Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 3 April 2020


Microsoft

Patch

Microsoft has updated Edge based on chromium for the latest chromium security update.
More info.


Dell

Patch

Multiple components within Dell EMC DCA require a security update to address various vulnerabilities.  Dell rates this Critical.
More info.

Hardware BIOS firmware within Dell EMC Integrated Data Protection Appliance require a security update to address various vulnerabilities.
More info.


Micro Focus

Patch

Operations Bridge Manager and Operations Bridge Reporter have been updated to address a vulnerability in Apache Tomcat. The vulnerability could be exploited to file content disclosure of the web application or remote code execution.
More info.  And here.


NETGEAR

Patch

NETGEAR has released fixes for an unauthenticated remote buffer overflow attack in PPPD security vulnerability WAC510 models.
More info.


NetApp

New

NetApp has published four bulletins addressing security vulnerabilities in third party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updates for haproxy, python, and others.  More info.
Oracle Linux has updated haproxy and nodejs.  More info.
Gentoo Linux has updated GnuTLS.  More info.
Mageia has updated the kernel, weechat, and others.  More info.


  

Thursday 2 April 2020


ABB

New

ABB has released three bulletins for vulnerabilities in the SECURITY System 800xA product, the most critical of which allows RCE. Highest CVSSv3 score of 8.8.  No patch yet for the RCE vulnerability, one of the others is patched, workarounds for the third.
More info.  And here.  And here.

ABB has also reported vulnerabilities in Telephone Gateway TG/S 3.2, which was EOL in 2015.  No plans to fix.
More info.


B&R

Patch

B&R has published a bulletin for multiple vulnerabilities in Automation Studio.  Highest CVSSv3 of 7.5.  Patches for some versions are out, more are planned.
More info.


Linux

Patch

SUSE has updates for memcached and others.  More info.
RedHat has updated a critical vulnerability in haproxy.  More info.
Gentoo Linux has updated haproxy and others.  More info.


  

Wednesday 1 April 2020


DrayTek

Exploit

Exploiting of DrayTek Vigor2960 / 3900 / 300B RCE vulnerabilities continues.  Patches were made available by DrayTek in February, but unpatched systems are a problem. 
More info.  And here.


Google

Patch

Google has released an update for Chrome for Desktop that includes eight security fixes.
More info.


HPE

Patch

A potential remote session token reuse and session logic security vulnerabilities has been identified in HPE MSA 1040, HPE MSA 2040, HPE MSA 2042, HPE MSA 1050, HPE MSA 2050, and HPE MSA 2052. CVSSv3 score of 8.8
More info.


IBM

Patch

IBM Aspera has a buffer overflow security vulnerability, which could allow an attacker with intimate knowledge of the system to execute commands in a restricted shell (aspshell).
More info.


CODESYS

Exploit

Public Proof Of Concept is available for two bulletins that were reported by CODESYS in the last few weeks.
More info.


Dell

Patch

Multiple components within Dell EMC PowerProtect Cyber Recovery require a security update to address various vulnerabilities.  This is rated Critical.
More info.

The embedded operating system components in RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG require a security update to address various vulnerabilities. This is rated Critical.
More info.


Linux

Patch

SUSE has updates for mariadb, icu, glibc, the kernel, and others.  More info.
OpenSUSE has updated phpmyadmin and others.  More info.
Arch Linux has updated the kernel, chromium, and others.  More info.
RedHat has updated the kernel, chromium, python, and others.  More info.
Debian has updated libpam-krb5.  More info.
Ubuntu has pam-krb5.  More info.
Mageia has updated vim, chromium, php, and others.  More info.
Gentoo Linux has updated qemu and others.  More info.


  

Tuesday 31 March 2020


Westermo

Patch

WeOS is vulnerable to the PPP security vulnerability published 2020-03-02.  CVSSv3 score of 9.8. This vulnerability could allow a remote attacker to crash parts of WeOS or run remote code execution.
More info.


IBM

Patch

There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus.  Highest CVSSv3 score is 8.4
More info.

IBM Security Guardium is affected by a DoS vulnerability in the Linux Kernel. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
More info.


Dell

Patch

Multiple components within the Dell EMC VNX2 Product Family require a security update to address various vulnerabilities.  These include OpenSSL and Java SE.  Dell has rated this critical.
More info.


GnuTLS

Patch

GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol.
More info.


Auto

New

Researchers have identified vulnerabilities in the AVN systems in Lexus and Toyota, both which can allow unsecure bluetooth connections to access.
More info.


Linux

Patch

RedHat has updated the kernel, wireshark, samba, twisted, and others.  More info.
Ubuntu has updated timeshift, webkitgtk+, and others.  More info.
Gentoo Linux has updated qemu and others.  More info.


  

Monday 30 March 2020


D-Link

Exploit

Raelize has provided detailed information for security vulnerabilities in the DSL-2640B gateway.  This device is EOL, and D-Link doesn't plan for patches.
More info.


OpenWRT

Exploit

A bug in the opkg command allowed downloading of malicious packages.  This was patched the beginning of Feb, details of the exploit are out now.
More info.


Mitsubishi

New

Mitsubishi Electric is aware of a vulnerability of Uncontrolled Resource Consumption in MELSOFT transmission port (UDP/IP) of MELSEC iQ-R, iQ-F, Q, L and F series programmable controllers. When an attacker sends a large amount of data to the MELSOFT transmission port it may enter an unprocessable condition, resulting in a DoS. No fix, put in a firewall.
More info.


Micro Focus

Patch

A vulnerability in Apache Tomcat was addressed by Database and Middleware Automation. The vulnerability could be exploited to remote code execution.
More info.


NetApp

New

Multiple NetApp products incorporate the Apache Struts libraries. Apache Struts versions prior to 2.3.20 are susceptible to vulnerability which when successfully exploited could result in arbitrary code execution.  No patches yet.
More info.


Linux

Patch

SUSE has updated spamassassin.  More info.
OpenSUSE has updated ruby, strongswan, phpmyadmin, and others.  More info.


  

Friday 27 March 2020


Apache

Patch

Apache Traffic Server is vulnerable to various smuggling attacks.  There are 3 different vulnerabilities, each with a CVSSv3 score of 9.8.
More info.


F5

Patch

BIG-IP virtual servers that contain an HTTP profile are vulnerable to a DoS. An HTTP profile is required and any BIG-IP module that uses the HTTP profile is impacted.
More info.

Specially formatted HTTP/3 messages may cause the Traffic Management Microkernel (TMM) in BIG-IP to produce a core file. TMM may restart and temporarily fail to process traffic on BIG-IP hosts with the HTTP/3 QUIC profile configured. High availability (HA) configurations will fail over the the standby host.
Note that HTTP/3 QUIC profile is experimental, and not likely to be enabled in production.
More info.

BIG-IP contains a vulnerability in the AWS driver. A remote attacker may be able to cause TMM to stop processing new traffic and effect a remote denial of service (DoS).
More info.


IBM

Patch

Multiple vulnerabilities in HTTP2 affect WebSphere Liberty.
More info.


NetApp

New

NetApp has published seven new bulletins regarding security vulnerabilities in third-party packages.  Only one patched so far.
More info.


Linux

Patch

SUSE has updated tomcat and ldns.  More info.
OpenSUSE has updated the kernel, chromium, and mcpp.  More info.
Debian has updated icu.  More info.
Oracle Linux has updated ipmitool.  More info.
Gentoo Linux has updated flash, unzip, php, and others.  More info.
Amazon Linux 2 has updated the kernel, thunderbird, openssl, and qemu.  More info.


  

Thursday 26 March 2020


CODESYS

Patch

The CODESYS web server is used by the CODESYS WebVisu to display CODESYS visualization screens in a web browser. Specific crafted requests may cause a heap-based buffer overflow. Further on this could crash the web server, lead to a denial-of-service condition or may be utilized for remote code execution. CVSSv3 of 10.
More info.


Apple

Patch

Apple has published security updates for iCloud for Windows.
More info.


Micro Focus

Patch

Multiple vulnerabilities exist in the Kubernetes component used by Micro Focus CDF platform. The vulnerabilities may lead to DoS, unauthorized access, RCE, improper access control, uncontrolled resource consumption, improper symbolic link resolution, and unauthorized privilege escalation.
More info.


BlackBerry

Patch

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.  The bulletin was just published, but says March 2019 in several places, possibly typos.  This is the first update bulletin in 2020.
More info.


TP-Link

Patch

Multiple vulnerabilities were identified in TP-Link Archer A7 AC1750 routers. The vulnerabilities include RCE, hardcoded cryptographic key, firewall bypass, buffer overflow, and others.
More info.


Linux

Patch

SUSE has updated python crypto pieces.  More info.
RedHat has updated zsh, postgresql, ipmitool, and openshift.  More info.
CentOS has updated the kernel, python, libvncserver, firefox, tomcat, and others.  More info.
Debian has updated icu.  More info.
Oracle Linux has updated libvncserver.  More info.
Gentoo Linux has updated tor, samba, chromium, pureftpd, and others.  More info.


  

Wednesday 25 March 2020


VISAM

New

VISAM Automation Base (VBASE) contains several security vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker to read the contents of unexpected files, escalate privileges to system level, execute arbitrary code on the targeted system, bypass security mechanisms, and discover the cryptographic key for the web login.  No response from VISAM.
More info.


Adobe

Patch

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability.  Successful exploitation could lead to arbitrary file deletion.
More info.


Apple

Patch

Apple has published security updates for iTunes for Windows, iOS, iPadOS, Safari, watchOS, tvOS, macOS, and xCode.
More info.


OPC

Patch

OPC has published security updates for OPC UA .NET and Java Client. This security update resolves a vulnerability in OPC UA Clients built with the OPC UA .NET or Java code bases that could result in encrypted password credentials or signed X509 certificate credentials being sent in a form that can be intercepted and reused.
More info.


CODESYS

Patch

CODESYS has published a security bulletin addressing all products containing the CmpRouter or CmpRouterEmbedded component.  An out-of-bounds memory buffer access can allow a remote attacker to cause a DoS.
More info.


Dell

Patch

Dell EMC iDRAC7, iDRAC8 and iDRAC9 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
More info.


Linux

Patch

SUSE has updated keepalive.  More info.
OpenSUSE has updated glibc, nghttp2, and others.  More info.


  

Tuesday 24 March 2020


Microsoft

0-Day

Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system.  This is under active exploit, there are workarounds, patch is expected Patch Tuesday.
More info. And here. And here.


Micro Focus

Patch

Micro Focus has published a security update for iManager that disables AJP ports by default.
More info.


Dell

Patch

Dell has published four new security bulletins, two rated Critical and two Medium.
More info.

Multiple third party components within EMC Unisphere for PowerMax, Virtual Appliance, EMC Solutions Enabler, Virtual Appliance, and EMC PowerMax Embedded Management require a security update to address various vulnerabilities, including Windows, Java, and OpenSSL.
More info.

The DNS protocol used by SmartConnect within Dell EMC Isilon OneFS requires a security update to address various vulnerabilities, leading to DoS.
More info.

Multiple components within RSA Authentication Manager require a security update to address various vulnerabilities.
More info.


F5

New

All F5 products are vulnerable to an attacker using JNDI injection to implement remote code execution.  CVSSv3 score of 9.8.  No patches yet.
More info.


Linux

Patch

SUSE has updated postgresql, strongswan, python, and others.  More info.
Debian has updated chromium, tor, and others.  More info.
Oracle Linux has updated tomcat, thunderbird, and libvncserver.  More info.
Ubuntu has updated vim.  More info.
Alpine Linux has published an update with security fixes for several third-party software pieces.  More info.


  

Monday 23 March 2020


Schneider
Electric

Patch

Schneider Electric has patched a vulnerability in two versions of Schneider Electric’s Modicon programmable controllers and its EcoStruxureControl Expert (formerly Unity Pro) programming software.  The vulnerability could allow attackers to transfer malicious code to the controller.
Note there are steps to take after the hot fix is applied.
More info.


IBM

Patch

IBM Jazz for Service Management is vulnerable to Open redirection vulnerabilities which arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way.
More info.


Check Point

New

Check Point has begun publishing updates for the PPP EAP vulnerability.
More info.


phpMyAdmin

Patch

An SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results.
More info.


MITRE

Patch

Caldera contains an Improper Authorization vulnerability that allows a remote attacker to bypass authentication process. The vulnerability exists due to an error in a forged "localhost" string in the HTTP Host header. A remote attacker can bypass authentication process and gain unauthorized access to the application.
More info.


Linux

Patch

SUSE has updated ruby.  More info.
OpenSUSE has updated chromium and thunderbird.  More info.
RedHat has updated tomcat, thunderbird, and others.  More info.
Debian has updated chromium, tor, and others.  More info.
Oracle Linux has updated tomcat.  More info.


  

Friday 20 March 2020


Google

Patch

Google has published a new version of Chrome for Desktop with 13 security fixes.
More info.


PHP

Patch

PHP has published a new version, including a security fix for get_headers. Testing shows that this can cause well-written scripts to get headers for an unexpected domain. Those headers could leak sensitive information or unexpectedly contain attacker-controlled data.
More info.  And here.


Insulet

New

Insulet Omnipod's wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
More info.


Eaton

Patch

Eaton is aware of security vulnerability in UPS Companion software used to monitor the UPS. UPS companion software is affected by an ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.
More info.


NetApp

New

NetApp has published five bulletins regarding Intel vulnerabilities in NetApp products.  No patches yet.
More info.


FreeBSD

Patch

FreeBSD has updated tcp, ntp, and others.
More info.

When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, the Traffic Class field is not initialized. For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte of kernel memory is transmitted over the network.
More info.


Linux

Patch

SUSE has updated tomcat.  More info.
OpenSUSE has updated wireshark.  More info.
RedHat has updated openshift.  More info.
Oracle Linux has updated thunderbird and python-imaging.  More info.
Ubuntu has updated twisted.  More info.
Gentoo Linux has updated clamav, phpmyadmin, tomcat, and others.  More info.


  

Thursday 19 March 2020


Dell

Patch

Dell has published a Critical bulletin for multiple third party components within Dell EMC SRM and Dell EMC SMR which require a security update to address various vulnerabilities.
More info.


Tor

Patch

New releases of Tor include a security fix for a DoS vulnerability.
More info.


Linux

Patch

SUSE has updated postgresql, firefox, thunderbird, and nghttp.  More info.
Arch Linux has updated bluez and chromium.  More info.
RedHat has updated thunderbird and others.  More info.
Oracle Linux has updated the kernel, icu, zsh, and others.  More info.
Ubuntu has updated apache, the kernel, and others.  More info.
Amazon Linux has updated java, sudo, and nss.  More info.
Amazon Linux 2 has updated sudo and java.  More info.


  

Wednesday 18 March 2020


Adobe

Patch

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS, Photoshop for Windows and macOS, Adobe Bridge, ColdFusion, Adobe Experience Manager, Adobe Genuine Integrity Service for Windows. These updates address critical and important vulnerabilities. Successful exploitation of most of the vulnerabilities could lead to arbitrary code execution in the context of the current user.
More info.


McAfee

Patch

Network Security Manager/Network Security Platform/Network Threat Behavior Analysis update fixes multiple vulnerabilities, including weak ciphers and XSS.
More info.


Huawei

Patch

Huawei has published several new bulletins regarding smartphones and other products.
More info.

Some Huawei products (Secospace AntiDDoS8000) have a security vulnerability due to improper authentication. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.
More info.


Linux

Patch

Arch Linux has updated thunderbird.  More info.
RedHat has updated zsh and others.  More info.
Ubuntu has updated icu, the kernel, and others.  More info.


  

Tuesday 17 March 2020


Trend Micro

Exploit

Trend Micro has released Critical Patches for Apex One and OfficeScan XG that resolve multiple vulnerabilities in the product – including some critical ones.  Highest CVSSv3 score of 10, in three vulnerabilities.  There have been active attempts to exploit two vulnerabilities.
More info.

Trend Micro has released Critical Patches for Worry-Free Business Security that resolve multiple vulnerabilities in the product – including some critical ones.  Highest CVSSv3 score of 10 for two vulnerabilities.  There have been active attempts to exploit one of the vulnerabilties.
More info.


Micro Focus

Patch

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow exposure of configuration data.
More info.

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow unauthorized access to configuration data.
More info.


Linux

Patch

RedHat has updated the kernel.  More info.
Oracle Linux has updated firefox.  More info.


  

Monday 16 March 2020


Moxa

Patch

Multiple product vulnerabilities were identified in Moxa’s cellular management software OnCell Central Manager. The vulnerabilities are based on Apache Flex BlazeDS’s, a third-party component, that is embedded on the OnCell central manager.  One of the vulnerabilities allows remote code execution.
More info.


Micro Focus

Patch

GroupWise has been updated to correct several security vulnerabilties, including information disclosure and authentication bypass.
More info.


Linux

Patch

SUSE has updated the kernel, firefox, wireshark, and others.  More info.
OpenSUSE has updated firefox, php, tomcat, and others.  More info.
Arch Linux has updated thunderbird and others.  More info.
RedHat has updated firefox.  More info.
Oracle Linux has updated the kernel.  More info.
Gentoo Linux has updated thunderbird, sudo sqlite, ppp, squid, and others.  More info.
Mageia has updated thunderbird, firefox, and flash.  More info.
Amazon Linux has updated tomcat, php, the kernel, and others.  More info.
Amazon Linux 2 has updated tomcat.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020