Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Monday 20 May 2019


Linux

Patch

SUSE has updated the kernel and nmap.
More info.

Mageia has updated tomcat, mariadb, docker, flash, freeradius, and others.  More info.


Friday 17 May 2019


RDS

New

Vendors of solutions built on Microsoft OS are evaluating their exposure to the Remote Desktop Services vulnerability.  Here are the bulletins from the Medical and ICS fields.
More info on the RDS vulnerability.

Dräger has released a bulletin about the Microsoft RDP vulnerability and their medical devices.  Some products contain the vulnerable software, they recommend routine OS patching and are performing patch verification.  These products include Infinity Explorer, Gateway/Symphony, Innovian Solution Suite and Anasthesia, SmartPilot, and Integrated Care Manager.
More info.

Philips is also looking into and updating Microsoft RDP in their products.
More info.

Siemens Healthineers is investigating the impact of the RDP vulnerability on its products, and will inform customers as soon as additional information is available.
More info.

Schneider Electric is assessing their products, but recommends caution on installing the OS updates on resource constrained systems.
More info.


Yokogawa

New

Yokogawa has identified the existence of Microsoft CAPICOM in their products.  CAPICOM is EOL, and the version installed by Yokogawa has a known vulnerability from 2007.  They suggest you pay them to delete the software from your products...
More info.


Hitachi

Patch

A DoS Vulnerability was found in Hitachi IT Operations Director, JP1/IT Desktop Management - Manager and JP1/IT Desktop Management 2 - Manager.
More info.


Apache

Patch

In Apache Tomcat the SSI printenv command echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
More info.


NetApp

New

NetApp has published eight new bulletins for 3rd party software in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated the kernel and others.
More info.

Ubuntu has updated wireshark and others.  More info.
RedHat has updated chromium, java, and python.  More info.
Oracle Linux has updated the kernel and ruby.  More info.


Thursday 16 May 2019


Cisco

Patch

Cisco has published 27 bulletins, two of which are updates.  One new bulletin is rated Critical, the two updated bulletins are rated High.  There are seven new bulletins rated High, the rest are Medium.
More info.

Multiple vulnerabilities in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.
More info.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which could cause an affected device to restart unexpectedly.
More info.

A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information.
More info.


Chrome

Patch

Google has released an update to Chrome that fixes internally discovered security vulnerabilities.
More info.

Chrome for Android too.  More info.


IBM

Patch

There is a remote code execution vulnerability in WebSphere Application Server Network Deployment.  CVSSv3 score of 9.
More info.


Xerox

Patch

Xerox has updated software for several printers and print servers, including fixes for open ports and RCE vulnerabilities in AltaLink products.
More info.


Omron

New

An untrusted search path vulnerability was reported in Omron's Network Configurator for DeviceNet application. The application could execute a malicious .dll file outside the intended directories. Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution under the privileges of the application.
More info.


Linux

Patch

OpenSUSE has updated the kernel, intel microcode, and others.
More info.

CentOS has updated the kernel, intel microcode, and freeradius.  More info.
RedHat has updated python, ruby, flash, and others.  More info.
Mageia has updated the kernel and intel microcode.  More info.
Oracle Linux has updated the kernel, intel microcode, wget, and others.  More info.
Debian has updated intel microcode.  More info.


Wednesday 15 May 2019


Intel

Patch

Intel has released 13 new security bulletins.  Most require an authenticated user to be exploitable, but still worth a look.
More info.

The big buzz is about the Microarchitectural Data Sampling set of four vulnerabilities, making up the next wave of speculative execution side-channel vulnerabilities, and getting the names "ZombieLoad", "RIDL", and "Fallout".  Any vendor with an Intel chip or running on an Intel chip is publishing bulletins, so watch for them.
More info.  And here.  And here.  And here.

A potential security vulnerability in the Intel Unite Client for Android may allow escalation of privilege.  Intel is releasing software updates to mitigate this potential vulnerability.
More info

Data Corruption in Intel Unite Client may allow an unauthenticated user to potentially cause a denial of service via network access.
More info.


Schneider

Patch

Schneider Electric Monthly Patches came out late afternoon yesterday in a total of 10 bulletins.
More info.

Multiple bulletins address vulnerabilities in Modicon process controllers, Quantum firmware,  and remote I/O product.
More info.  and here.  and here.

The Modicon RTU module uses hardcoded credentials which could cause a confidentiality issue when using FTP protocol.
More info.


Multiple vulnerabilities exist in Flexera FlexNet Publisher which has been addressed in the Schneider Electric Floating License Manager, including a Remote Code Execution vulnerability which could allow a remote attacker to stop the heartbeat between lmadmin and the vendor daemon. This would force the vendor daemon to shut down.
More info.

A vulnerability exists in Modicon process controllers and PacDrive products.  A Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address)when a specific Ethernet frame is received.
More info.

A vulnerability exists in Pelco Endura NET55XX Encoder product which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.  CVSSv3 score of 9.8 on this one.
More info.


McAfee

Patch

McAfee Agent handles UDP requests through a configured port as part of its normal operation. A specially crafted UDP packet might allow an attacker on the same subnet to cause a partial denial-of-service in one of the McAfee Agent components.
More info.

McAfee has updated OpenSSL in its products.
More info.


BSD

Patch

FreeBSD has published updates for wpa_supplicant, ntp, pf, and the kernel.
More info.



Linux

Patch

SUSE has updated the kernel and Intel microcode.
More info.

RedHat has updated the kernel, wget, java, and others.  More info.
Oracle Linux has updated the kernel and others.  More info.
Debian has update the kernel, samba, and others.  More info.
Ubuntu has updated the kernel, Intel microcode, samba, and others.  More info.
Amazon Linux updated the kernel.  More info.


Tuesday 14 May 2019


Microsoft

Patch

Microsoft Monthly Patches are out, with 79 patches, 23 rated Critical and one currently exploited in the wild.
More info.  And here.

A vulnerability in the Windows Error Reporting (WER) component could allow an attacker to execute arbitrary code with administrator privileges.  This one is being exploited.
More info.  And here.

A remote code execution in Windows Remote Desktop Services allows an unauthenticated attacker to send specially crafted packets to the vulnerable service and then execute arbitrary code on the target system. It affects Windows 7 and Windows Server 2008.
More info.

A vulnerability in the DHCP Server Service could allow an attacker to run arbitrary code on affected systems. This bug can be reached by remote, unauthenticated attackers who send specially crafted network packets to a target server.
More info.


Adobe

Patch

Adobe has published their Monthly Patches.  Updates are out for Flash, Acrobat and Reader, and Media Encoder.
More info.

Adobe has released an update for Adobe Media Encoder. This update resolves a critical file parsing vulnerability.  Successful exploitation could lead to arbitrary code execution in the context of the current user.
More info.

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.
More info.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.
More info.


Siemens

Patch

Siemens Monthly Patch Day brings nine new bulletins and four updated bulletins.  The four updated bulletins provide additional product updates to correct previously reported vulnerabilities.
More info.

Multiple vulnerabilities have been identified in the WibuKey DRM solution included in SISHIP Automation Solutions. Siemens recommends users apply the updates to WibuKey DRM provided by WIBU SYSTEMS AG.
More info.

The latest update for SCALANCE W1750D fixes multiple vulnerabilities. The most severe could allowan unauthenticated attacker with access to the web interface of an affected device to execute arbitrarysystem commands within the underlying operating system.
More info.

Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnera-bility could lead to an attacker reading and modifying the device configuration if the attacker has accessto port 10005/tcp.
More info.

The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities.The most severe is a vulnerability which could allow an attacker with network access to the integrateddevice to read and write variables via SNMP.
More info.

A vulnerability was identified in SIMATIC WinCC and SIMATIC PCS 7, which could allow an unauthenti-cated attacker with access to the affected devices to execute arbitrary code.
More info.


SAP

Patch

SAP Monthly Patch Day includes 13 Security Notes, one rated High, the rest Medium.  Five of them cover Missing Authorization Checks, five cover Information Disclosure.  The highest CVSSv3 score is 8.4, for a Privilege Escalation vulnerability.
More info.


Apple

Patch

Apple has published security updates for watchOS, Safari, Apple TV software, tvOS, iOS, and MacOS.
More info.


NetApp

New

NetApp has published bulletins for vulnerabilities in BIND and Samba included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated java and two others.
More info.

OpenSUSE has updated nmap, freeradius, and python-jinja.  More info.


Monday 13 May 2019


Citrix

Patch

A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution on the client device.
More info.

A buffer overflow vulnerability has been identified in Citrix ADC and Citrix NetScaler Gateway which could possibly result in a denial-of-service in a specific configuration.
More info.


Linux

Patch

SUSE has updated samba, java, sqlite, and others.
More info.

OpenSUSE has updated openssl, sqlite, python, and wireshark.  More info.
Debian has updated ghostscript.  More info.
RedHat has updated python, ruby, java, bind, thunderbird, and others.  More info.
Mageia has updated the kernel, binutils, python, clamav, and others.  More info.


Friday 10 May 2019


Hitachi

Patch

Hitachi has published updates for multiple vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor.
More info.


HPE

0-Day

ZDI reports a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability.
More info.

There are a total of eight 0-day reports for HPE.
More info.


Bosch

Patch

A security vulnerability affects the Bosch Video Recording Manager (VRM) software. The VRM software is commonly installed as a component in Bosch Video Management Systems (BVMS) and included in DIVAR IP 5000 devices. The vulnerability potentially allows unauthenticated access to a limited subset of certificates. The affected certificates are stored in the operating systems certificate store. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 9.9 (Critical)
More info.


Linux

Patch

OpenSUSE has updated wireshark.
More info.

RedHat has updated freeradius.  More info.
Oracle Linux has updated freeradius.  More info.
Debian has updated symfony, bind, and postgresql.  More info.
Ubuntu updated bind and wpa-supplicant.  More info.


Thursday 9 May 2019


F5

Patch

BIG-IP products are vulnerable to specially crafted SSL records. Records sent to a Virtual Server with an attached Client SSL Profile will cause corruption in the SSL data structures leading to intermittent errors. The vulnerability allows remote attackers to cause a denial-of-service (DoS) on the BIG-IP system.
More info.


NetApp

Patch

NetApp has published four bulletins about third-party software vulnerabilities in their products.  No patches yet.
More info.

OnCommand Insight and OnCommand Unified Manager shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.  Patches are available for these.
More info.  And here.  And here.


Linux

Patch

SUSE has updated samba and mutt.
More info.

OpenSUSE has updated freeradius-server, wpa-supplicant, gnutls, and others.  More info.
Oracle Linux has updated python-ninja.  More info.


Wednesday 8 May 2019


Cisco

Patch

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.
More info.


Kaspersky

Patch

Kaspersky Lab has fixed a security issue in its products that could potentially allow third-parties to remotely execute arbitrary code on a user's PC with system privileges.
More info.


Linux

Patch

SUSE has updated freeradius-server.
More info.

RedHat has updated python-jinja, chromium, and others.  More info.
Ubuntu has updated wpa-supplicant.  More info.
Mageia has updated java, putty, samba, firefox, and others.  More info.


Tuesday 7 May 2019


Andriod

Patch

Google has published the monthly Android security bulletin.  There are 15 vulnerabilities patched, with another 15 in Qualcomm closed-source components.  Four of the vulnerabilities are listed as Critical, nine are rated High.  The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
More info.

The Pixel bulletin is out, with no security patches included.


CheckPoint

Patch

Check Point IKEv2 IPsec VPN may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.
More info.


PaloAlto

Patch

A XSS vulnerability exists in the Palo Alto Networks Demisto. Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
More info.


Xerox

Patch

Xerox has published software updates for Xerox B1022 and B1025.  Remote attackers could leverage a vulnerability in libtiff to cause a denial-of-service via a crafted tiff file.
More info.


Linux

Patch

SUSE has updated python-jinja and mariadb.
More info.

RedHat has updated python, systemd, and others.  More info.
Amazon Linux has updated python, the kernel, and auth_mellon.  More info.


Monday 6 May 2019


PrinterLogic

New

PrinterLogic is vulnerable to multiple attacks. The PrinterLogic agent, running as SYSTEM, does not validate the PrinterLogic Management Portal's SSL certificate, validate PrinterLogic update packages, or sanitize web browser input. An unauthenticated attacker may be able to remotely execute arbitrary code on workstations running the PrinterLogic agent with SYSTEM privileges.  Vendor was notified August 2018, still no patch.
More info.


Apache

Patch

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem.
More info.


Linux

Patch

OpenSUSE has updated chromium and java.
More info.

Arch Linux is updating the kernel, linux-zen, tcpreplay, and others.  More info.


Friday 3 May 2019


SAP

Exploit

A recent cybersecurity conference reported on ongoing expoits of SAP systems with unsecure configurations exposed to the internet using a publicly available exploit tools, termed “10KBLAZE.”
More info.


GE

Patch

Uncontrolled search path, use of hard-coded credentials, and improper access control vulnerabilities exist in GE's Communicator software.  Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges, manipulate widgets and UI elements, gain control over the database, or execute administrative commands.
More info.


Orpak

Patch

Hard-coded credentials, cross-site scripting, SQL injection, missing encryption of sensitive data, code injection, and stack-based buffer overflow vulnerabilities have been reported in Orpak’s SiteOmat, software for fuel station management.  Successful exploitation of these vulnerabilities could result in arbitrary remote code execution resulting in possible denial-of-service conditions and unauthorized access to view and edit monitoring, configuration, and payment information.
More info.


Wecon

0-Day

ZDI has reported two remote code execution vulnerabilities in Wecon PIStudio.  The specific flaws exist within the parsing of HSC files.
More info.  And here.


Philips

New

Philips TASY EMR contains vulnerabilities that, under certain specific conditions, an attacker with low skill may potentially compromise patient confidentiality, system integrity, and/or system availability. Some of the affected vulnerabilities could be attacked remotely. The application does not face the Internet, but there are installations where remote access is made available.
More info.


Gemalto

New

Thales/Gemalto Product Security Team has investigated recently reported vulnerabilities in Sentinel LDK product.  Any further information is only available with a customer login.
More info.


Lenovo

Patch

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
More info.


Linux

Patch

SUSE has updated openssl, sqlite, and others.
More info.

OpenSUSE has updated dovecot, ntfs, and others.  More info.
Ubuntu has updated python.  More info.


ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2019