Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Friday 14 February 2020


Phoenix
Contact

Patch

Phoenix Contact Emalytics Controllers ILC 2050 BI contain a vulnerability that allows an unauthorized attacker to change the device configuration and start or stop services. A link on the website of the devices allows unauthorized read and write access to the configuration of the devices. CVSSv3 score of 9.4
More info.


CA

Patch

CA is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks.
More info.


Xerox

Patch

Xerox has published security bulletins addressing vulnerabilities in third-party software(Solaris, Java, and Firefox) included in the FreeFlow Print Server products.
More info.


Fortinet

Patch

An Insufficient Verification of Data Authenticity vulnerability in FortiManager may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
More info.

FortiGate models which do not contain and embedded TRNG may suffer from insufficient entropy ("seed") in the CTR DRBG random data software generator, in their default configuration. Insufficient randomness of the software source used to seed FortiOS' random number generator enables theoretical and experimental attacks.
More info.


Huawei

Patch

Huawei has published or updated eight security bulletins, addressing DoS, OOB read, and other vulnerabilities in their products.
More info.


Linux

Patch

RedHat has updated sudo and others.  More info.
Oracle Linux has updated sudo and the kernel.  More info.
Debian has updated postgresql. More info.
Ubuntu has updated firefox.  More info.


  

Thursday 13 February 2020


PaloAlto

Patch

Insufficient Cross-Site Request Forgery (XSRF) protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool.
More info.


IBM

Patch

IBM Tivoli Monitoring Service could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server.
More info.


ABB

Patch

Multiple vulnerabilities exist in the eSOMS web interface that could potentially affect the confidentiality, integrity, or availability of information. In the most severe case, an attacker who successfully exploited these vulnerabilities could take over a user’s browser session, discover session based information, or affect the confidentiality of sensitive information within the application.
More info.


Moxa

Patch

Multiple product vulnerabilities were identified in Moxa’s OnCell G3100-HSPA Series and OnCell G3470A-LTE Series Cellular Gateway that could lead to DoS, RCE, CSRF, brute force authentication attacks, information exposure, and improper authentication.  Note all the CVEs are from 2018.
More info.


Linux

Patch

Arch Linux has update thunderbird, systemd, dovecot, and one more.  More info.
Debian has updated openjdk and firefox. More info.
Mageia has updated flash and others.  More info.
Amazon Linux has updated python.  More info.
Amazon Linux 2 has updated thunderbird. More info.


  

Wednesday 12 February 2020


Microsoft

Exploit

Microsoft Monthly Patches are out.  There are patches for 100 vulnerabilities total, 12 rated Critical, the highest CVSSv3 score of 8.8. Five of them have been previously disclosed, and the previously disclosed Scripting Engine vulnerability is actively being exploited.  There are several Critical patched vulnerabilities that allow RCE.
More info.  And here.


Adobe

Patch

Adobe has published February monthly updates Acrobat and Reader, Flash, Experience Manager, Digital Editions, and Framemaker.  These include Critical vulnerabilities in most of these products.
More info.


Schneider
Electric

Exploit

Schneider Electric has released their Monthly Security Advisories, consisting of one new advisory and two updated advisories.  The updated advisories include fixes for previously disclosed Urgent/11 vulnerabilities, and notification of exploits in the wild for U.Motion Builder, on EOL and unsupported product.
More info.


Firefox

Patch

Multiple vulnerabilities have been patched in Mozilla Firefox and Firefox ESR, the most severe of which could allow for arbitrary code execution.
More info.  And here.

Mozilla has also patched Thunderbird for several vulnerabilities rated Moderate.
More info.


SSS

Patch

Synergy Systems & Solutions HUSKY RTU has been patched to correct two vulnerabilities. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code, as well as specially crafted malicious packets could cause a DoS. These vulnerabilities have CVSSv3 scores of 9.8 and 7.5.
More info.


IBM

Exploit

IBM ServeRAID Manager exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.  This is unsupported software, and no patches are expected.
More info.


Aruba

Patch

An information disclosure vulnerability is present in Aruba Intelligent Edge Switches which allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.
More info.


Linux

Patch

OpenSUSE has updated nginx, systemd, chromium, and others.  More info.
Arch Linux has update firefox.  More info.
Oracle Linux has updated the kernel. More info.


  

Tuesday 11 February 2020


SAP

Patch

SAP Monthly Patches are out.  There are 13 new security notes, and two updated notes.  Three new notes are rated High, the rest Medium.  One of the updated notes is rated Hot News.  There is one note addressing Missing Authorization Check, three addressing DoS. 
More info.


Siemens

Patch

Siemens has released their Monthly Security Advisories, consisting of 12 new advisories and eight updated advisories.  The highest rated bulletins address vulnerabilities in Intel CPUs and proFTPd (leading to RCE).  The rest mostly address DoS and other CPU related vulnerabilities.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.
RedHat has updated java and others.  More info.


  

Monday 10 February 2020


Siemens

Patch

Siemens has updated 58 bulletins.  A sampling shows these updates are to explicitly include SIPLUS products in the bulletins, as outlined in the notice on the Siemens security website.
More info.

Note that tomorrow is Siemens Monthly Patch day.


IBM

Patch

IBM has published multiple bulletins addressing vulnerabilities in third-party software included in Aspera Web products.
More info.


NetApp

New

NetApp has published four new bulletins addressing vulnerabilities in third-party software included in their products.  No patches yet.
More info.


Huawei

Patch

There is an information leak vulnerability in some Huawei products. An unauthenticated, remote attacker can make a large number of attempts to guess information.
More info.


Linux

Patch

OpenSUSE has updated chromium. More info.
Arch Linux has updated ksh.  More info.
Mageia has updated sudo, spamassassin, chromium, openslp, and others.  More info.
Amazon Linux and Amazon Linux 2 has updated the kernel, spamassassin, php, and others.  More info.  And here.


  

Friday 07 February 2020


Meinberg

Patch

Multiple vulnerabilities have been corrected in LANTIME Firmware. Most require an authenticated user, but several vulnerabilities allow information disclosure, and one allowed stored XSS from a remote attacker.
More info.


Dell

Patch

Dell has updated the SUSE Linux and Oracle database components in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance, and SUSE Linux in RSA IMG.
More info.  And here.


Linux

Patch

SUSE has updated nginx, systemd, php, and others. More info.
Arch Linux has updated chromium.  More info.
Ubuntu has updated mariadb and others.  More info.
Scientific Linux has updated the kernel.  More info.


  

Thursday 06 February 2020


Cisco

Patch

Cisco has published seven new bulletins, five rated High, two rated Medium.  Four address Cisco Discovery Protocol vulnerabilities, requiring adjacent access.
More info.


ClamAV

Patch

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device by sending a crafted email file.
More info.


Xerox

Patch

Xerox has updated third-party software (Oracle, Microsoft, Java, and Firefox) in their FreeFlow Print Servers.
More info. And here.


F5

Patch

A remote attacker may be able to perform a denial-of-service (DoS) attack on an AWS-hosted BIG-IP Virtual Edition (VE) system by causing the TMM process to restart.
More info.

The Traffic Management Microkernel (TMM) of BIG-IP systems may produce a core file when using the connector profile and a specific sequence of connections are received, resulting in a DoS.
More info.


Linux

Patch

SUSE has updated systemd and xen. More info.
Arch Linux has updated sudo.  More info.
Oracle Linux has updated the kernel and others.  More info.
CentOS has udpated git, the kernel, spamassassin, and others.  More info.
Ubuntu has updated mbedtls, sudo, opensmtpd, systemd, and others.  More info.


  

Wednesday 05 February 2020


Google

Patch

Google has published an update for Chrome for Desktop that contains 56 security fixes.
More info.


Automation
Direct

Patch

C-More Touch Panels insufficiently protect credentials, making it possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the system and manipulate system configurations. CVSSv3 base score of 10.
More info.


Nortek

Exploit

Attackers are using a critical, previously disclosed command injection flaw in Nortek's Linear eMerge E3 Series access-controller family to launch DDoS attacks.  The vulnerabilities allow unauthenticated attackers to gain complete control of the system.  The original bulletin was in May 2019.
More info. And here.


Eaton

Patch

Eaton has published a bulletin addressing vulnerabilities that could lead to RCE in the SMP Gateway SSL/TLS component of Eaton's SMP Gateway automation platform.  The listed CVEs are from 2017.
More info.


Linux

Patch

RedHat has updated ksh, the kernel, and others.  More info.
Ubuntu has updated spamassassin.  More info.


  

Tuesday 04 February 2020


Qualcomm

Patch

Qualcomm has published their Monthly Bulletin.  There are four vulnerabilities in proprietary software, all rated High, and nine vulnerabilities in open source software, six rated High and three rated Medium.
More info.


Android

Patch

Android Monthly Patches are out.  There are 15 vulnerabilities, plus the Qualcomm patches.  Two vulnerabilities are rated Critical, 13 are rated High.  One Critical vulnerability allows Remote Code Execution, the second allows Information Disclosure.
More info.

The Pixel Monthly Bulletin includes the Qualcomm vulnerabilities.
More info.


Squid

Patch

Squid has published three new bulletins addressing vulnerabilities including DoS, security bypass, RCE, and information disclosure.
More info.


PPP

Patch

PPP has addressed a vulnerability which allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error in pppd. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
More info.


Fortinet

Patch

An Uncontrolled Resource Consumption vulnerability in multiple products may allow an attacker to cause web service portal denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly.
More info.


NetApp

New

NetApp has published three bulletins for vulnerabilities in third-party software in their products.  No patches yet.
More info.


Linux

Patch

SUSE has updated python and crowbar.  More info.
OpenSUSE has updated mailman.  More info.
RedHat has updated php, the kernel, and others.  More info.
CentOS has updated git.  More info.
Arch Linux has updated python-django.  More info.
Oracle Linux has updated git.  More info.
Ubuntu has updated django and sudo.  More info.
Mageia has updated the kernel and openjpeg2.  More info.


  

Monday 03 February 2020


Johnson
Controls

New

Johnson Controls has learned of vulnerabilities impacting ElasticSearch/Kibana, a third party software component used by Metasys Server software. An attacker could send a request that  leads remote code execution with the system level permissions granted to the Kibana process.
More info.


Dell

Patch

Multiple components within RSA NetWitness Platform require a security update to address various vulnerabilities.
More info.


Linux

Patch

RedHat has updated git.  More info.
Debian has updated qemu, spamassassin, sudo, and others.  More info.
Scientific Linux has updated git.  More info.


  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.


© Computer Network Defence Limited 2020