Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Monday 27 January 2020


Cisco

Exploit

A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android.  Cisco is aware of active use of the vulnerability, which has been patched in the cloud products.
More info.


NetApp

New

NetApp has published four new bulletins regarding vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated tomcat, java, python, and others.  More info.
OpenSUSE has updated libssh and others.  More info.
RedHat has updated sqlite and others.  More info.


  

Friday 24 January 2020


GE

Patch

GE CARESCAPE, ApexPro, and Clinical Information Center systems contain multiple vulnerabilities, that include allowing an attacker to obtain access to the SSH private key in configuration files, remote code execution, hardcoded SMB credentials, missing authentication, weak encryption of remote desktop control, and arbitrary file upload. Five of the six have a CVSSv3 score of 10. No patches yet, isolate the networks.
More info.


CODESYS

Patch

CODESYS products like CODESYS Control runtime systems provide communication servers to enable communication with clients like the CODESYS Development System. Crafted requests may cause an uncontrolled memory allocation in the affected CODESYS products, which may result in a denial-of-service condition.
More info.  And here.


IBM

Patch

IBM DataPower Appliance and IBM MQ Appliance have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC.  There have also been updates for vulnerable third-party software.
More info.


Citrix

Patch

Patches are available for additional Citrix ADC and Gateway versions, with one last patch due today.
More info.


Linux

Patch

SUSE has updated samba.  More info.
Debian has updated python-apt.  More info.
Oracle Linux has updated python, java, and openslp.  More info.
Ubuntu has updated clamav and gnutls.  More info.


  

Thursday 23 January 2020


Cisco

Patch

Cisco has published 25 new bulletins and two updated bulletins.  One is rated Critical with a CVSSv3 score of 9.8, six new bulletins and one updated bulletin are rated High, the rest are Medium.
More info.

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server.  CVSSv3 of 9.8
More info.

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface.
More info.

Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
More info.  And here.


Citrix

Patch

Citrix has published updates for the WAN WANOP products, and scheduled the final patches for the rest of the affected products for tomorrow.
More info.


Synology

New

Multiple vulnerabilities allow remote authenticated users to bypass security constraints via a susceptible version of Synology Directory Server or allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).  No patches yet.
More info.


IBM

Patch

IBM Security Information Queue (ISIQ) relies on older Oracle JDBC and PostgreSQL JAR files that have known vulnerabilities.  CVEs addressed are from 2016 forward.
More info.


PHP

Patch

PHP 7.4.2 contains fixes for a global buffer overflow and an OOB read.
More info.


Xerox

Patch

Multiple Xerox WorkCentre models contain a vulnerability to hacked clone dlm, and cleartext transmission of passwords.
More info.


Linux

Patch

SUSE has updated tigervnc, java, and the kernel.  More info.
OpenSUSE has updated chromium, thunderbird, and others.  More info.
Oracle Linux has updated python, java, and openslp.  More info.
Ubuntu has updated python-apt.  More info.
Scientific Linux has updated openslp, apache, python, and others.  More info.


  

Wednesday 22 January 2020


Medical

New

Medical device providers are starting to evaluate the recent Microsoft vulnerabilities (namely CryptoAPI, or Curveball, and RDG) in their products.  Most are simply evaluating at this time.
More info for SpaceLabs Healthcare (RDG).
More info for Carestream (CryptoAPI).
More info for GE Healthcare (CryptoAPI).
More info for Philips (CryptoAPI).


IBM

Patch

IBM has published more than 60 new bulletins covering their products.  Take a look if you have IBM in your shop.
More info.


NetApp

New

NetApp has published three new bulletins regarding third-party software vulnerabilities in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated samba and others.  More info.
OpenSUSE has updated tigervnc, python, and others.  More info.
Arch Linux has updated chromium.  More info.
RedHat has updated python, java. apache, and others.  More info.
Oracle Linux has updated python, java, and apache.  More info.
Debian has updated openconnect and chromium.  More info.
Ubuntu has updated pysaml2 and samba.  More info.
Scientific Linux has updated java.  More info.


  

Tuesday 21 January 2020


Microsoft

Exploit

The scripting vulnerability in IE is actvely being exploited.  A patch is expected in February monthly patches.
More info.


Citrix

Patch

Citrix has released fixed builds for Citrix ADC versions 12.0 and 11.1 and Citrix Gateway versions 12.0 and 11.1.  End of month for the rest of the vulnerable products.
More info.


Dell

Patch

Dell EMC Unity Family and the Dell EMC Unity XT Product Family require a security update to address a Denial of Service vulnerability that may be exploited by attackers to compromise the affected system.
More info.

Dell EMC VCF over VxRail requires a security update. VMware ESXi contains an OpenSLP remote code execution vulnerability in VCF over VxRail. A malicious user with network access to port 427 on an ESXi host may be able to overwrite the heap of the OpenSLP service resulting in remote code execution.
More info.


NetApp

New

NetApp has published a bulletin for tcpdump in their products.  No fix yet.
More info.


Netgear

New

NETGEAR is aware of a Transport Layer Security (TLS) certificate private key disclosure vulnerability on certain product models.  No patches yet, workaround is use HTTP.
More info.


Linux

Patch

SUSE has updated libssh, java, thunderbird, and others.  More info.
OpenSUSE has updated php.  More info.
Arch Linux has updated chromium.  More info.
RedHat has updated java and others.  More info.
Oracle Linux has updated java and .net.  More info.
Debian has updated openconnect and chromium.  More info.
Ubuntu has updated libbsd and others.  More info.


  

Monday 20 January 2020


Microsoft

Patch

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
More info.


Citrix

New

Citrix has published a blog entry identifying two specific versions of Citrix SD-WAN WANOP that are vulnerable to the same issue as Citrix ADC and NetScaler.  Also, the given mitigation fails on specific builds of ADC and Gateway.  Patches are still expected today.
More info.


Dell

Patch

Multiple components within Dell EMC Data Protection Central require a security update to address various vulnerabilities. 
More info.


Linux

Patch

OpenSUSE has updated uftpd.  More info.
CentOS has updated thunderbird, java, and git.  More info.
Oracle Linux has updated thunderbird.  More info.
Debian has updated openjdk, thunderbird, and cacti.  More info.
Ubuntu has updated the kernel.  More info.
Mageia has updated wireshark and others.  More info.
Amazon Linux 2 has updated java, thunderbird, tcpdump, and others.  More info.
Scientific Linux has updated thunderbird.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020