Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 23 October 2020


Cisco

Patch

Cisco has updated all the ASA and Firepower bulletins with this notice:   Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 
More info.


B.Braun

Patch

B. Braun OnlineSuite contains multiple vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, download and upload arbitrary files, and perform remote code execution. Highest CVSSv3 score of 8.6
More info. And here.

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus contain multiple vulnerabilities, mostly around authorization and authentication best practices. Successful exploitation of these vulnerabilities could allow an attacker to compromise the security of the Space or compactplus communication devices, allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution. 
More info. And here.


Microsoft

Patch

Microsoft has updated chromium-based Edge to correct the latest chromium vulnerabilities.
More info.


NetApp

New

NetApp has published four new bulletins regarding third-party software vulnerabilities that affect NetApp products.
More info.


Linux

Patch

SUSE has updated the kernel, xen, and others. More info.
OpenSUSE has updated mailman. More info.
RedHat has updated firefox and openjdk. More info.
Oracle Linux has updated openjdk. More info.
Ubuntu has updated firefox and others. More info.
Gentoo Linux has updated freetype. More info.


  

Thursday 22 October 2020


Cisco

Patch

Cisco has published 36 new bulletins, 20 rated High.  Vulnerabilities are addressed in ASA, Firepower, FXOS, and other products.
More info.


Mozilla

Patch

Mozilla has published a bulletin for Thunderbird rated High, which could result in DoS or RCE.
More info.


HPE

Patch

The HPE BlueData EPIC Software Platform and HPE Ezmeral Container Platform use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. CVSSv3 score of 9.9
More info.


Synology

Patch

Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Media Server.
More info.


Linux

Patch

SUSE has updated the kernel, tomcat, php, and others. More info.
OpenSUSE has updated chromium. More info.
RedHat has updated openjdk. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated firefox and freetype. More info.
Ubuntu has updated pam-python. More info.


  

Wednesday 21 October 2020


Oracle

Patch

Oracle has released its Quarterly Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. 268 of the vulnerabilities are remotely exploitable without authentication.  A remote attacker could exploit these vulnerabilities to take control of an affected system.
More info.


Adobe

Patch

Adobe has released updates for Creative Cloud Desktop, InDesign, Media Encoder, Premier Pro, Photoshop, After Effects, Animate, Marketo, Dreamweaver and Illustrator.
More info.

Adobe has released updates for Adobe Animate for Windows and macOS. This update resolves multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
More info.


Google

Patch

Google has published a new version of Chrome with five security fixes, the most severe of which could allow for arbitrary code execution.
More info.


Cisco

Exploit

Cisco has reported public exploits for vulnerability reported and fixed in February.  A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device.
More info.


ABB

Patch

A vulnerability exists in Hitachi ABB XMC20 products. An attacker could exploit the vulnerability by sending a specially crafted message to the XMC20 node, causing the node to allow the attacker to open a communication channel without first performing authentication, resulting in unauthorized access. CVSSv3 score of 9.1
More info.


Mozilla

Patch

Mozilla has published security advisories for Firefox and Firefox ESR that are rated High, and outline vulnerabilities that could lead to RCE or DoS.
More info.


Aruba

Patch

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities, including RCE via unauthenticated exposure of services.  Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel and others. More info.
OpenSUSE has updated bind and php. More info.
RedHat has updated postgresql. More info.
Debian has updated mariadb. More info.
Ubuntu has updated tomcat and others. More info.
Mageia has updated the kernel, tigervnc, and others. More info.
Scientific Linux has updated squid, libssh2, and others. More info.
Alpine Linux has put out version 3.12.1 More info.


  

Tuesday 20 October 2020


Micro Focus

Patch

A potential information leakage vulnerability can result in unauthorized access to NetIQ Directory Resource Administrator.
More info.


VMware

Patch

OpenSLP as used in ESXi has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. CVSSv3 base score of 9.8.
More info.


Linux

Patch

OpenSUSE has updated bind, the kernel, and transfig. More info.
RedHat has updated the kernel, python, and others. More info.
Debian has updated the kernel. More info.
Ubuntu has updated the kernel and collabtive. More info.
Arch Linux has updated freetype2. More info.
Gentoo Linux has updated ark, libxml, and others. More info.


  

Monday 19 October 2020


Dell

Patch

Multiple components within Dell EMC Integrated Data Protection Appliance (IDPA) require a security update to address various vulnerabilities. 
More info.


Apache

Patch

Solr prevents some features considered dangerous (which could be used for RCE) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
More info.


QNAP

Patch

The Zerologon vulnerability has been reported to affect some versions of QTS.  If exploited, this vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller. CVSSv3 score of 10
More info.


Blackberry

Patch

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones.
More info.


Linux

Patch

SUSE has updated gcc and others. More info.
OpenSUSE has updated phpmyadmin, rubygem, powerdns, and others. More info.
RedHat has updated nodejs and one other. More info.
Debian has updated yaws. More info.
Arch Linux has updated the kernel, powerdns, lua, and others. More info.
Gentoo Linux has updated chromium, firefox, and thunderbird. More info.
Mageia has updated php, flash, wireshark, and others. More info.


  

Thursday 15 October 2020


Eaton

Patch

Eaton's XSOFT CODESYS Development System uses 3S’s Codesys Runtime, which uses WIBU CodeMeter Runtime and therefore is impacted by the WIBU vulnerabilities.  Highest CVSSv3 score of 10
More info.


IBM

Patch

Several IBM products are affected by vulnerabilities in FasterXML jackson-databind.  CVSSv3 score of 9.8
More info.  And here.  And here.


Dell

Patch

Multiple components within Dell EMC Enterprise Hybrid Cloud require a security update to address various vulnerabilities.
More info.

Multiple components within Dell EMC Integrated Data Protection Appliance require a security update to address various vulnerabilities. 
More info.

Dell EMC OpenManage Enterprise (OME) has been updated to address a vulnerability in Apache Shiro that may be exploited to compromise the affected systems.
More info.


HPE

Patch

Security vulnerabilities in HPE Intelligent Management Center (iMC) PLAT  could allow remote code execution. Highest CVSSv3 score of 9.8
More info.


Blackberry

Patch

An improper input validation vulnerability exists in UEM Core that could potentially allow a successful attacker to cause a DoS. CVSSv3 score of 7.5
More info.


Linux

Patch

SUSE has updated rugygem and others. More info.
Debian has updated httpcomponents-client. More info.
Ubuntu has updated php and vim. More info.


  

Wednesday 14 October 2020


Juniper

Patch

Juniper Quarterly Patches are out, with 40 new bulletins for Junos OS, Junos OS Evolved, and Contrail Networking.
More info.

Multiple vulnerabilities in third party software used in Juniper Networks Contrail Networking have been resolved in Release R2008. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities have been resolved in Juniper Networks NFX Series by updating third party software included with NFX Series devices. Highest CVSSv3 score of 8.2
More info.

Juniper Networks Junos OS contains a vulnerability in the telnetd Telnet server which allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. CVSSv3 score of 9.8
More info.


Fieldcomm

Patch

Fieldcomm Group HART-IP and hipserver contain a vulnerability that would allow a malicious attacker to exploit this interface by constructing HART-IP messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device.  CVSSv3 score of 9.8
More info.


Bosch

Patch

Bosch has published a bulletin addressing the Microsoft RDS vulnerability from May 2019 that exists in Rexroth Industrial PCs. Install the Microsoft patches. CVSSv3 score of 9.8
More info.


Veritas

Patch

APTARE version 10.5 contains fixes for Authorization bypass and Login process bypass vulnerabilities that could allow an unauthorized attacker to conduct RCE. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated php, tigervnc, the kernel, and others. More info.
OpenSUSE has updated tigervnc. More info.
RedHat has updated flash and others. More info.
Ubuntu has updated python, the kernel, and dom4j. More info.
Mageia has updated mariadb. More info.


  

Tuesday 13 October 2020 - Part 2


Microsoft

Patch

Microsoft Monthly Patches are out, with 88 vulnerabilities, 12 rated Critical and 6 Publicly Disclosed.  Highest CVSSv3 score of 9.8
More info.

The Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker can send specially crafted packets to execute code on the target server or client. CVSSv3 score of 9.8
More info.

A RCE vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker could run arbitrary code in the context of the SharePoint application. CVSSv3 score of 8.6
More info. And here.

A RCE vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker could run arbitrary code in the context of the logged in user. CVSSv3 score of 8.1
More info.


Adobe

Patch

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability which could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user.
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches are out with 5 new bulletins and 6 updated bulletins.
More info.

A Credentials Management vulnerability exists in the web server of the Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their communication modules. A remote unauthenticated attacker could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. CVSSv3 score of 10
More info.

WIBU CodeMeter Runtime is included in several SE products.  Highest CVSSv3 score of 10
More info.


  

Tuesday 13 October 2020


SAP

Patch

SAP Monthly Patches are out, with 15 new Security Notes and 6 updated Notes.  One new note is rated Hot News, with a CVSSv3 score of 10.  Three new notes are rated High, 10 are rated Medium, and one rated Low. Vulnerabilities addressed include OS command injection, hard-coded credentials, and XSS.
More info.


Siemens

Patch

Siemens has published two new bulletins and seven updated bulletins in their Monthly Patches.  New bulletins cover a local authorization bypass,SQL Injection, and clickjacking vulnerabilities.  Updated bulletins address WIBU CodeMeter Runtime, Intel, and others.
More info.


Rockwell
Automation

Patch

Rockwell Automation has addressed three vulnerabilities in the 1794-AENT Flex I/O Series B  adapter. A a remote, unauthenticated attacker can send a malicious packet resulting in a DoS. CVSSv3 score of 7.5
More info.


IBM

Patch

A publicly disclosed vulnerability in the kernel affects IBM Netezza Host Management. By sending a specially-crafted beacon packet, a remote attacker could overflow a buffer and execute arbitrary code or cause a DoS. CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated php. More info.
OpenSUSE has updated qemu. More info.
RedHat has updated chromium, the kernel, and others. More info.
Oracle Linux has updated firefox and thunderbird. More info.
Scientific Linux has updated bind and the kernel. More info.


  

Monday 12 October 2020


ARC

Patch

Three vulnerabilities exist in PcVue 12 that affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS.  One of those is an information exposure vulnerability allowing a remote, unauthenticated attacker to access session data of legitimate users. A PoC exists. CVSSv3 score of 7.5
More info. And here.


Weidmüller

Patch

Weidmüller u-create studio contains vulnerable versions of WIBU-SYSTEMS CodeMeter. Highest CVSSv3 score of 10
More info.


Dräger

Patch

Some Dräger products use WIBU CodeMeter Runtime for license management. Highest CVSSv3 score of 10
More info.


Apache

Patch

Apache Tomcat contained an Information Exposure vulnerability.  If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection, a subsequent request made on that connection could contain HTTP headers from a previous request.
More info.


phpMyAdmin

Patch

An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
More info.

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature.
More info.


Linux

Patch

SUSE has updated tigervnc. More info.
OpenSUSE has updated the kernel, nodejs, and others. More info.
Arch Linux has updated chromium. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated spice. More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020