Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Monday 22 July 2019

Novell

Patch

A patch for an authentication token vulnerability with Privileged Account Manager endpoints has been published for NetIQ.
(Micro Focus published a bulletin about this in May).
More info.


PuTTY

Patch

PuTTY has implemented fixes for two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking, and a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant.
More info.


Exim

New

Exim has published notice of a bulletin to be released 25 July.  A local or remote attacker can execute programs with root privileges - if you've an unusual configuration.   They consider the risk low as the configuration needed to exploit is not the default.
More info.


Linux

Patch

OpenSUSE has updated firefox, samba, python, the kernel, php, postgresql, zeromq, neovim, and others.  More info.
RedHat has updated java.  More info.
Debian has updated the kernel.  More info.
Mageia has updated firefox, thunderbird, libreswan, and others.  More info.


  

Friday 19 July 2019

PaloAlto

Patch

Palo Alto Networks is aware of the reported remote code execution (RCE) vulnerability in its GlobalProtect portal and GlobalProtect Gateway interface products. The issue is already addressed in prior maintenance releases.  If you haven't updated, do it now.
More info.


Hitachi

Patch

Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor and Hitachi Compute Systems Manager.
More info.


NetApp

Patch

NetApp has published five new bulletins regarding vulnerabilities introduced into their products by third-party software.  There are updates for three out of the five.
More info.


Foxit

Patch

Foxit has released Foxit PhantomPDF 8.3.11, which addresses at least 13 security vulnerabilities, including multiple DoS and RCE vulnerabilities.
More info.


Linux

Patch

SUSE has updated the kernel, libreoffice, glibc, and tomcat.  More info.
OpenSUSE has updated tomcat, the kernel, and others.  More info.
Oracle Linux has updated vim.  More info.


  

Thursday 18 July 2019

Cisco

Patch

Cisco has published 8 new bulletins, 1 rated Critical, 2 rated High, the rest Medium.
More info.

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on the affected system.
More info.

A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system.
More info.


Meinberg

Patch

The latest version of LANTIME firmware includes an OpenSSH update and security patches to fix the TCP-SACK vulnerability.
More info.


Huawei

Patch

There is an improper authentication vulnerability on PC Manager. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
More info.


Wireshark

Patch

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
More info.


Linux

Patch

SUSE has updated firefox, the kernel, and tomcat.
More info.

CentOS has updated thunderbird and vim.  More info.
Ubuntu has updated thunderbrid, libreoffice, and squid.  More info.


  

Wednesday 17 July 2019

Lenovo

Patch

LenovoEMC is a 2013 rebrand of Iomega products initially purchased by EMC in 2008.  A vulnerability in Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.  Most are EOL, but given the impact, firmware updates have been published. 
More info.  And here.


Xerox

Patch

Xerox has two bulletins out for their products.  One covers a CBC MitM attack with recommendations to disable CBC ciphers, the other addresses a libTiff vulnerability with an upgrade.
More info.


FortiGuard

Patch

Improper Neutralization of Input During Web Page Generation in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
More info.


LibreOffice

Patch

By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning.
More info.

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection.
More info.


Linux

Patch

SUSE has updated the kernel.
More info.

Arch Linux has published updates for firefox, squid, and chromium.  More info.
RedHat has updated thunderbird, vim, and others.  More info.
Debian has updated libreoffice.  More info.


  

Tuesday 16 July 2019 - Part 2

Oracle

Patch

Oracle Quarterly Patches are out.  There are 319 security fixes, 199 remotely exploitable without authentication.  Patches cover the Database, Berkeley DB, Communications, Construction and Engineering, E-Business, Enterprise Manager, Financial Services, Food and Beverage, Fusion Middleware, Hospitality, Hyperion, Insurance, Java, GraalVM, JD Edwards, MySQL, PeopleSoft, Retail, Siebel CRM, Sun Systems, Supply Chain, Support Tools, Utilities, and Virtualization.
More info.


  

Tuesday 16 July 2019

Chrome

Patch

Google has released a security update for Chrome, that fixes 2 security vulnerabilities, rated High and Medium.
More info.


ABB

Patch

ABB is aware of a vulnerability in the reporting mechanism for both CCLAS and Ellipse. When a report is generated it is stored on disk,and a URL is created to access the report through the UI. The URL request does not go through proper checks to ensure the user performing the request is an authenticated user. Anyone with access to the URL is able to download the report.
More info.


Linux

Patch

SUSE has updated the kernel and others.
More info.

RedHat has updated thunderbird and cyrus-imapd.  More info.
Oracle Linux has updated thunderbird.  More info.
Ubuntu has updated squid, bash, and others.  More info.


  

Monday 15 July 2019

Oracle

Coming

16 July is Oracle's Quarterly Patch day.  The Pre-Release announcement is available for your patch planning purposes.
More info.


F5

New

Traffix SDC is vulnerable to a kernel race condition in sas_expander.c.  An attacker can exploit this issue to cause denial of service (DoS) and run arbitrary code.
More info.


NetApp

New

NetApp products are vulnerable to an issue in Highcharts.
More info.


Squid

Patch

Squid has published six new security bulletins, addressing RCE, DoS, and XSS vulnerabilities.
More info.


Linux

Patch

SUSE has updated the kernel, python, tomcat, php, and others.
More info.

CentOS has updated firefox.  More info.
Debian has updated thunderbird.  More info.
Ubuntu has updated firefox.  More info.


  

Friday 12 July 2019

ICS

Patch

AVEVA Vijeo Citect and Citect SCADA Floating License Manager contains vulnerabilities that could allow an attacker to deny the acquisition of a valid license for legal use of the product, resulting in DoS or possibly RCE.
More info.

Delta Electronics reports that CNCSoft ScreenEditor contains multiple heap-based buffer overflow vulnerabilities that may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code.
More info.


Citrix

Patch

Multiple vulnerabilities have been identified in the management console of the Citrix/NetScaler SD-WAN Centerand on the Citrix/NetScaler SD-WAN Appliance. Collectively, these vulnerabilities could result in an unauthenticated attacker executing commands as root against the SD-WAN Center management console, or potentially be used to gain root privileges on the SD-WAN appliance.
More info.


IBM

Patch

IBM has patched FileNet Content Manager to correct a publicly disclosed vulnerability in Java.
More info.

IBM has patched Oracle Outside In Technology used by IBM FileNet Content Manager to correct a publicly disclosed vulnerability in Oracle Fusion Middleware.
More info.

IBM QRadar SIEM is vulnerable to a publicly disclosed DoS vulnerability in Spring Framework.
More info.


Hitachi

Patch

A vulnerability from 2013 exists in Cosminexus Component Container.
More info.


Thunderbird

Patch

Critical vulnerabilities have been fixed in Thunderbird that are risks in browser or browser-like contexts.
More info.


Linux

Patch

SUSE has updated the kernel and glib2.
More info.

RedHat has updated firefox.  More info.
Oracle Linux has updated firefox.  More info.
Debian has updated firefox and others.  More info.


  

Thursday 11 July 2019

Juniper

Patch

Juniper Quarterly Patches are out.  Eleven bulletins, two rated Critical, five High, the rest Medium.  The bulletins cover a variety of Juniper products, with CVSS ratings from 5.8 to 9.8.
More info.

The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash.
More info.

Multiple vulnerabilities exist in the Embedthis Appweb server, used by J-Web, related to the way the server mishandles some HTTP headers and request fields. These issues may result in a Denial of Service (DoS) for the J-Web graphical user interface.
More info.


Cisco

Patch

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly.
More info.


F-Secure

Patch

A vulnerability was discovered in the web user interface of the F-Secure Internet Gatekeeper product. An unauthenticated user can cause a heap overflow by issuing a malformed HTTP request to the web user interface. A successful attack can lead to remote code execution on the F-Secure Internet Gatekeeper server.
More info.


QNAP

Exploit

The eCh0raix ransomware is reportedly being used to target QNAP NAS devices. Devices using weak passwords and outdated QTS firmware may get infected.  QNAP is working on a process to remove the malware.
More info.


Kaspersky

Patch

Kaspersky has fixed a security issue in its products that could potentially compromise user privacy by using unique product id which was accessible to third parties. This issue was classified as User Data disclosure. The attacker has to prepare and deploy a malicious script on the web servers from where he will track the user.
More info.


Linux

Patch

SUSE has updated sqlite and others.
More info.

Oracle Linux has updated the kernel and others.  More info.


  

Wednesday 10 July 2019

Firefox

Patch

Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox ESR, the most severe of which could allow for arbitrary code execution.
More info.  And here.


Medical

Patch

GE Aestiva and Aespire Anesthesia contain an Improper Authentication vulnerability where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could then allow an attacker to remotely modify device configuration and silence alarms.
Very round about, GE says it's not a risk to patients.
More info.  And here.


ICS

Patch

Emerson DeltaV Distributed Control System contain a vulnerability where hardcoded credentials are not modified at install. The Smart Switch Command Center does not change the DeltaV Smart Switch management account password upon commissioning as expected, leaving the default password in effect indefinitely.
More info.

Rockwell Automation reports that a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system.
More info.  And here.


GnuPG

Patch

GnuPG has published a maintenance release to mitigate the effects of the denial-of-service attacks on the keyserver network.
More info.


NetApp

New

NetApp has published two bulletins covering third-party software vulnerabilities in their product.
More info.


Linux

Patch

SUSE has updated postgresql and others.
More info.

RedHat has updated bind and others.  More info.
Mageia has updated irssi, postgresql, and the microcode.  More info.


  

Tuesday 9 July 2019 - Part 2

Microsoft

Patch

Microsoft Monthly Patches are out.  There are 78 vulnerabilities, 6 publicly disclosed, 15 rated Critical, and 2 exploited.  The two exploited are privilege escalation issues.  This month's update covers vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office and Microsoft Office Services and Web Apps, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.
More info.  And here.  And here.


Adobe

Patch

Adobe Monthly Patches are out.  There are updates for DreamWeaver, Experience Manager, and Bridge CC.
More info.  And here.


  

Tuesday 9 July 2019

SAP

Patch

SAP Monthly Patches are out.  There are 11 bulletins, one rated Hot News, one rated High, the rest rated Medium. 
More info.

The Hot News vulnerability is OS Command Injection vulnerability in SAP Diagnostics Agent.
More info.


Siemens

Patch

Siemens Monthly Patches are out.  There are 14 bulletins, eight of which are updates.
More info.

The latest update for SIMATIC RF6XXR fixes multiple vulnerabilities related to outdated TLS versions that are still supported by the product.
More info.

The SIPROTEC 5 relays and their corresponding engineering software DIGSI 5 are affected by two security vulnerabilities which could allow an attacker to upload or download files to the device or to conduct a Denial-of-Service attack over the network.
More info.


Schneider

Patch

Schneider Electric Monthly Patches are out.  There are six bulletins, two of which are updates.
More info.

Schneider Electric is aware of a vulnerability in the Zelio Soft 2 product which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
More info.

Schneider Electric is aware of a vulnerability in the Interactive Graphical SCADA System (IGSS) product. Out-of-bounds Write vulnerability exists which could cause a software crash when data in the mdb database is manipulated.
More info.


Zoom

Exploit

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission.
More info.


HPE

Patch

HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) that can allow a remote information disclosure vulnerability which can allow for the disruption of the confidentiality, integrity and availability of the Service Processor and any managed 3PAR arrays.  CVSS 3.0 score of 10.0
More info.


Dell

Patch

Multiple components within Dell EMC Data Protection Central require a security update to address various vulnerabilities.
More info.



Linux

Patch

SUSE has updated zeromq.
More info.

Ubuntu has updated zeromq and glib.  More info.
Debian has updated zeromq.  More info.


  

Monday 8 July 2019

HPE

Patch

Security vulnerabilities in HPE UIoT allow unauthorized remote access and access to sensitive data. 
Note that the CVSS score says PR:L, but it doesn't sound that way, so we're reporting.
More info.


Novell

Patch

NetIQ Access Manager contains a fix for an Apache vulnerability in Access Gateway.
More info.  And here.


Kaspersky

Patch

Kaspersky has fixed a security issue found in Kaspersky Endpoint Security that could potentially allow third-parties to locally execute arbitrary code with user permissions and without privilege elevation. This issue was classified as DLL hijacking bug.
More info.


libzmq

Patch

A remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library.
More info.


Linux

Patch

SUSE has updated bash and the kernel.
More info.

Arch Linux updated python-django.  More info.
RedHat has updated python and firefox.  More info.
Oracle Linux has updated the kernel.  More info.
Debian has updated python-django.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2019