Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 22 January 2021


Honeywell

Patch

OPC UA Tunneller contains several vulnerabilities which could allow an attacker to disclose sensitive information, remotely execute arbitrary code, or crash the device. Highest CVSSv3 score of 9.8
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge to include the latest fixes for vulnerabilities.
More info.


Dell

Patch

Dell has updated EMC Secure Remote Services Virtual Edition to fix vulnerabilities in several third-party components included in the product. Dell rates this Critical.
More info.


Xerox

Patch

Xerox has updated FreeFlow Print Server on Windows 7 to fix several vulnerabilities in third-party software used in the product.
More info.


NetApp

New

NetApp has published bulletins identifying vulnerabilities in third-party software included in their products.  No patches yet.
More info.


  

Thurday 21 January 2021


Cisco

Patch

Cisco has published 31 new bulletins, 4 rated Critical, 9 rated High, the rest Medium.
More info.

Multiple buffer overflow vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. Highest CVSSv3 score of 8.6
More info.


Mitsubishi
Electric

Patch

Mitsubishi Electric has reported a DoS vulnerability in the robot controller of MELFA FR Series and CR Series as well as cooperative robot ASSISTA due  to resource management errors. An attacker can cause a DoS by sending a large amount of packets in burst over a short period of time.  CVSSv3 score of 7.5
More info.


IBM

Patch

IBM has published two Critical security bulletins for third-party software vulnerabilities innIBM App Connect Enterprise, IBM Integration Bus, and IBM Cloud Pak. CVSSv3 scores of 9.8
More info. And here.


NETGEAR

Patch

NETGEAR has released fixes for a stack-based buffer overflow remote code execution security vulnerability on several product models.  CVSSv3 score of 8.8
More info.


Linux

Patch

Arch Linux has updated dnsmasq and several other packages. More info.
Ubuntu has updated the kernel and others. More info.
Mageia has updated the kernel. More info.


  

Wednesday 20 January 2021


Oracle

Patch

Oracle Quarterly Patches are out.  This Critical Patch Update contains 329 new security patches, 209 of these vulnerabilities may be remotely exploitable without authentication. Highest CVSSv3 score of 9.8
More info.

Oracle Solaris third-party bulletin is also out.  There are 5 new security patches, 4 of which may be remotely exploitable without authentication. Highest CVSSv3 score of 7.5
More info.


Cisco

Patch

Cisco has updated a bulletin for Small Business RV110W, RV130, RV130W, and RV215W Routers, raising the level to Critical.  Multiple vulnerabilities in the Universal Plug and Play (UPnP) service and the web-based management interface could allow a remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly.
More info.


Google

Patch

Google has updated Chrome for the Desktop to include 36 security fixes, at least one rated Critical.
More info.


Bosch

Patch

Two vulnerabilties have been discovered affecting the Bosch Fire Monitoring System (FSM-2500 and FSM-5000). Use of Hard-coded Credentials and Use of Password Hash With Insufficient Computational Effort in the database allows an unauthenticated remote attacker to log into the database with admin-privileges. Highest CVSSv3 score of 10
More info.


ABB

Patch

A vulnerability in AC500 allows attackers to stop the PLC by sending an unauthenticated crafted packet over the network. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This vulnerability has been publicly reported. CVSSv3 score of 7.5
More info.


Thales

Patch

Thales CPL Team identified a vulnerability in Luna Network HSM 5/6, Luna PCIe, G5 USB HSM and G5 Backup HSM products.
More info.


Sierra
Wireless

Patch

Sierra Wireless has confirmed two security issues in ALEOS, one of which is remotely exploitable. A buffer overflow exists in the ACENet service, and this buffer overflow may allow remote code execution on some devices. CVSSv3 score of 5.3
More info.


Linux

Patch

Oracle Linux has updated dnsmasq. More info.


  

Tuesday 19 January 2021


Dnsmasq

Patch

Multiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.  The vulnerabilities are grouped and named DNSpooq.
The detailed description of the graphic elements indicates way too much thought about it...
Dnsmasq has an update, vendors will roll out their updates over time.
More info. Dnsmasq home page.

Cisco bulletin here.
Sophos bulletin here.
Siemens bulletin here.
RedHat bulletins here.


Linux

Patch

SUSE has updated dnsmasq. More info.
Ubuntu has updated dnsmasq and other packages. More info.
RedHat has updated dnsmasq and openshift. More info.


  

Friday 15 January 2021


FiberHome

Exploit

Researchers have identified a number of vulnerabilities, including backdoors, hardcoded credentials, authentication bypass, and unauthorized access.  FiberHome websites are unresponsive at the moment.
More info.


IBM

Patch

There is a missing authorization vulnerability in the Apache Solr service that is distributed as part of Watson Knowledge Catalog for IBM Cloud Pak for Data. CVSSv3 score of 9.4
More info.


NetApp

New

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products.
More info.


Apache

Patch

Apache Tomcat could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker can view the source code for JSPs in some configurations, and use this information to launch further attacks against the affected system.
More info.


Linux

Patch

SUSE has updated the kernel and several other packages. More info.
Ubuntu has updated the kernel and several other packages. More info.
RedHat has updated the kernel and openshift. More info.
Mageia has updated the kernel. More info.
Amazon Linux has updated the kernel and several other packages. More info.
Alpine Linux has released version 3.13.0. More info.


  

Thursday 14 January 2021


Palo Alto
Networks

Patch

Palo Alto Networks Monthly patches are two vulnerability bulletins and one informational. Highest CVSSv3 score of 4.4
More info.


Juniper

Patch

Juniper Quarterly Patches are out, with 23 bulletins.  Several remote, unauthenticated DoS vulnerabilities are addressed, as well as third-party software vulnerabilities in the products.
More info.

A vulnerability that allows an unauthenticated remote attacker to obtain access that would otherwise be denied in the Simple Authentication and Security Layer (SASL) implementation that is part of the OpenLDAP third party software package has been resolved in Juniper Networks SRX Series configured with Integrated User Firewall. CVSSv3 score of 7.4
More info.

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. CVSSv3 score of 6.8
More info.


Cisco

Patch

Cisco has published 23 new bulletins, four are rated High.
More info.


Nagios

Patch

A remote, authenticated or anonymous attacker can exploit a vulnerability in Nagios Enterprises Nagios XI to execute arbitrary program code with administrator rights, to reveal information and to carry out a cross-site scripting attack.
More info.


IBM

Patch

IBM has published new bulletins, seven with a Critical rating. All the Critical bulletins have CVSSv3 scores of 9.8.  Products include MaaS360 Cloud Extender, App Connect Enterprise, Integration Bus, Guardium Data Encryption, and Security Privileged Identity Manager.
More info.


HPE

Patch

Multiple security vulnerabilities (Ripple20) have been identified in the optional HP/HPE R7000 and R5000 Uninterruptable Power System Network Module Firmware (AF465A). The vulnerabilities could be remotely exploited to execute code, cause denial of service, and expose sensitive information.
More info.


  

Wednesday 13 January 2021


Dell

Patch

Dell has updated EMC Enterprise Hybrid Cloud to patch multiple VMWare vulnerabilities. Dell rates this Critical.
More info.

Dell EMC Avamar Server contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical. Highest CVSSv3 score of 10
More info.


Aruba

Patch

Aruba has released updates to Airwave Glass that address multiple security vulnerabilities that would allow an unauthenticated remote attacker to bypass authentication, arbitrary code execution, and arbitrary command execution. Highest CVSSv3 score of 9.8
More info.


Huawei

Patch

Huawei has updated their products to fix an Apache Struts2 remote code execution vulnerability.  CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated the kernel, crmsh, and others. More info.
Arch Linux has updated nodejs, atftp, and several others.  More info.
Oracle Linux has updated the kernel. More info.
RedHat has updated the kernel and others. More info.


  

Tuesday 12 January 2021 - Part 2


Microsoft

Patch

Microsoft Monthly Patches are out, with patches for 83 vulnerabilities, 10 of which are rated Critical, one has been previously disclosed, and one is actively being exploited.  Highest CVSSv3 score of 8.8
There are security updates for Windows, Edge (EdgeHTML-based), Office and Office Services and Web Apps, Windows Codecs Library, Visual Studio, SQL Server, Malware Protection Engine, .NET Core, .NET Repository, ASP .NET, and Azure.
More info. And here. And here.


  

Tuesday 12 January 2021


SAP

Patch

SAP Monthly Patches are out, with 10 new Security Notes and 7 updated Notes.  Five are rated Hot News, 1 High, 10 Medium, and 1 Low.  Four address missing authorization vulnerabilities.
More info.


Adobe

Patch

It's Adobe Patch Day, and they have published seven updates, including updates for Bridge, Captivate, InCopy, Campaign Classic, Animate, Illustrator, and Photoshop.  All the vulnerabilities are rate Critical.
More info.


Siemens

Patch

Siemens Monthly Patches have been published, with four new bulletins and eight updated bulletins. 
More info.

Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact thesystem by other means through heap and buffer overflow vulnerabilities. CVSSv3 score of 9.8
More info.

Scalance X devices might not generate a unique random key after factory reset, and use a private keyshipped with the firmware. CVSSv3 score of 9.1
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches consist of three new bulletins and four updated bulletins.
More info.

Schneider Electric uses Treck Inc.’s HTTP Server component in the Sepam ACE850, which contains a heap-based buffer overflow.  CVSSv3 score of 10
More info.

EcoStruxure Operator Terminal Expert (formerly known as Vijeo XD) and Pro-face BLUE products contain an Improper Input Validation vulnerability exists that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. CVSSv3 score of 8.8
More info.


Mozilla

Patch

Mozilla has published an update for Thunderbird, rated Critical, which could be used for RCE.
More info.


HCL Software

Patch

HCL Commerce contains an unspecified vulnerability that could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. CVSSv3 score of 9.8
More info.

HCL Commerce contains an information disclosure vulnerability that could allow a remote attacker to obtain user personal data. CVSSv3 score of 7.5
More info.


  

Monday 11 January 2021


QNAP

Patch

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. 
More info.


Linux

Patch

Gentoo Linux has published 8 new security updates. More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2021