Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 10 July 2020


Sophos

Patch

An SQL injection vulnerability in the email quarantine release feature of XG Firewall was recently discovered and fixed. The remediation prevented remote execution of arbitrary code.
More info.


Citrix

Exploit

The ISC reports seeing active exploit attempts of the Citrix vulnerabilities reported earlier this week.
More info.


MobileIron

Patch

Vulnerabilities in MobileIron Core and Connector could allow an attacker to execute remote exploits without authentication. This was patched in June, reported July 1 publicly.
More info.


GE Digital

Patch

APM Connect UDLP products relying upon Apache Tomcat servers are vulnerable to GhostCat, which allows an attacker to execute malicious code and gain access to potentially sensitive information.
More info.


Moxa

Patch

Multiple vulnerabilities were identified in Moxa’s MGate 5105-MB-EIP Series Protocol Gateways.  These vulnerabilities include Authentication Bypass by capture-replay and Exposure of Sensitive Information.
More info.


Dell

Patch

iDRAC component with Dell EMC Data Domain requires a security update to address a buffer overflow vulnerability. CVSSv3 score of 7, Dell rates this Medium.
More info.

Multiple components within Dell EMC DCA require a security update to address various vulnerabilities.  Dell rates this Critical.
More info.


Micro Focus

Patch

A vulnerability has been identified in some components that ships with Hybrid Cloud Management. The vulnerability could be exploited to file content disclosure of the web application or remote code execution.
More info.


Linux

Patch

Ubuntu has updated openssl.  More info.
Mageia has updated samba and others.  More info.


  

Thursday 09 July 2020


Juniper

Patch

Juniper Quarterly Patches are out, with 19 bulletins affecting JunOS, appliance BIOS firmware, Juniper Secure Analytics, and SRC Series implementation of Bouncy Castle.  Patched vulnerabilities include DoS, updates to vulnerable third-party software, DNS filtering bypass .  Some CVEs are from 2014.  Highest CVSSv3 score of 9.8.
More info.

On Juniper Networks SRX Series with ICAP redirect service enabled, processing a malformed HTTP message can lead to a DoS or RCE. CVSSv3 score of 9.8
More info. And here.


Rittal

New

Rittal PDU units contain a hardcoded root backdoor account, CLI menu bypass, insecure storage of sensitive information, and outdated third-party software components.  Fixes were made for other devices, but not the PDU.
More info.


Micro Focus

New

A potential vulnerability has been identified in a component that integrates with Cloud Service Automation. The vulnerability could be exploited to file content disclosure of the web application or remote code execution. CVSSv3 score of 9.8
More info.


IBM

Patch

IBM InfoSphere Information Server could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSSv3 score of 8.1
More info.


FreeBSD

Patch

FreeBSD has updated ipv6, unbound, and one other. 
More info.


Linux

Patch

CentOS has updated firefox.  More info.
Oracle Linux has updated firefox and the kernel.  More info.
Debian has updated ruby, roundcube, and one other.  More info.
Ubuntu has updated thunderbird.  More info.


  

Wednesday 08 July 2020


Palo Alto
Networks

Patch

Palo Alto Networks has pushed out their Monthly Patches, consisting of 5 bulletins, one of which is Informational only.  Highest CVSSv3 score of 8.1
More info.


Grundfos

Patch

Grundfos Pumps Corporation CIM 500 contains two vulnerabilities. The first responds to unauthenticated requests for password storage files. The second is plaintext storage of passwords. Together, these vulnerabilities could allow access to cleartext credential data. Highest CVSSv3 score of 7.5.
More info.


F5

Exploit

F5 has updated the bulletin for the TMUI RCE vulnerability with new mitigation and IOC guidance.  Worth another look.  The ISC has reported backdoor install attempts in their honeypots.
More info.  And here.


Citrix

Patch

Multiple vulnerabilities have been discovered in Citrix ADC, Citrix Gateway  and Citrix SD-WAN WANOP appliances. These vulnerabilities could result in a number of security issues including system compromise and XSS on the management network, as well as creation of a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, may result in the compromise of their local computer.
More info. And here.


Mozilla

Patch

An update for Firefox for Android fixes a Critical local file access vulnerability.
More info.


Qualcomm

Patch

The Monthly Patch bulletin is out, listing nine vulnerabilities, one of which is listed as Critical.
More info.


IBM

Patch

There are some vulnerabilities in the Jackson-Databind library that affects IBM Engineering Lifecycle Optimization - Publishing.  IBM lists this as Critical, highest CVSSv3 score of 7.3.
More info.


Zyxel

New

Several Zyxel Router platforms are identified in a Home Router Security report published by FKIE.
More info.  And here.


Linux

Patch

SUSE has update java, perl, php, and many others.  More info.
OpenSUSE has updated python, the kernel, rust, and others. More info.
RedHat has updated php, the kernel, and others.  More info.
Oracle Linux has updated thunderbird and firefox.  More info.
Debian has updated php.  More info.
Ubuntu has updated cinder and os-brick.  More info.
Scientific Linux has updated firefox, the kernel, and others.  More info.


  

Tuesday 07 July 2020


Google

Patch

Monthly Patches are out for Google Android.  19 vulnerabilities are addressed, plus the Qualcomm closed source list.  Seven are rated Critical, 12 rated High.
More info.

Pixel Monthly Patches are out as well, with 3 vulnerabilities rated Moderate plus the Qualcomm closed source list.
More info.


Samsung

Patch

Monthly Patches are out for Samsung as well.  Along with Google patches Samsung Mobile provided 14 additional vulnerability fixes, two rated High and the rest Moderate or Low.
More info.


HPE

Patch

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause XSS. CVSSv3 score of 6.1
More info.


Belden

Patch

Multiple dnsmasq vulnerabilities exist in OWL 3G, OWL LTE, andOWL LTE M12 products.  Highest CVSSv3 score of 9.8
More info.

A Java SE vulnerability exists in Industrial HiVision. CVSSv3 score of 8.1
More info.

Note that although dated 15 June, these bulletins just showed up in the security portal.


Linux

Patch

SUSE has update openldap and others.  More info.
OpenSUSE has updated python, the kernel, rust, and others. More info.
RedHat has updated tomcat, the kernel, firefox, and others.  More info.
Oracle Linux has updated firefox.  More info.
Ubuntu has updated nss, the kernel, glibc, and others.  More info.
Mageia has updated mariadb, wireshark, and wifi-radar.  More info.


  

Monday 06 July 2020


F5

Exploit

There are reports of active exploitation of the TMUI RCE vulnerability previously reported in Big-IP products, CVSSv3 score of 10.  Please patch.
More info.  And here. And here. And here.


Linux

Patch

SUSE has updated mozilla-nss/nspr, tomcat, and systemd.  More info.
OpenSUSE has updated python and others. More info.
Oracle Linux has updated nginx.  More info.
Debian has updated thunderbird and php.  More info.
Mageia has updated ntp, python, tomcat, firefox, and others.  More info.


  

Friday 03 July 2020


OpenClinic GA

New

OpenClinic GA contains multiple vulnerabilities that could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code. Highest CVSSv3 score of 9.8
More info.


Nortek

Patch

Nortek Linear eMerge 50P/5000P contains multiple vulnerabilities that could allow a remote attacker to gain full system access. Highest CVSSv3 score of 10.
More info.


Mitsubishi
Electric

Patch

There are multiple vulnerabilities in TCP/IP stack of the firmware in several models of GOT2000 series. If these vulnerabilities are exploited by malicious attackers, the network functions of the products may enter a denial-of-service condition or malware may be executed.
More info.


IBM

Patch

IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability. CVSSv3 score of 7.5.  IBM rates this Critical.
More info.

IBM Data Risk Manager is affected by multiple vulnerabilities in third-party software, notably Faster XML jackson-databind. Highest CVSSv3 score of 9.8. IBM rates this Critical.
More info.


Mozilla

Patch

Mozilla has published an update for Thunderbird that corrects several vulnerabilities, mostly rated High.
More info.


Linux

Patch

OpenSUSE has updated opera  More info.
RedHat has updated nginx.  More info.
Ubuntu has updated net-snmp, the kernel, firefox, and samba.  More info.


  

Thursday 02 July 2020


Cisco

Patch

Cisco has published 8 new bulletins, one rated High, the rest Medium.  Vulnerabilities include XSS, Information Disclosure, and others.
More info.

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. CVSSv3 score of 8.1
More info.


Wireshark

Patch

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
More info.


NetApp

New

NetApp has published six new bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Mozilla

Patch

Mozilla has updated Firefox and Firefox ESR to fix several vulnerabilities rated High and Moderate.
More info.


Samba

Patch

Samba has published an update that fixes four vulnerabilities, including two that result in a DoS condition. Highest CVSSv3 score of 7.5.
More info.


Linux

Patch

SUSE has updated ntp, unbound, python, and others.  More info.
Debian has updated firefox and chromium.  More info.
Ubuntu has updated libvncserver.  More info.


  

Wednesday 1 July 2020


Microsoft

Patch

Microsoft has published two OOB patches for Critical vulnerabilities in the Codecs Library.  Both require a crafted image file, and allow remote code execution.
More info.  And here.


PowerDNS

Patch

An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction.
More info.


F5

Patch

The Traffic Management User Interface has a RCE vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. Only the control plane is affected.
More info.


Dell

Patch

Dell has published a security update to address vulnerabilities in third-party software used in the EMC Cloud Tiering Appliance. This is rated Critical.
More info.


Linux

Patch

SUSE has updated mariadb, squid, ntp, and others.  More info.
RedHat has updated httpd-nghttpd.  More info.


  

Tuesday 30 June 2020


Palo Alto

Patch

When SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. CVSSv3 score of 10.  Most versions have a patch.
More info.


Mitsubishi
Electric

Patch

Multiple vulnerabilities exist due to improper handling of XML in multiple Mitsubishi Electric FA engineering software products. When customers use a project file or a configuration data file that has been specially crafted by a malicious attacker, it could allow the attacker to send a file on the computer to the outside or cause a DoS.
More info.


IBM

Patch

IBM Tivoli Netcool Impact is affected by IBM Dojo Toolkit vulnerabilities that could allow a remote attacker to inject arbitrary code on the system. Highest CVSSv3 score of 7.5. IBM rates this Critical.
More info.

IBM Security QRadar Packet Capture uses third-party software with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

OpenSUSE has updated unbound, tomcat, squid, and others.  More info.
RedHat has updated the kernel and others.  More info.
Ubuntu has updated mailman.  More info.


  

Monday 29 June 2020


IBM

Patch

IBM Spectrum Protect Plus could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server.
More info.


PuTTY

Patch

PuTTY has released a new version with one security fix.
More info.


NetApp

New

The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default account and password that should be changed during the initial node setup. During upgrades the account password is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS).
More info.


Sophos

Patch

Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.
More info.


Squid

Patch

Due to incorrect input validation Squid is vulnerable to a Request Smuggling and Poisoning attack against the HTTP cache. CVSSv3 score of 9.3, even with Privilege Required:Local.
More info.


Linux

Patch

SUSE has updated tomcat and others.  More info.
OpenSUSE has updated chromium and others.  More info.
Arch Linux has updated tomcat, freerdp, bind, chromium, and others.  More info.


  

Friday 26 June 2020


ENTTEC

New

ENTTEC Lighting Controllers models Datagate Mk2, Storm 24, and Pixelator, E-Streamer Mk2 contain multiple vulnerabilities including Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, Incorrect Permission Assignment for Critical Resource. Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized SSH/SCP access to devices, inject malicious code, run commands with root privileges, and read, write, and execute files in system directories as any user. Highest CVSSv3 score of 8.8.  No patches yet.
More info.


Apache

Patch

Apache Tomcat updated to correct a security vulnerability. A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
More info.


Hitachi

Patch

Hitachi Device Manager contains a vulnerability to Denial of Service (DoS) attacks. The process of the database built in to the Hitachi Command Suite products could stop, even the service itself, which can cause malfunction of the Hitachi Device Manager server and the other Hitachi Command Suite products that are installed on the same machine.
More info.


Dell

Patch

Dell EMC PowerStore Family contains remediation to address exposing test interface ports vulnerability that may be exploited by malicious users to compromise the affected system.
More info.


Linux

0-day

SUSE has updated tigervnc, squid, unbound, and others.  More info.
Oracle Linux has updated nghttp2.  More info.
RedHat has updated nghttp2.  More info.

Multiple 0-day vulnerabilities have been reported in CentOS Web Panel.  More info.


  

Thursday 25 June 2020


Microsoft

Patch

Microsoft has updated chromium-based Edge to include the latest updates.
More info.


Dell

Patch

Multiple components within Dell EMC Avamar and NetWorker require a security update to address various vulnerabilities.  Dell rates this as Critical.
More info.


HPE

New

A potential security vulnerability has been identified in HPE Systems Insight Manager. The vulnerability could be remotely exploited to allow remote code execution. CVSSv3 score of 9.8.  No patch yet.
More info.


NetApp

New

NetApp has published five new bulletins regarding vulnerabilities in third-party software included in NetApp products.  No patches yet.
More info.


Cisco

New

Cisco IOS XE Software is affected by a vulnerability in Telnetd servers, only if the device is configured with the persistent Telnet feature.  CVSSv3 score of 9.8 Switch to SSH until a patch. (Really, why would you switch back?!)
More info.


IBM

Patch

IBM QRadar Network Security is affected by multiple vulnerabilities in third-party software. Highest CVSSv3 score of 8.8
More info.


Linux

Patch

SUSE has updated curl and others.  More info.
Ubuntu has updated curl.  More info.


  

Wednesday 24 June 2020


VMware

Patch

Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware, including a Use-after-free vulnerability in the SVGA device. They all require local access. Patches and updates for most are available.  VMware rates this Critical. Highest CVSSv3 score of 9.3
More info.


Mitsubishi

New

There is a vulnerability due to cleartext communication between Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules, and GX Works3/GX Works2. There are risks of communication data eavesdropping/tampering, unauthorized operation, and DoS attacks from attackers. CVSSv3 score of 10.0
They recommend setting up a VPN.
More info.


Honeywell

Patch

Honeywell ControlEdge PLC and RTU transmits unencrypted passwords and session tokens on the network in cleartext. CVSSv3 score of 5.9
More info.


IBM

Patch

IBM Security Guardium contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVSSv3 score of 6.8
More info.


QNAP

Patch

An improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys.
More info.


Draytek

Patch

Vigor3900, Vigor2960, and Vigor300B contain a stack-based buffer overflow vulnerability, and a remote code injection/execution vulnerability.
More info. And here.


Linux

Patch

SUSE has updated the kernel, mariadb, php5, and others.  More info.
OpenSUSE has updated java, opera, and mozilla-nss.  More info.
RedHat has updated the kernel, docker, ntp, and others.  More info.
CentOS has updated the kernel, ntp, and unbound.  More info.
Oracle Linux has updated the kernel, thunderbird, and ntp.  More info.


  

Tuesday 23 June 2020


IBM

Patch

IBM Security Guardium may use insufficiently random numbers or values in a security context that depends on unpredictable numbers.
More info.


Dell

Patch

Multiple components within Dell EMC VxRail Appliance require a security update to address various vulnerabilities. Dell rates this Critical.
More info. And here.


Xerox

Exploit

Xerox has released updates for FreeFlow Print Server versions with Oracle, Microsoft, Java, and Firefox patches.
More info. And here.


Fortinet

Patch

An insufficient control of network message volume vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks (thereby causing reflected denial of service on arbitrary targets) via sending specially crafted mode 6 queries to the FortiAnalyzer built-in NTP server.
More info.


BlackBerry

Patch

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.
More info.


Google

Patch

Google has released an update for Chrome for Desktop that contains two security fixes.
More info.


Bitdefender

Patch

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process.  CVSSv3 score of 8.8
More info.


Linux

Patch

OpenSUSE has updated chromium, perl, php, fwupd, and others.  More info.
Oracle Linux has updated unbound.  More info.
Ubuntu has updated mutt and nfs-utils.  More info.


  

Monday 22 June 2020


Sophos

Patch

A heap overflow vulnerability in awarrensmtp, a component of XG Firewall firmware, was recently discovered. The vulnerability can potentially allow a remote attacker to execute arbitrary code.
More info.


Squid

Patch

Squid is vulnerable to a DoS attack when processing objects in an SMP cache. CVSSv3 score of 7.3
More info.

Due to use of a potentially dangerous function Squid and the default certificate validation helper are vulnerable to a DoS attack when processing TLS certificates. CVSSv3 score of 8.3
More info.


Schneider
Electric

Exploit

Schneider Electric is aware of recently published research and a proof of concept that demonstrates how one of the Treck vulnerabilities can be exploited to affect a specific version and model of a Schneider Electric APC Smart-UPS device using a specific version of Network Management Card firmware. No patches yet, but mitigation strategies.
More info.


IBM

Patch

Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management. Highest CVSSv3 score of 9.8
More info.

The Apache Commons FileUpload vulnerability affects IBM eDiscovery Manager. CVSSv3 score of 9.8
More info.

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Highest CVSSv3 score of 9.8
More info.

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. Highest CVSSv3 score of 9.8
More info.


Fortinet

Patch

An insufficient session expiration vulnerability in FortiDeceptor may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
More info.

An expression language injection vulnerability in FortiSIEM may allow a remote attacker to inject arbitrary javascript code in the victim's browser's context via the JBoss RichFaces library.
More info.


Linux

Patch

SUSE has updated the kernel, java, perl, and others.  More info.
RedHat has updated chromium, unbound, gnutls, and others. More info.
Oracle Linux has updated thunderbird.  More info.
Debian has updated mutt and neomutt.  More info.
Mageia has updated gnutls.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020