Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 29 May 2020


IBM

Patch

IBM has announced a security update for IBM Security Identity Governance and Intelligence (IGI). Hard coded credentials have been removed from the IBM Security Directory Integrator version used by IBM Security Identity Governance and Intelligence.  Also, the Virtual Appliance is vulnerable to an XML External Entity Injection (XXE) attack that could expose sensitive information or consume memory resources.
More info. And here.


CipherMail

Patch

Two vulnerabilities were found in the Community Virtual Appliance, which would allow a remote attacker with access to the management console and administrator rights to execute arbitrary privilege commands on the operating system.
More info. And here.


Micro Focus

Patch

Micro Focus has published a security patch for Identity Intelligence and NetIQ Identity Manager.  The vulnerability could be exploited to unauthorized access in several products built on the Micro Focus CDF, including ArcSight Investigate, Transformation Hub, ArcSight Interset, ArcSight ESM, ArcSight Investigate, Transformation Hub, Operation Bridge Suite, Network Operation Management, Data Center Automation, Hybrid Cloud Management, and SMA.
More info. And here. And here. And here. And here. And here. And here. And here.

Cloud Optimizer contains the Apache Tomcat AJP vulnerability, which could be exploited to file content disclosure of the web application or remote code execution.
More info.


Cisco

Patch

Cisco Modeling Labs Corporate Edition (CML) and Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) incorporate a version of SaltStack that is affected by Authentication Bypass and Directory Traversal vulnerabilities.
More info.


Exim

Exploit

The NSA is reporting that Russian cyber actors, known publicly as Sandworm, have been exploiting a vulnerability in Exim MTA software since at least August 2019. A patch was released June 2019. If you haven't patched, you're part of the problem.
More info.


Linux

Patch

RedHat has updated git, freerdp, bind, and more.  More info.
Oracle Linux has updated git.  More info.


  

Thursday 28 May 2020


SWARCO

Patch

SWARCO Traffic Systems product CPU LS4000 contains an open port used for debugging which grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. CVSSv3 score of 10
More info.


Belden

Patch

Hirschmann OWL devices are vulnerable to the pppd EAP buffer overflow, which allows remote attackers to execute arbitrary code. CVSSv3 score of 9.8
More info.


Dell

Patch

Multiple components within Dell EMC SRS Virtual Edition require a security update to address various vulnerabilities.  Dell has rated this a Critical update.
More info.


NetApp

New

NetApp has published six new bulletins covering vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated the tomcat.  More info.
Debian has updated unbound.  More info.
Ubuntu has updated openssl, php, unbound, and others.  More info.


  

Wednesday 27 May 2020


Inductive
Automation

Patch

Inductive Automation Ignition 8 Gateway contains several vulnerabilities, including Missing Authentication and Deserialization of Untrusted Data.  Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and perform remote code execution with SYSTEM privileges. Highest CVSSv3 score of 9.8
More info.


Bosch

New

Bosch Recording Station uses Windows 7, and is affected by EternalBlue and BlueKeep, as well as Kiosk mode escape.  No patches, closed network access and physical appliance upgrade are recommended.
More info.


Apple

Patch

Apple has published security updates for macOS, Safari, iCloud, and Windows Migration Assistant, containing  RCE, Information Disclosure, and DoS vulnerabilities. Also, details for security updates published last week are now available.
More info.


Trend Micro

Patch

Trend Micro has released a new Critical Patch for Trend Micro InterScan Web Security Appliance (IWSVA) 6.5.  This resolves multiple vulnerabilities related to XSS, directory traversal information disclosure, authenticated command injection and authentication bypass. 
More info.


Linux

Patch

SUSE has updated the kernel, mariadb, and others.  More info.
Arch Linux has updated freerdp.  More info.
RedHat has updated the kernel, jackson-databind, ruby, and others.  More info.
Debian has updated unbound.  More info.
Ubuntu has updated thunderbird.  More info.
Mageia has updated nginx and others.  More info.


  

Tuesday 26 May 2020


ABB

Patch

ABB has published seven bulletins regarding products that contain the Wind River VxWorks IPNet vulnerabilities that became public last July.  These include FOX615 Multiservice-Multiplexer, Relion 670, Relion 650, SAM600-IO Series, AFS66x, NSD570 Teleprotection Equipment, ETL600 Power Line Carrier System, REB500, and RTU500 series.
More info.


Fortinet

Patch

An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.
More info.


Linux

Patch

OpenSUSE has updated python, pdns-recursor, tomcat, gcc, and others.  More info.
Arch Linux has updated freerdp.  More info.
RedHat has updated the kernel and others.  More info.
Debian has updated netqmail.  More info.
Ubuntu has updated the kernel.  More info.
Mageia has updated the kernel, clamav, wireshark, dns resolvers, and others.  More info.


  

Friday 22 May 2020


Johnson
Controls

Patch

During installation or upgrade to C•CURE 9000 and victor Video Management System, the credentials of the Windows account used to perform the installation or upgrade is logged in a file. The install log file persists after the installation. This results in unintended plain text storage of the Windows user credentials. CVSSv3 score of 9.9
More info.


Microsoft

Patch

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input. An attacker who successfully exploited this vulnerability could write files to arbitrary locations and gain elevated privileges.
More info.


NetApp

New

NetApp has published two security bulletins about vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated tomcat, bind, dovecot and others.  More info.
RedHat has updated .NET and dotnet.  More info.
CentOS has updated squid.  More info.
Debian has updated pdns-recursor.  More info.
Ubuntu has updated clamav, the kernel, and others.  More info.


  

Thursday 21 May 2020


Cisco

Patch

Cisco has published five security bulletins, one rated Critical, one rated High, and three rated Medium.
More info.

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
More info.

A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
More info.


Apple

Patch

Apple has published updates for iOS, iPadOS, tvOS, and xCode.  Details for most are not yet available.
More info.


IBM

Patch

DB2 contains several vulnerabilities which can affect the IBM Performance Management product.  Highest CVSSv3 score of 9.8
More info.

IBM DataPower Gateway is affected by multiple vulnerabilities in Dojo. Highest CVSSv3 score of 7.5
More info.


Xerox

Patch

Xerox has published several bulletins regarding Solaris, Java, Firefox, and BIOS updates for the FreeFlow Print Server platforms.
More info.


F5

New

Traffix SDC contains a vulnerability that allows an attacker to trigger a DoS attack through memory exhaustion.  No patch yet
More info.


NetApp

Patch

Element OS and Element HealthTools are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
More info.


Fortinet

Patch

FortiAnalyzer and FortiManager are vulnerable to a 2004 CVE that allows remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST or SYN packet.
More info.


Linux

Patch

SUSE has updated bind and others.  More info.
Arch Linux has updated bind, unbound, chromium, and ant.  More info.
CentOS has updated firefox, squid, thunderbird, and the kernel.  More info.
Debian has updated dovecot.  More info.


  

Wednesday 20 May 2020


Google

Patch

Google has updated Chrome for Desktop to correct 38 security vulnerabilities.
More info.


Emerson

Patch

Emerson OpenEnterprise SCADA software contains several vulnerabilities.  Successful exploitation of these vulnerabilities could allow an attacker access to OpenEnterprise configuration services or access passwords for OpenEnterprise user accounts.  Highest CVSSv3 score of 10.0
More info.


DNS

Patch

NXNSAttack allows malicious parties to use recursive DNS services to attack third party authoritative name servers.
More info. And here.

PowerDNS Recursor has released a fix. More info.
Microsoft is aware, no patch. More info.
Unbound has updated their DNS resolver for the these issues. More info.
Same for Knot Resolver. More info.
ISC BIND has updated.  More info.


TIBCO

Patch

TIBCO JasperReports Server contains a vulnerability that allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can exploit the vulnerability consistently, remotely, and without authenticating. Highest CVSSv3 of 9.8
More info.


HPE

Patch

Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. CVSSv3 score of 9.9
More info.

Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. CVSSv3 score of 9.9
More info.


Dell

Patch

Multiple components within the Dell EMC Unity, Dell EMC Unity VSA, and Dell EMC Unity XT Product Families require a security update to address various vulnerabilities.  Dell has rated this Critical.
More info.


Wireshark

Patch

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
More info.


Linux

Patch

SUSE has updated dpdk, python, and others.  More info.
Arch Linux has updated openconnect, powerdns, and dovecot.  More info.
RedHat has updated java, the kernel, and others.  More info.
Debian has updated bind.  More info.
Ubuntu has updated exim and bind.  More info.


  

Tuesday 19 May 2020


Moodle

Patch

Moodle contains two vulnerabilities rated Serious. The first allows RCE, the second allows stored XSS.
More info. And here.


Adobe

Patch

Adobe has published updates for Premier Rush, Audition, Premier Pro, and Character Animator.  Vulnerabilities fixed include OOB memory read leading to information disclosure, privilege escalation, and stack overflow reading to RCE.
More info.


Apple

Patch

Apple has published updates for watchOS.  Details aren't yet available.
More info.


IBM

Patch

Multiple vulnerabilities in Apache Solr (lucene) were addressed by IBM InfoSphere Information Server. CVSSv3 score of 9.8
More info.


F-Secure

Patch

A CSRF vulnerability was discovered in the web user interface of F-Secure Linux Security. An unauthenticated user can send the CSRF request to the web user interface. A successful attack can lead to the product settings being disabled remotely through the web interface. These include antivirus, the firewall, and the integrity protection settings.
More info.


ISC

Patch

An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients.
More info.

BIND does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral, resulting in degraded performance or use as a reflector in a reflection attack with a high amplification factor.
More info.


Linux

Patch

Debian has updated dpdk.  More info.
Ubuntu has updated the kernel and dpdk.  More info.


  

Monday 18 May 2020


Microsoft

Patch

Microsoft has revised the Security Updates table of CVE-2020-1108 to include PowerShell Core 6.2 and 7.0 because they are affected by CVE-2020-1108.
More info.


PHP

Patch

PHP 7 has been updated to fix two security bugs that allow long variables and long file names to cause OOM and possible crash.
More info. And here. And here.


HMS

Patch

Ewon eCatcher contains a vulnerability that may allow an attacker to eavesdrop the connection with a forged certificate.
More info.


IBM

Patch

IBM Sterling B2B Integrator has addressed multiple security vulnerabilities in jackson-databind.  CVSSv3 score of 9.8
More info.

A widely used function in the OpenJ9 JVM is vulnerable to buffer overflows. Multiple Java Runtime components use the vulnerable code, so the issue can manifest in a number of different ways.
More info.


MicroFocus

Patch

A potential XSS vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
More info.


NetApp

New

NetApp has published eight new security bulletins covering vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated mailman and others.  More info.
OpenSUSE has updated mailman and others.  More info.
Arch Linux has updated keycloak.  More info.
Oracle Linux has updated the kernel.  More info.
Debian has updated exim and apache-log4j.  More info.
Ubuntu has updated dovecot.  More info.
Mageia has updated ntp, flash, libreswan, and others.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020