Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 5 March 2021


Rockwell
Automation

Patch

Rockwell Automation 1734-AENTR Series B and Series C contain Improper Access Control, Cross-site Scripting vulnerabilities.  A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings. Highest CVSSv3 score of 7.5
More info.


Microsoft

Patch

Microsoft has updated chromium-based Microsoft Edge which incorporates the latest security updates of the Chromium project. This update a fix for the vulnerability that is currently being exploited.
More info.


Zyxel

Patch

Zyxel has released LTE router patches addressing a vulnerability that allows remote attackers to exploit a CGI script vulnerability arising from a lack of an authentication.
More info.


  

Thursday 4 March 2021


Cisco

Patch

Cisco has published 13 new bulletins, one rated High and the rest Moderate.
More info.


Micro Focus

Patch

A vulnerability in the Apache Commons Beanutils used by Service Manager server has been addressed. The vulnerability could be exploited for remote code execution.  CVSSv3 score of 7.3
More info.


NetApp

New

NetApp has published 8 new bulletins identfying security vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Fortinet

Patch

An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack (XSS) by injecting malicious payload in the error, message or redir parameters. CVSSv3 score of 4.6
More info.


Linux

Patch

SUSE has updated the kernel firmware and others. More info.
Oracle Linux has updated the kernel and others. More info.
Mageia has updated the kernel, kernel firmware, and others. More info.


  

Wednesday 3 March 2021


Microsoft

0-Day

Microsoft has published an update that fixes 7 RCE vulnerabilities, to address multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.
More info. And here.  And another article here.  Volexity report here.


Google

Exploit

Google has published an update for Chrome for Desktop that fixes 47 vulnerabilities, one of which is currently being exploited.
More info.


Rockwell
Automation

Patch

CompactLogix 5370 and ControlLogix 5570 Programmable Automation Controllers contain a vulnerability in the connection establishment algorithm that could allow a remote, unauthenticated attacker to cause infinite wait times in communications with other products resulting in DoS conditions. CVSSv3 score of 5.8
More info.


Trend
Micro

Patch

Trend Micro has released patches for products that utilize either the Virus Scan API (VSAPI) or Advanced Threat Scan Engine (ATSE) to resolve a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited. Highest CVSSv3 score of 5.5
More info.


HCL Software

Patch

HCL Domino is susceptible to a Buffer Overflow vulnerability. Using specially crafted inputs an attacker could crash the Domino server or inject malicious code into the system. CVSSv3 score of 8.1
More info.


VMware

Patch

VMware View Planner contains a remote code execution vulnerability. Improper input validation and lack of authorization lead to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. CVSSv3 score of 8.6
More info.


Linux

Patch

Mageia has updated xterm and others. More info.


  

Tuesday 2 March 2021


Google

Patch

Google Android Monthly Patches have been published.  There are 12 addressed CVEs, plus the Qualcomm components.  Four allow remote code execution.  The most severe of the issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
More info.

Google Pixel Monthly Patches are also out.  Android and Qualcomm vulnerabilties are addressed, as well as an additional 41 CVEs, with 8 of those rated High and the rest Moderate.
More info.


Samsung

Patch

Samsung has published their Monthly Patch bulletin.  Along with Android patches, Samsung Mobile provides 19 SVE items.
More info.


Veritas

Patch

Veritas has discovered an issue where Veritas Backup Exec could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme. CVSSv3 score of 8.2
More info.


Dell

Patch

Dell has published a security update EMC OpenManage Server Administrator (OMSA) that addresses multiple vulnerabilities. A remote unauthenticated attacker could potentially exploit the greatest vulnerability to gain admin access on the affected system. Highest CVSSv3 score of 8.6
More info. And here.


Linux

Patch

Red Hat has updated the kernel, bind, and others. More info.


  

Monday 1 March 2021


Qualcomm

Patch

Qualcomm Monthly Patches are out.  16 CVEs are addressed, four rated Critical, the rest High. Highest CVSSv3 score of 9.8
More info.


SaltStack

Patch

The Salt Project has released a security update to address 10 vulnerabilities with severity rating Medium to High. Highest CVSSv3 score of 8.1.
More info.


Dell

Patch

Dell PowerMax eNAS contains remediation for a Microsoft Netlogon vulnerability that may be exploited by malicious users to compromise the affected system. CVSSv3 score of 10.
Note Microsoft published this vulnerability August 2020.
More info.

Dell W-Series Access Points and Controllers contain remediation for an Aruba OS security vulnerability that may be exploited by malicious users to compromise the affected system. CVSSv3 score of 9.8
More info.

Dell EMC SRS Policy Manager contains remediation for an XML External Entity Injection Vulnerability that may be exploited by malicious users to compromise the affected system. CVSSv3 score of 7.2
More info.

Dell SupportAssist Enterprise contains remediation for multiple third-party component security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
Many of the addressed CVEs are several years old, the oldest one dates back to 2014.
More info.


Apache

Patch

Apache Tomcat has fixed an Information Exposure vulnerability.  When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
More info.


Synology

Patch

Synology has published seven new security bulletins identifying vulnerabilities in their products.  Four are rated Important, two are Moderate, and one is Low.
More info.

Multiple vulnerabilities allow remote attackers to obtain sensitive information or local users to execute arbitrary code via a susceptible version of DiskStation Manager (DSM).
More info.


Linux

Patch

OpenSUSE has updated salt, glibc, and others. More info.


  

Friday 26 February 2021


Microsoft

Patch

Microsoft has updated to the notice for the spoofing vulnerability in Microsoft Exchange Server to add an FAQ detailing further steps that must be performed to enable the protections from the vulnerability.
More info.


genua

New

Genugate is a multi-level firewall product from the manufacturer genua GmbH. An attacker can exploit a vulnerability in genua genugate with unspecified effects.  Bulletin requires login to view.
More info.


ProSoft
Technology

Patch

ProSoft Technology ICX35 contains an access control vulnerability.  Changing the password on the module webpage does not require the user to type in the current password first, allowing an attacker to change the current user’s password and alter device configurations. CVSSv3 score of 8.2
More info.


IBM

Patch

Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC. Highest CVSSv3 score of 9.8
More info.


NetApp

New

NetApp has published six new bulletins identifying vulnerabilities in third-party software included in their products.  No pathes yet.
More info.


Linux

Patch

SUSE has updated salt, glibc, and others. More info.


  

Thursday 25 February 2021


Cisco

Patch

Cisco has published 12 new bulletins, 3 rated Critical, 4 rated High, and the rest Medium.
More info.

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device and receive a token with administrator-level privileges. CVSSv3 score of 10
More info.

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. CVSSv3 score of 9.8
More info.

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. CVSSv3 score of 9.8
More info.

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. A successful exploit could cause the network stack to run out of available buffers, requiring manual intervention to restore normal operations on the affected device. CVSSv3 score of 8.1
More info.

A vulnerability with BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure mode could allow an unauthenticated, remote attacker to send a crafted BGP update to an affected device and cause a routing process to crash, which could lead to a DoS condition. CVSSv3 score of 8.6
More info.


Rockwell
Automation

Patch

Studio 5000 Logix Designer uses a key to verify Logix controllers are communicating with Rockwell Automation products. If successfully exploited, this vulnerability could allow a remote, unauthenticated attacker to bypass a verification mechanism and authenticate with Logix controllers. If exploited, this vulnerability could enable an unauthorized third-party tool to make changes to the controller configuration and/or application code. CVSSv3 score of 10
More info.


Linux

Patch

Ubuntu has updated the kernel, screen, xterm, and others. More info.


  

Wednesday 24 February 2021


Advantech

Patch

Advantech industrial cellular routers are vulnerable to the DNS cache poisoning attack known as DNSpooq. The routers are not affected by the high-severity buffer overflow vulnerabilities.
More info.



Mozilla

Patch

Mozilla has published updates for Thunderbird, Firefox, and Firefox ESR to fix CSP issues, and memory bugs that could be used to execute arbitrary code. Several of the vulnerabilities are rated High severity.
More info.


VMware

Patch

The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. CVSSv3 score of 9.8
We rarely report VMware because it almost always requires a malicious guest login, so take note...
More info.


FreeBSD

Patch

FreeBSD has published several security bulletins, including a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not.  This means that rules denying access may be ignored.
More info.


IBM

Patch

A security vulnerability in Node.js nodemailer module affects IBM Cloud Automation Manager and IBM Cloud Pak for Multicloud Management. By using a specially-crafted recipient email address, an attacker could exploit this vulnerability to execute arbitrary commands on the system.CVSSv3 score of 9.8
More info. More info.

IBM Cloud Pak for Security is vulnerable to cookie spoofing due to a vulnerability found in the DBusServer. An attacker could exploit this vulnerability to bypass authentication to allow a DBusServer with a different uid to read and write in arbitrary locations. CVSSv3 score of 9.1
More info.


Linux

Patch

Red Hat has updated xterm and others. More info.


  

Tuesday 23 February 2021


PEPPERL+FUCHS

Patch

PEPPERL+FUCHS has provided firmware updates for multiple vulnerabilities previously reported in Comtrol RocketLinx products. These vulnerabilities may allow remote attackers access, program execution and to tap information. Highest CVSSv3 score of 9.8
More info.


IBM

Patch

Multiple vulnerabilities exist in IBM Runtime Environment Java used by IBM Integration Designer. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Oracle Linux has updated stunnel and xterm. More info.


  

Monday 22 February 2021


IBM

Patch

Multiple security vulnerabilities in third-party software affect IBM Spectrum Symphony and Spectrum Conductor.  IBM has published an interim fix.  Highest CVSSv3 score of 9.8
More info. And here.


HCL Software

Patch

Multiple vulnerabilities in Apache POI and Apache Tika affect the Search component of HCL Commerce. These vulnerabilities could lead to denial of service or reading files on the file system. The real issue is the ages of the addressed CVEs, some date back several years.  Highest CVSSv3 score of 7.8
More info.


SonicWall

Patch

SonicWall conducted additional reviews to further strengthen the code for the SMA 100 series product line, and has published new firmware.
More info.


Linux

Patch

SUSE has updated the kernel and others. More info.
Red Hat has updated stunnel and xterm. More info.


  

Friday 19 February 2021


Hitachi

Patch

Hitachi has published updates for Ops Center Analyzer and Ops Center Common Services.
More info.


NetApp

New

NetApp has published nine new security bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


F5

New

BIG-IP uses curl, which is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. An attacker could provide a forged OCSP response to make it appear that a TLS certificate is valid when it may have actually been revoked. CVSSv3 score of 7.4. No patches yet.
More info.

BIG-IP uses curl, which is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.A malicious FTP server can trigger a stack overflow and cause a DoS. CVSSv3 score of 6.5. No patches yet.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Thursday 18 February 2021


Cisco

Patch

Cisco has published 4 new bulletins, one rated High the rest Medium. 
More info.

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. CVSSv3 score of 5.3
More info.


Microsoft

Patch

Microsoft has updated Chromium-based Edge with the latest updates.
More info.


BIND

Patch

A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack. CVSSv3 score of 8.1
More info.

SUSE has updated.  More info.
Debian has updated. More info.


Mitsubishi
Electric

Patch

Multiple Mitsubishi Electric FA engineering software products have  multiple DoS vulnerabilities. If a malicious attacker sends specially crafted packets and the software products receive the packets, the attacker may cause a DoS. CVSSv3 score of 7.5
More info.


WebKitGTK

Patch

A vulnerability has been discovered in WebKitGTK and WPE WebKit which could allow for arbitrary code execution. This vulnerability occurs when processing specially crafted web content due to a use after free error. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser.
More info. And here.

Debian has updated. More info.
Ubuntu has updated. More info.


Johnson
Controls

Patch

Johnson Controls has confirmed a Path Traversal vulnerability impacting the Metasys Report Engine (MRE) Web Services. The vulnerability could allow a remote unauthenticated attacker to access and download arbitrary files from the system.
More info.


OpenSSL

Patch

OpenSSL has published an update that corrects three vulnerabilities, one rated Moderate and two rated Low.  OpenSSL attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. A maliciously constructed issuer field may result in a NULL pointer deref and a crash leading to a potential DoS attack.
More info.


Linux

Patch

Alpine Linux has published version 3.13.2. More info.
Amazon Linux has updated the kernel and others. More info.


  

Wednesday 17 February 2021


Google

Patch

Google has published an update for Chrome for Desktop with 10 security fixes, at least 8 of those rated High.  Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser.
More info.


QNAP

Patch

A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code.
More info.


Aruba

Patch

Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities. One allows remote attackers to conduct stored XSS attacks.  Highest CVSSv3 score of 8.0
More info.


Phoenix
Contact

Patch

For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot, affected mGuard devices may unexpectedly receive or send data on disabled switch ports. This includes the unexpected provision of administrative interfaces. Attackers may try to access confidential data or compromise the availability of mGuard services by flooding or resource exhaustion. CVSSv3 score of 5.4
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Red Hat has updated JBoss Middleware components. More info.
Oracle Linux has updated the kernel. More info.


  

Tuesday 16 February 2021


PEPPERL+FUCHS

New

The Hilscher PROFINET IO Device V3 protocol stack included in many PEPPERL+FUCHS products contain a buffer overflow vulnerability that may allow remote attackers to cause a DoS. CVSSv3 score of 7.5  No patches are available, use external protective measures.
More info. And here.

The Hilscher EtherNet/IP Core V2 included in many PEPPERL+FUCHS products contain a memory corruption vulnerability that allows remote attackers to cause a DoS or inject arbitrary code through the network. CVSSv3 score of 7.5  No patches are available, use external protective measures.
More info. And here.


Dell

Patch

Dell EMC VPLEX contains updates for security vulnerabilities in third-party software included in the platform.  These vulnerabilities may be exploited by malicious users to compromise the affected system.  Dell rates this Critical.
More info.


Brocade

New

The host SSH server of Brocade Fabric OS utilize keys of less than 2048 bits, which may be vulnerable to man-in-the-middle attacks and/or insecure SSH communications. CVSSv3 score of 5.3  Workaround provided.
More info.


Linux

Patch

RedHat has updated the kernel and others. More info.
Mageia has updated the kernel and others. More info.


  

Monday 15 February 2021


PEPPERL+FUCHS

Patch

A Critical vulnerability has been discovered in the utilized component 499ES EtherNet/IP Stack by Real Time Automation (RTA). Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow a remote attacker to send a specially crafted packet that may result in a DoS or RCE. CVSSv3 score of 9.8
Note the RTA IP Stack vulnerabilities have been out for several months.
More info. And here.


HCL Software

Patch

IBM WebSphere Application Server is shipped as a component of HCL Digital Experience. WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection Vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. CVSSv3 score of 8.2
More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021