updated the kernel and systemd. More info.
Gentoo Linux has updated systemd. More info.
Mageia has updated the kernel and systemd. More info.


  

Wednesday 21 July 2021


Oracle

Patch

Oracle has released its Quarterly Patch Update to address 342 vulnerabilities across multiple products. 206 of these may be remotely exploitable without authentication. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Highest CVSSv3 score of 10
More info.


Arcadyan

New

A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows a remote attacker access to sensitive information and allows for the alteration of the router configuration. CVSSv3 score of 9.8
More info. And here.


Kerberos

Patch

In MIT krb5 releases 1.16 and later, an unauthenticated attacker can cause a null dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST.
More info.


Adobe

Patch

Adobe has published security updates for Photoshop, Audition, Character Animator, Prelude, Premier Pro, After Effects, and Media Encoder. Several vulnerabilities lead to RCE, with a highest CVSSv3 score of 8.8
More info.


Google

Patch

Google has published an udpate for Chrome for Desktop that fixes 35 security vulnerabilities, at least 9 of which are rated High.
More info.


curl

Patch

curl has pubished 5 new bulletins, all rated Medium.
More info.


Linux

Patch

SUSE has updated the kernel and systemd. More info.
OpenSUSE has updated the kernel and systemd. More info.
Debian has updated the kernel and systemd. More info.
Red Hat has updated the kernel and glibc. More info.
Gentoo Linux has updated systemd. More info.
Ubuntu has updated the kernel and systemd. More info.


  

Tuesday 20 July 2021


Microsoft

0-Day

Microsoft Windows permissions on the SAM and SYSTEM hives are readable for any user on the system. Exploit requires an authenticated user.
More info.

Microsoft Edge has been updated with the latest chromium security patches.
More info.


Fortinet

Patch

A Use After Free vulnerability in FortiManager and FortiAnalyzer may allow a remote, unauthenticated attacker to execute code as root via sending a specifically crafted request to the fgfm port of the targeted device. CVSSv3 score of 7.5
FGFM is disabled by default on FortiAnalyzer and can only be enabled on specific hardware models.
More info.


Advantech

0-Day

Advantech WebAccess/NMS contains a vulnerability that allows remote attackers to disclose sensitive information from the application. The specific flaw is a lack of authentication prior to allowing access to functionality. CVSSv3 score of 5.3
More info.


Mitsubishi
Electric

Patch

A DoS vulnerability exists in the Ethernet interface block of MELSEC-F series due to a NULL Pointer Dereference. A malicious attacker may cause DoS condition in communication with the product by sending specially crafted packets. In addition, system reset is required for recovery. CVSSv3 score of 7.5
More info.


Bosch

Patch

The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain vulnerable software from CODESYS GmbH, with a weakness in the protocol for the communication between the PLC runtime and clients. Attackers can send crafted communication packets which may result in a DoS or allow RCE. Highest CVSSv3 score of 9.8
More info.


Apple

Patch

Apple has published updates for Safari, iOS, watchOS, and tvOS.  Security details are not yet available.
More info.


WSO2

0-Day

WSO2 API Manager contains a vulnerability that allows remote attackers to execute arbitrary code. The service contains a hard-coded password for the administrator user. CVSSv3 score of 9.8
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Mageia has updated glibc. More info.


  

Monday 19 July 2021


Microsoft

0-Day

Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process.  To exploit this a user on the Windows system must print to a malicious print server.
More info. And here. And here.


IBM

Patch

IBM Data Replication is affected by multiple vulnerabilities in IBM Java SDK.  Highest CVSSv3 score of 9.8
More info.

IBM Security SOAR includes an older version of Handlebars.js that may be exploited with automated tools. Highest CVSSv3 score of 9.8
More info.


HCL Software

Patch

HCL Digital Experience is susceptible to multiple open source vulnerabilities, including XSS. Highest CVSSv3 score is 6.1
More info.

HCL Launch contains an Apache Tomcat flaw that could allow a remote attacker to obtain sensitive information. CVSSv3 score of 8.2
More info.


  

Friday 16 July 2021


Ypsomed

Patch

Ypsomed mylife Cloud and mylife Mobile Application contains multiple vulnerabilities, including Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, and Use of Hard-coded Credentials. Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive application information or modify the integrity of data being transmitted. Highest CVSSv3 score of 6.3
More info.


Google

Patch

Google has published an update for Chrome for Desktop that fixes 8 security vulnerabilities. 6 are rated High.
More info.


Advantech

New

Multiple vulnerabilities exist in Advantech R-SeeNet monitoring software.  These vulnerabilities allow an attacker to execute arbitrary JavaScript code in the context of the targeted user's browser, execute OS commands by sending the targeted device a specially crafted HTTP request, or execute arbitrary PHP commands via a malicious HTTP request. Highest CVSSv3 score of 9.8
More info.


HPE

Patch

Multiple security vulnerabilities have been identified in HPE OfficeConnect Network Switches. These vulnerabilities could allow remote cross-site scripting (XSS) and arbitrary code execution. Highest CVSSv3 score of 6.1
More info.


NetApp

New

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


  

Thursday 15 July 2021


Wireshark

Patch

The Wireshark DNP dissector could crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file, causing a DoS.
More info.


Palo Alto
Networks

Patch

Palo Alto Networks Monthly Patches include 2 bulletins, both rated High.  Highest CVSSv3 score of 7.8
More info.

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. CVSSv3 score of 7.5
More info.


Juniper
Networks

Patch

Juniper Networks Quarterly Patches are out, with 32 new bulletins.  Most are DoS vulnerabilities.  Highest CVSSv3 score of 10
More info.

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials.  CVSSv3 score of 8.6
More info.

A stack-based buffer overflow vulnerability in Juniper Networks SBR Carrier with EAP authentication configured, allows an attacker sending specific packets causing the radius daemon to crash resulting with a DoS or leading to RCE. CVSSv3 score of 10
More info.

Multiple vulnerabilities have been resolved in Junos OS and Junos OS Evolved, Junos Space, Juniper Secure Analytics, Contrail Networking, Contrail Insights, and CTPView by updating third party software or by fixing vulnerabilities found during external security research. Highest CVSSv3 score of 10.
More info. And here. And here. And here. And here. And here. And here.

Multiple vulnerabilities have been resolved in Junos OS Evolved by upgrading the kernel. CVSSv3 score of 8.2
More info.


Hitachi

Patch

Multiple vulnerabilities have been found in JP1/Automatic Job Management System 3 - Web Operation Assistant.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Arch Linux has updated systemd. More info.


  

Wednesday 14 July 2021


VMware

Patch

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. CVSSv3 score of 7.0
More info.


Mozilla

Patch

Mozilla has published updates for Thunderbird, Firefox, and Firefox ESR that patches vulnerabilities rated High that could allow DoS or arbitrary code execution.
More info.


UDP Technology

Exploit

UDP Technology makes IP Camera firmware under their name as well as nearly a dozen other manufacturers.  Authentication bypass and EoP vulnerabilities exist in the firmware.  Timeline shows updated firmware, but deployment across product lines and vendors is unknown.
More info. And here.


SonicWall

Exploit

Threat actors are actively targeting SMA 100 series and SRA products running unpatched and EOL 8.x firmware in an imminent ransomware campaign using stolen credentials. Several products are EOL and unpatchable, SonicWall recommends disconnecting immediately. CVSSv3 score of 9.8
More info.


Kaseya

Exploit

Kaseya has restored their SaaS platform and published security updates for on-premises VSA servers to correct vulnerabilities publicized the weekend of 2 July.
More info.


Aruba

Patch

Aruba has released updates for wired switch products running AOS-CX that address multiple security vulnerabilities, including SAD DNS. Highest CVSSv3 score of 7.4
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
CentOS has updated xstream. More info.
Oracle Linux has updated xstream. More info.
Debian has updated linuxptp. More info.


  

Tuesday 13 July 2021 - Part 2


SAP

Patch

SAP Security Patch Day includes 12 new Security Notes, and 3 updated Notes. The Highest CVSSv3 score for new Notes is 7.6 for a missing authorization check, and one of the updated Notes is CVSSv3 score of 10 for Chromium browser in the Business Client.
More info.


Microsoft

Patch

Microsoft Monthly Patches are out with patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited, including PrintNightmare, RCE affecting Windows Scripting Engine, and two EoP vulnerabilities in the kernel.  Highest CVSSv3 score of 9.1
More info. And here. And here.


Adobe

Patch

Adobe Patch Day includes security patches for Dimension, Illustrator, Framemaker, Bridge, and Acrobat and Reader.
More info.

Adobe Acrobat and Reader includes patches for RCE vulnerabilities.  Highest CVSSv3 score of 8.8
More info.


  

Tuesday 13 July 2021


Schneider
Electric

Patch

Monthly Patches are out for Schneider Electric, with 6 new bulletins and 6 updated bulletins.
More info.

Schneider Electric is aware of a Missing Authentication for Critical Function vulnerability in its Easergy T200 RTU. CVSSv3 score of 9.1
More info.

Multiple vulnerabilities exist in EVlink City / Parking / Smart Wallbox Charging Stations.  The bulletin is blank.
Update: the bulletin is available now, highest CVSSv3 score of 9.4
More info.

An improper authentication vulnerability in C-Bus Toolkit product exists that could allow an attacker to use a crafted webpage to obtain remote access to the system. CVSSv3 score of 6.5
More info.

Multiple vulnerabilities exist in EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, and Modicon Controllers M580 and M340.  The bulletin is currently blank, but details are public.
Update: The bulletin is avaiilable now, highest CVSSv3 score of 9.8, not all products have patches.
More info. And here. And here.


Siemens

Patch

Siemens Monthly Patches include 18 new bulletins and 5 updated bulletins.
More info.

The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. CVSSv3 score of 8.1
More info.

SINAMICS PERFECT HARMONY GH180 Drives, SINUMERIK ONE, and SINUMERIK MC are affected by a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. CVSSv3 score of 8.1
More info. And here.

RuggedCom, SCALANCE, and SIMATIC RF products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. They recommend disabling the DHCP client. CVSSv3 score of 9.8
More info.

A vulnerability in several product families could allow an attacker to perform a DoS attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. CVSSv3 score of 7.5
More info.

Several Siemens products use a vulnerabile WIBU Systems CodeMeter Runtime for license management. CVSSv3 score of 9.1
More info.

The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. CVSSv3 score of 7.4
More info.

Siemens products are affected by multiple vulnerabilities in an underlying LLDP third party library. CVSSv3 score of 9.8
More info.

Siemens products are affected by a vulnerability in OpenSSL that allows an unauthenticated attacker to cause a DoS if a maliciously crafted renegotiation message is sent. CVSSv3 score of 5.9
More info.


SolarWinds

Exploit

A security vulnerability exists in the latest Serv-U version. A threat actor who successfully exploited this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system. This has been exploited in the wild.
More info.


HPE

Patch

HPE SimpliVity Systems are affected by vulnerabilities in VMware. The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in. CVSSv3 score of 9.8
More info.


NetApp

New

NetApp has published 6 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

Oracle Linux has updated the kernel, xstream, and others. More info.
Mageia has updated the kernel, binutils, and others. More info.
Scientific Linux has updated xstream. More info.
Red Hat has updated xstream. More info.
Amazon Linux has updated the kernel and others. More info.


  

Monday 12 July 2021


Dell

Patch

Dell has released 2021 R1plus operating system Security Update that addresses multiple third-party components within Dell Avamar and NetWorker products. Dell rates this Critical.
More info.

Dell has released a security update that addresses multiple third-party components within Dell PowerFlex appliance products. Dell rates this Critical.
More info.


IBM

Patch

IBM App Connect Enterprise v11 ships with Node.js for which vulnerabilities were reported and have been addressed. CVSSv3 score of 9.8
More info.

There is a vulnerability in Ruby On Rails that is used by IBM License Metric Tool. CVSSv3 score of 9.1
More info.

IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Solr. Highest CVSSv3 score of 9.1
More info.

IBM Security Identity Governance and Intelligence is affected by multiple vulnerabilities in icu. CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in XStream that is used by IBM InfoSphere Information Server were addressed. Highest CVSSv3 score of 9.8
More info.

Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of service. CVSSv3 score of 9.1
More info.


SonicWall

Patch

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a crash or potentially read sensitive information from the memory locations.
More info.


HPE

Patch

Security vulnerabilities have been identified in HPE Superdome X servers. The vulnerabilities could be remotely exploited to cause Remote Denial of Service (DoS). Highest CVSSv3 score of 7.5
More info.


ForgeRock

Patch

Security vulnerabilities have been discovered in supported versions of Web Agents. An unauthenticated attacker can attack a non-default configured agent logout endpoint, causing a web server worker process to crash. This is rated High.
More info.


Apache

Patch

Apache Tomcat did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility of request smuggling when used with a reverse proxy.
More info.


NetApp

New

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Zyxel

Patch

Zyxel has patched a previously reported vulnerability being targeting in Zyxel security appliances with remote management or SSL VPN enabled in the USG/ZyWALL, USG FLEX, ATP, and VPN series.
More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021