Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Wednesday 21 April 2021


Pulse Secure

0-Day

A vulnerability was discovered under Pulse Connect Secure (PCS).  This includes an authentication by-pass vulnerability that can allow a remote unauthenticated attacker to perform remote arbitrary file execution on the Pulse Connect Secure gateway.  CVSSv3 score of 10. This is actively being exploited.  No patches yet, only workaround.
More info. And here. And here.


Delta

Patch

Delta Industrial Automation COMMGR contains a Stack-based Buffer Overflow. Successful exploitation of this vulnerability could allow for RCE or DoS. CVSSv3 score of 9.8
More info.


Aruba

Patch

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities, including a vulnerability in the web-based management interface of ClearPass that allows an unauthenticated remote attacker to conduct a SSRF attack, leading to RCE and total cluster compromise. CVSSv3 score of 9.8
More info.

Aruba has released updates to the AirWave Management Platform that address multiple security vulnerabilities, including an authentication bypass in AirWave Web-based Management Interfacewhich allows an unauthenticated attacker to assume an administrative role. Highest CVSSv3 score of 8.1
More info.


TIBCO

Patch

TIBCO Administrator contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. CVSSv3 score of 9.6
More info.


Google

0-Day

Google has updated Chrome to fix seven vulnerabilities, most rated High.  Actively exploited.
More info.


  

Tuesday 20 April 2021 - Part 2


Oracle

Patch

Oracle Quarterly Patches are out, with fixes for 390 vulnerabilities, 221 of which can be remotely exploited without authentication.  Highest CVSSv3 score of 9.8, for many of them.
More info.


  

Tuesday 20 April 2021


Meinberg

Patch

Meinberg has updated LANTIME firmware to include fixes for vulnerabilities in OpenSSL, sudo, and the Meinberg LTOS web interface. 
More info.


Apache

Patch

Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.
More info.


IBM

Patch

Vulnerabilities in Java affects IBM Cloud Application Business Insights and InfoSphere Streams. Highest CVSSv3 score of 9.8
More info. And here.


Dell

Patch

Dell has published updates for Unity, UnityVSA, and Unity XT to correct multiple security vulnerabilities, including plain-text password storage, that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Dell NetWorker stores plain-text credentials in server log files. Dell rates this High.
More info.


SonicWall

0-Day

SonicWall has published patches to mitigate three zero-day vulnerabilities to its hosted and on-premises email security products. These include allowing an attacker to create an administrative account, One has been seen exploited in the wild.
More info.


Linux

Patch

SUSE has updated the kernel and others. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel and others. More info.
Ubuntu has updated openslp. More info.
Mageia has updated the kernel and others. More info.


  

Monday 19 April 2021


QNAP

Patch

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. This is rated Critical.
More info.

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This is rated Critical.
More info.


GitLab

Patch

GitLab has released new versions that contain important security fixes, including fixes for RCE vulnerabilities.
More info.


IBM

Patch

Multiple vulnerabilities in FasterXML jackson-databind and Bouncy Castle affect Apache Solr shipped with IBM Operations Analytics - Log Analysis.  Highest CVSSv3 score of 9.8
More info. And here.

IBM Watson OpenScale on Cloud Pak for Data is impacted by Vulnerabilities in Node.js.  Highest CVSSv3 score of 9.8
More info.

A vulnerability in IBM Java SDK affects IBM Transformation Extender.  CVSSv3 score of 9.8
More info.


NetApp

New

NetApp has published six new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Mozilla

Patch

Mozilla has published security bulletins for Firefox, Firefox ESR, and Thunderbird, all rated High.
More info.


  

Friday 16 April 2021


EIPStackGroup

Patch

EIPStackGroup has published a security bulletin for OpENer EtherNet/IP for several vulnerabilities, including Incorrect Conversion Between Numeric Types, Out-of-bounds Read, and Reachable Assertion. Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure. Highest CVSSv3 score of 8.2
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge to include  the latest security vulnerability fixes provided from Google.
More info.


McAfee

Patch

Several McAfee products have been updated with the latest OpenSSL updates.  Highest CVSSv3 score of 7.4
More info.

Endpoint Security for Windows has been updated to fix a Cleartext transmission of sensitive information vulnerability.  CVSSv3 score of 4.8
More info.


F5

New

F5OS and Traffix SDC contains NSS vulnerabilities.  Highest CVSSv3 score of 6.8  No patches yet.
More info. And here.


QNAP

Patch

A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP rates this High.
More info.


Linux

Patch

SUSE has updated the kernel, xorg-x11-server, and others. More info.
Red Hat has updated libldb and others. More info.
Oracle Linux has updated libldb, sudo, and others. More info.
Ubuntu has updated the kernel, networkmanager, and others. More info.
Mageia has updated x11-server and others. More info.
Alpine Linux has updated to 3.13.5, as well as updates for older versions. More info.


  

Thursday 15 April 2021


Juniper
Networks

Patch

Juniper Networks Quarterly Patches are out, with 60 new bulletins.  Products addressed include Junos OS, Junos OS Evolved, Junos Space, Secure Analytics, Paragon Active Assurance, NFX Series, SRC Series, Contrail Insights
More info.

NFX Series: Hard-coded credentials allows an attacker to take control of any instance through administrative interfaces. CVSSv3 score of 10.
More info.


Palo Alto
Networks

Patch

Palo Alto Networks Monthly Patches brings 4 bulletins, ranging from CVSSv3 score of 6.7 to 2.3.  All vulnerabilities require privileges.
More info.


Microsoft

Patch

Microsoft has updated Chrome-based Edge to include the two recent security fixes.
More info. And here.


IBM

Patch

Vulnerabilities in IBM Java, Java runtime, and Java SDK affects several IBM products. Highest CVSSv3 score of 9.8
More info.

Network Performance Insight are affected by jackson-databind and Apache Cassandra vulnerabilities. Highest CVSSv3 score of 9.8
More info. And here.

TensorFlow is vulnerable to a heap-based buffer overflow and denial of service on IBM Watson Machine Learning on CP4D. Highest CVSSv3 score of 9.
More info.


Dell

Patch

Dell Networking W-Series remediation is available for multiple vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Dell PowerEdge VRTX and Dell Networking X-Series remediation is available for a weak password encryption vulnerability that may be exploited by malicious users to compromise the affected system. Dell rates this High.
More info. And here.


Google

Patch

Google has published updates for Chrome for Desktop that fixes 37 security vulnerabilities.
More info.


  

Wednesday 14 April 2021


Microsoft

Exploit

Microsoft Monthly Patches are out and includes 114 vulnerabilities, 19 rated Critical, 4 previously disclosed, and 1 being exploited. Highest CVSSv3 score of 9.8.
More info. And here. And here.

There is another set of Microsoft Exchange Server Remote Code Execution vulnerabilites across versons 2013 - 2019. No known exploits are being reported. CVSSv3 score of 9.8
More info. And here. And here.


Adobe

Patch

Adobe has published security updates for PhotoShop, Digital Editions, Bridge, and RoboHelp.  The first three contain Critical vulnerability fixes.
More info.


JTEKT

Patch

JTEKT Corporation's TOYOPUC products contain an Improper Resource Shutdown or Release vulnerability.  Successful exploitation of this vulnerability could allow an unauthorized user to stop Ethernet communications between devices from being established. CVSSv3 score of 7.5
More info.


Advantech

Patch

Advantech WebAccess/SCADA contains an Incorrect Permission Assignment for Critical Resource vulnerability. Successful exploitation of this vulnerability could allow an attacker to login as an ‘admin’ to fully control the system. CVSSv3 score of 8.8
More info.


Google

Exploit

Google has published an update for Chrome for Desktop that includes two security fixes, both rated High and being exploited in the wild.  One more vulnerability exists but has not yet been fixed. No public exploit for that yet.
More info. And here.


DNS

Exploit

NAME:WRECK is a set of DNS vulnerabilities that could cause either DoS or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. NAME:WRECK vulnerabilities impact FreeBSD software used in high-performance servers in millions of IT networks, and popular firmware, such as Nucleus NET used in critical IoT/OT devices, as well as NetX and IPnet.
More info. And here.

Several of the Siemens products from yesterday's patch day include these vulnerabilities.


OpenClinic GA

Exploit

OpenClinic GA contains several vulnerabilities that could allow an adversary to carrot out a wide range of malicious actions, including injecting SQL code into the targeted server or elevating their privileges. Highest CVSSv3 score of 10
More info. And here.


Linux

Patch

SUSE has updated the kernel, xorg-x11-server, and others. More info.
CentOS has updated screen. More info.
Ubuntu has updated the kernel, x.org x server, and others. More info.


  

Tuesday 13 April 2021


Siemens

Patch

Siemens has published 14 new bulletins and 17 updated bulletins for their Monthly Patches. The highest CVSSv3 score of the new bulletins is 10.
More info.

Siemens has released hotfixes for Siveillance Video Open Network Bridge (ONVIF) which fix a security vulnerability related to unsecure storage of ONVIF user credentials. The vulnerability could allow an authenticated remote attacker to retrieve and decrypt all user credentials stored on the ONVIF server. CVSSv3 score of 9.9
More info.

Due to SmartClient Installation technology (ClickOnce) a customer/integrator needs to create a customer specific Smartclient installer. The mentioned products delivered a trusted but yet expired codesigning certificate. An attacker could have exploited the vulnerability by spoofing the code-signing certificate and signing a malicious executable resulting in having a trusted digital signature from a trusted provider. The certificate was revoked immediately. CVSSv3 score of 10
More info.

Siemens products include in Control Center Server (CCS) from PKE. Multiple vulnerabilities exist in CCS, including authentication bypass, path traversal, information disclosure, privilege escalation, SQL injection, XSS, and insufficient logging. Highest CVSSv3 score of 9.9
More info. And here.

Several Siemens products contain identified in DNS implementations, also known as "NAME:WRECK" vulnerabilities. The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an attacker to manipulate the DNS responses and cause a DoS or remote code execution. Highest CVSSv3 score of 8.1
More info. And here. And here.

Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. CVSSv3 score of 9.8 No patches yet.
More info.

The IPv6 stack of several Siemens products contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a DoS. CVSSv3 score of 7.5
More info.

The latest update for SINEMA Remote Connect Server fixes two DoS vulnerabilities in the underlying third-party XML parser. CVSSv3 score of 7.5
More info.

There are multiple vulnerabilities in the underlying NTP component of Siemens TIM 4R-IE, which is included in SIPLUS NET products. Highest CVSSv3 score of 9.8.  No patches, only workarounds.
More info.

SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in Siemens Security Advisory SSA-705111 for the Mentor DNS Module. CVSSv3 score of 6.5. No patches yet.
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches are out with two new bulletins and two updated bulletins.
More info.

Schneider Electric is aware of multiple Microsoft Windows vulnerabilities in its NTZ Mekhanotronika Rus. LLC control panels. An attacker may be able to take control of the system through the exploitation of the vulnerabilities. Highest CVSSv3 score of 7.8
More info.


SAP

Patch

SAP Monthly Patch Day includes the release of 14 Security Notes. There were 5 updates to previously released Patch Day Security Notes. One of the new notes is rated Hot News and allows RCE with a CVSSv3 score of 9.9.  Four of the new notes are rated High, the rest Medium.
More info.


Dell

Patch

Dell PowerScale OneFS contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Highest CVSSv3 score of 9.8
More info. And here.


Linux

Patch

SUSE has updated the kernel and others. More info.
Red Hat has updated the kernel and others. More info.
Oracle Linux has updated the kernel. More info.


  

Monday 12 April 2021


Linux

Patch

SUSE has updated fwupdate, wpa-supplicant, and others. More info.
OpenSUSE has updated the kernel and others. More info.
CentOS has update dthe kernel and libldb. More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021