Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Monday 21 September 2020


Flexera

New

Flexera is unable to effectively track Red Hat OpenJDK on Windows systems due to inconsistent and conflicting identification information. They recommend a different JDK version.
More info.


IBM

Patch

ISC BIND is vulnerable to a denial of service, caused by the failure to limit the number of fetches performed when processing referrals. BIND is used by Power Hardware Management Console (HMC). Highest CVSSv3 score of 8.6
More info.


F5

New

libssh vulnerabilities could allow a remote attacker to execute code on the client system when a user connects to the server. Highest CVSSv3 score of 7.5
More info.


NetApp

Patch

NetApp has published five new bulletins covering vulnerabilities in third-party software included in NetApp products.  No patches yet.
More info.


Synology

Patch

The zerologon vulnerability allows remote attackers to bypass security constraints via a susceptible version of Synology Directory Server. CVSSv3 score of 10.
More info.


Linux

Patch

SUSE has updated jasper, rugygem, and others. More info.
OpenSUSE has updated perldbi and others.  More info.
Debian has updated modsecurity and one other.  More info.
Ubuntu has updated exim spamassassin. More info.


  

Friday 18 September 2020


Citrix

Patch

Multiple vulnerabilities have been discovered in Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP appliance.  These include a DoS originating from the management network that can be executed by an unauthenticated attacker.
More info.


NETGEAR

Patch

NETGEAR has published 35 new security bulletins, covering many products and vulnerabilities.  Vulnerabilities include pre-authentication buffer overflow and command execution, authentication bypass, admin credential disclosure, XSS, and others.
More info.


HPE

New

Multiple security vulnerabilities have been identified in the HPE Pay Per Use Utility Computing Service (UCS) Meter. These vulnerabilities could lead to unauthenticated remote disclosure of information and code execution.  This product is EoL.
More info.


Sierra
Wireless

Patch

In versions of ALEOS, enabling Application Framework would enable a LAN-side unauthenticated Lua RPC server. IOActive has demonstrated that this RPC server permits remote code execution when enabled. CVSSv3 score of 8.1
More info.


MB Connect
Line

Patch

Multiple issues was discovered in the mymbCONNECT24 and mbCONNECT24 software, including SQL Injection, CSRF, SSRF, and RCE via outdated third-party software.  Highest CVSSv3 score of 9.8
More info.


Samba

Exploit

The netlogon protocol contains a flaw that allows an authentication bypass. This was reported and patched by Microsoft. Since the bug is a protocol level flaw, and Samba implements the protocol, Samba is also vulnerable. CVSSv3 score of 9.8
More info.


Linux

Patch

SUSE has updated samba, perl dbi, and others. More info.
Ubuntu has updated gnupg, pure-ftpd, samba, and others. More info.


  

Thursday 17 September 2020


Microsoft

Patch

Microsoft has released security updates for Microsoft Office for Mac.  This patches an Excel RCE vulnerability that has already been patched in Windows products.
More info.


CODESYS

New

CODESYS products use the Wibu CodeMeter software that contains critical security vulnerabilities.  Highest CVSSv3 score of 10.  Patches expected by the end of the month.
More info.


Apple

Patch

Apple has published security updates for iOS, iPadOS, Safari, tvOS, watchOS, xCode, and iTunes for Windows.
More info.


ABB

Patch

ABB Automation Builder uses the Wibu CodeMeter software that contains critical security vulnerabilities.  Detailed mitigation instructions included.  Highest CVSSv3 score of 10.
More info.


Linux

Patch

Oracle Linux has updated thunderbird and mysql.  More info.
Ubuntu has updated samba, perl dbi, and others. More info.
Mageia has updated libraw. More info.
Amazon Linux has updated java and clamav. More info.


  

Wednesday 16 September 2020


IPTV

Exploit

Multiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities include hardcoded backdoor passwords, and allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system.
More info. And here.


Sprecher

Patch

SPRECON-V460 products use the Wibu CodeMeter software that contains critical security vulnerabilities.  Highest CVSSv3 score of 10
More info. And here.


IBM

Patch

Multiple security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance. Highest CVSSv3 score of 9.8
More info.

IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Highest CVSSv3 score of 9.8
More info.

A publicly disclosed vulnerability in Eclipse Jetty is present in IBM eDiscovery Analyzer. CVSSv3 score of 9.4
More info.


Aruba

Patch

Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability.
More info.

Four memory corruption vulnerabilities in the Aruba CX Switches have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of both LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) processes in the switch. CVSSv3 score of 7.5
More info.


FreeBSD

Patch

FreeBSD has updated ftpd, ure, and others.
More info.


Linux

Patch

SUSE has updated openssl and perl. More info.
Arch Linux has updated netbeans.  More info.
RedHat has updated mysql.  More info.
Ubuntu has updated apache xml-rpc, log4j, gupnp, and others. More info.
Mageia has updated zeromq. More info.


  

Tuesday 15 September 2020


Microsoft

Exploit

Public exploit code is available for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Patches came out in August, but CVSSv3 score is 10, so if you haven't patched you're at risk.
More info. And here.


IBM

Patch

IBM Maximo Asset Management is vulnerable to Java Deserialization.
More info.


NETGEAR

Patch

NETGEAR has released fixes for an authentication bypass security vulnerability in several product models.  Remote Management being on is required to exploit this vulnerability.
More info.


HPE

Patch

A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection.  CVSSv3 score of 5.3
More info.


Linux

Patch

SUSE has updated the kernel, firefox, and ship. More info.
OpenSUSE has updated libxml2.  More info.
Arch Linux has updated netbeans.  More info.
RedHat has updated chromium, dovecot, and librepo.  More info.
Oracle Linux has updated the kernel.  More info.
CentOS has updated thunderbird and dovecot. More info.
Ubuntu has updated gupnp and cryptsetup. More info.


  

Monday 14 September 2020


SonicWall

Patch

There exists a potential domain name collision vulnerability in SonicWall SSL-VPN technology that could result from a security misconfiguration of the impacted products.
More info.


Apache

Patch

An authentication bypass vulnerability exists in Apache ActiveMQ. The vulnerability exists due to an error in the authentication process, allowing a remote attacker to bypass authentication process and execute arbitrary code on the target system.
More info.


Linux

Patch

SUSE has updated tomcat, libxml2, and others. More info.
OpenSUSE has updated openldap2 and others.  More info.
RedHat has updated httpd.  More info.
Gentoo Linux has updated proftpd, php, zeromq, and others. More info.


  

Friday 11 September 2020


Pilz

Patch

A number of Pilz software tools use the WIBU-SYSTEMS CodeMeter Runtime application to manage licenses. This application contains a number of vulnerabilities, which enable an attacker to change and falsify a license file, allow DoS, and potentially execute arbitrary code. Highest CVSSv3 score of 10
More info.


Lenovo

Patch

Lenovo has reported vulnerabilities in several graphics, BIOS, and chip components.
More info.


Dell

Patch

The 2020 R3 OS Security Update addresses multiple third-party components within the listed Dell EMC Avamar and NetWorker products that require a security update to address various vulnerabilities.  Dell rates this Critical.
More info.


F5

Patch

BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards and a very specific configuration may be vulnerable to crafted SSL/Transport Layer Security (TLS) handshakes that may result with a pre-master secret (PMS) that starts in a 0 byte and may lead to a recovery of plaintext messages. CVSSv3 score of 7.4
More info.

The ntpd in F5 products allows remote attackers to cause a DoS, either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. Highest CVSSv3 score of 7.4
More info.


NetApp

New

NetApp has published six new bulletins outlining vulnerabilities in third-party components included in NetApp products. No patches yet for most.
More info.


Linux

Patch

SUSE has updated the kernel, gimp, and others. More info.
OpenSUSE has updated go.  More info.
RedHat has updated chromium.  More info.
Oracle Linux has updated .net core, dovecot, and the kernel. More info.


  

Thursday 10 September 2020


IBM

Patch

A vulnerability identified in jackson-databind shipped with IBM Cloud Pak System could allow a remote attacker to execute arbitrary code on the system by sending specially-crafted input.
More info.


Pepperl+Fuchs

Patch

VMT MSS and VMT IS contains several vulnerabilities in WIBU SYSTEMS CodeMeter components. Highest CVSSv3 score of 10
More info.


ABB

Patch

ABB has several products affected by the WIBU-Systems Codemeter software vulnerabilities. Highest CVSSv3 score of 10
More info.


Dell

Patch

Multiple components within Dell EMC Data Protection Central require a security update to address various vulnerabilities.   Dell rates this Critical
More info.


Linux

Patch

SUSE has updated the kernel and others. More info.
Arch Linux has updated chromium. More info.
RedHat has updated httpd, dovecot, and openstack-nova.  More info.
Oracle Linux has updated postgresql and one other. More info.
Gentoo Linux has updated chromium. More info.


  

Wednesday 9 September 2020


Palo Alto

Patch

Palo Alto Networks Monthly Patches are out. One is rated Critical, five are rated High.  Highest CVSSv3 score of 9.8
More info.

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.
More info.


Rockwell
Automation

Patch

Rockwell Automation has published a bulletin regarding vulnerabilities in Wibu-Systems’ CodeMeter. These vulnerabilities may result in remote code execution, privilege escalation, or DoS to the products dependent on CodeMeter. CodeMeter is distributed as part of the installation for FactoryTalk Activation Manager. Highest CVSSv3 score of 10
More info.


WAGO

Patch

Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is installed by default during e!COCKPIT installation. All currently existing e!COCKPIT installation bundles contain vulnerable versions of WIBU-SYSTEMS Codemeter. Highest CVSSv3 score of 10
More info.


Phoenix
Contact

Patch

Multiple vulnerabilties were reported in WIBU-SYSTEMS Codemeter. WIBU-SYSTEMS Codemeter is used by several Phoenix Contact products. Highest CVSSv3 score of 10
More info. And here.


Google

Patch

Google has published an update for Chrome for Desktop with 5 security fixes, all rated High.
More info.


Intel

Patch

Improper buffer restrictions in network subsystem in provisioned Intel AMT and Intel ISM may allow an unauthenticated user to potentially enable escalation of privilege via network access.  CVSSv3 score of 9.8
More info.


Samsung

Patch

Samsung Mobile has put out a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
More info.


AVEVA

Patch

AVEVA Software has created a security update to address SQL Injection vulnerabilities in AVEVA Enterprise Data Management Web. The vulnerabilities exist in a component of eDNA Web and could allow a malicious entity to execute arbitrary SQL commands under the privileges of the account configured in eDNA Web for SQL access. Highest CVSSv3 score of 9.6
More info.


Linux

Patch

SUSE has updated openldap and the kernel. More info.
OpenSUSE has updated the kernel, thunderbird, firefox, and others. More info.
RedHat has updated .net core and others.  More info.
Oracle Linux has updated thunderbird and librepo. More info.
Ubuntu has updated gnutls and libx11. More info.


  

Tuesday 8 September 2020 - Part 2


Qualcomm

Patch

Qualcomm Monthly Patches are out, with 5 addressed CVEs, 1 rated Critical, 3 rated High, and the last Medium.  Three additional CVEs were addressed in Open Source software. Two vulnerabilities have an Access Vector of Remote.
More info.


Google

Patch

Android Monthly Patches have been published with 36 addressed CVEs, plus Qualcomm closed-source component CVEs.  Three are rated Critical, two allow RCE.
More info.

The Pixel Monthly Software Update addresses 27 CVEs, plus Qualcomm closed-source component CVEs. No Critical vulnerabilities, although 3 allow RCE.
More info.


Adobe

Patch

Adobe Monthly Security Bulletin updates include Experience Manager, Framemaker, and InDesign. All three updates address Critical vulnerabilities and allow arbitrary code execution.
More info.


Microsoft

Patch

Microsoft Monthly Patches include fixes for 129 vulnerabilities. Of these, 23 are Critical, highest CVSSv3 score of 9.9
More info. And here.


  

Tuesday 8 September 2020


Siemens

Patch

Siemens Monthly Patches are out, with 9 new bulletins, and 10 updated bulletins. Vulnerabilities present include XSS, insecure storage and transmission of sensitive information, DoS, RCE, and others.
More info.

Six vulnerabilities exist in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a DoS, attain remote code execution, or prevent normal operation. Highest CVSSv3 score of 10
More info.

SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discoveruser passwords and obtain access to the Sm@rt Server via a brute-force attack. Highest CVSSv3 score of 6.5.  No patches yet.
More info.


Schneider
Electric

Patch

Schneider Electric has one bulletin listed, but the bulletin isn't available.  The full Monthly Patch set may not be out yet.  The bulletin overview reads: Schneider Electric is aware of multiple vulnerabilities in the SCADAPack 7x Remote Connect and the SCADAPack x70 Security Administrator applications.
More info.


SAP

Patch

SAP Security Patch Day saw the release of 10 new Security Notes and 6 updated Security Notes. Four are rated Hot News, two rated High, the rest Medium and Low. Bulletins cover Missing Authentication, Improper Authorization, XSS, Improper Input Validation, and other vulnerabilities.
More info.


Linux

Patch

SUSE has updated go and firefox. More info.
RedHat has updated postgresql, php, and others.  More info.
Arch Linux has updated gnupg.  More info.
Ubuntu has updated the kernel. More info.


  

Monday 7 September 2020


Linux

Patch

SUSE has updated the kernel, firefox, and thunderbird.  More info.
OpenSUSE has updated php, curl, squid, and others. More info.
RedHat has updated thunderbird and jboss.  More info.
Oracle Linux has updated squid. More info.
Gentoo Linux has updated gnutls and dovecot. More info.
Mageia has updated postgresql and python. More info.


  

Friday 4 September 2020


Dell

Patch

Dell has published an update for third-party software included in VxRail Appliance. Dell rates this update Critical.
More info.

Dell has updated Java SE in Dell EMC NetWorker Runtime Environment (NRE). Dell rates this High.
More info.


GnuPG

Patch

Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour.  Exploiting the bug aside from crashes is not trivial but likely possible for a dedicated attacker.
More info.


NetApp

New

NetApp has published six new bulletins outlining vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated php, java, the kernel, and others.  More info.
Arch Linux has updated python-django, ark, and go. More info.
RedHat has updated squid.  More info.
Oracle Linux has updated the kernel and dovecot. More info.
Ubuntu has updated the kernel.  More info.
Mageia has updated squid and others. More info.
Scientific Linux has updated dovecot. More info.
Amazon Linux has updated the kernel, python, and chrony. More info.


  

Thursday 3 September 2020


Cisco

Patch

Cisco has published 15 new bulletins and one updated.  Of the new bulletins, one is rated Critical, a vulnerability in Cisco Jabber.  Four are rated High, only one of those allows exploit by remote attackers, Jabber again.  The rest are Medium, of those two are DoS and info exposure in ESA by remote attackers.
More info.

A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attacker to execute arbitrary code. An attacker could exploit this vulnerability by sending specially crafted XMPP messages. CVSSv3 score of 9.9
More info.

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands by convincing a user to click a link within a message sent by email or other messaging platform. CVSSv3 score of 8.8
More info.

A vulnerability in the TLS protocol implementation of Cisco AsyncOS software for Cisco ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a DoS. The vulnerability is due to inefficient processing of incoming TLS traffic. CVSSv3 score of 5.3
More info.

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. CVSSv3 score of 5.3
More info.


IBM

Patch

IBM Security Guardium may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. Rated Critical by IBM, CVSSv3 score of 5.3
More info.


Mozilla

Patch

Mozilla has published an update for Firefox for Android with several security fixes, one rated High.
More info.


Linux

Patch

SUSE has updated php, java, squid, and others.  More info.
RedHat has updated dovecot.  More info.


  

Wednesday 2 September 2020


IBM

Patch

Due to improper validation of data prior to export, IBM Spectrum Protect Operations Center may allow an attacker to execute arbitrary code on the system. CVSSv3 score of 9.1
More info.


Linux

Patch

SUSE has updated squid, apache2, and curl.  More info.
OpenSUSE has updated postgresql, opera, and samba.  More info.
CentOS has updated firefox.  More info.
Ubuntu has updated x.org server, the kernel, libx11, and others.  More info.
Mageia has updated putty and mutt.  More info.


  

Tuesday 1 September 2020


Cisco

Exploit

Cisco made significant changes to the bulletin regarding the DVMRP feature of Cisco IOS XR Software.  Worth a look again. No patches yet.  Currently being exploited.
More info.


IBM

Patch

IBM has published nine bulletins outlining vulnerabilities in Faster-XML jackson-databind that affect IBM Operations Analytics Predictive Insights. Highest CVSSv3 score of 9.8
More info.

IBM has published two bulletins outlining vulnerabilities in Faster-XML jackson-databind and Apache Log4j that affect IBM Security Guardium Insights. Highest CVSSv3 score of 9.8
More info. And here.

Rsyslog is vulnerable to heap-based buffer overflows which may affect IBM Spectrum Protect Plus. CVSSv3 score of 9.8
More info.


Xerox

Patch

Xerox has published software for FreeFlow Print Server that includes Solaris, Java, and Firefox updates.
More info. And here.


Linux

Patch

SUSE has updated chromium, freerdp, and others.  More info.
OpenSUSE has updated chromium and others.  More info.
RedHat has updated libvncserver and others.  More info.
Oracle Linux has updated several packages.  More info.
Debian has updated apache2.  More info.
Ubuntu has updated python-rsa, django, and others.  More info.
Amazon Linux has updated python, ruby, samba, and others.  More info.


  

Monday 31 August 2020


Cisco

Exploit

A vulnerability in the DVMRP feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for IGMP packets. No patches yet.  Currently being exploited.
More info.


Microsoft

Patch

Microsoft has updated chromium-based Edge with the latest chromium updates.
More info.


Mitsubishi
Electric

Patch

There is a vulnerability in the TCP protocol stack of several Mitsubishi Electric products that allows an attacker to impersonate the legitimate communication peer due to improper session management. If this vulnerability is exploited by an attacker, the attacker can impersonate a legitimate device and execute arbitrary commands, which may cause information disclosure, information tampering or destruction, and so on. Some updates, some workarounds.
More info.


SICK

Patch

SICK received a report about a security vulnerability within the platform mechanism AutoIP, used by multiple devices. Improper handling of exceptional conditions can lead to a reboot of the device, if parsing malformed network packets. CVSSv3 score of 7.5
More info.


Trend Micro

Patch

Trend Micro has released two patches for Deep Security Manager and Vulnerability Protection. If LDAP authentication is enabled, an unauthenticated attacker with prior knowledge of the targeted organization may be able to bypass manager authentication. CVSSv3 score of 8.1
More info.


HPE

Patch

Security vulnerabilities in the HP-UX Tomcat-based Servlet Engine could be exploited remotely to create a Cache Poisoning or Security Constraint Bypass. Highest CVSSv3 score of 9.8
More info.


IBM

Patch

Tenable research discovered a DoS vulnerability in IBM Spectrum Protect. An unauthenticated, remote attacker can use a series of specially crafted messages to terminate the dsmsvc and dstasvc (Storage Agent) processes. CVSSv3 score of 7.5
More info.

IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of FasterXML jackson-databind and Apache Spark.
More info.  And here.


Shibboleth

Patch

The modern IIS module fails to catch and handle exceptions that result from failed attempts to read data from the HTTP client socket. Because it is possible experimentally to trigger this condition remotely, it results in a potential denial of service condition exploitable by a remote, unauthenticated attacker.
More info.


Linux

Patch

OpenSUSE has updated apache2, grub2, and others.  More info.
RedHat has updated git.  More info.
Debian has updated thunderbird and others.  More info.
Gentoo Linux has updated bind, kleopatra, openjdk, and others.  More info.
Mageia has updated the kernel, thunderbird, and others.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020