Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Advisory ID: cisco-sa-expressway-filewrite-87Q5YRk
First Published: 2022 March 2 16:00 GMT
Version 1.0: Final

Cisco Bug IDs:
CSCvz85393 CSCwa25107
CVE-2022-20754
CVE-2022-20755
CWE-23
CWE-78
CVSS Score: Base 9.0

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

Advisory ID:cisco-sa-uccsmi-prvesc-BQHGe4cm
First Published: 2022 March 2 16:00 GMT

Cisco Bug IDs:
CSCvz40263
CVE-2022-20762
CWE-284
CVSS Score: Base 7.8

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability

Advisory ID: cisco-sa-ise-dos-JLh9TxBp
First Published: 2022 March 2 16:00 GMT

Cisco Bug IDs:
CSCvz77905
CVE-2022-20756
CWE-399
CVSS Score: Base 8.6

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp

Múltiples vulnerabilidades en librería PJSIP de Teluu

Fecha de publicación: 03/03/2022
Importancia: 4 - Alta

Recursos afectados:
Cualquier proyecto que utilice la librería PJSIP, con versiones anteriores a la 2.12, y pase argumentos controlados por el atacante a cualquiera de las siguientes API:

pjsua_player_create – filename,
pjsua_recorder_create – filename,
pjsua_playlist_create – file_names,
pjsua_call_dump – buffer.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-libreria-pjsip-teluu

Ukrainian WordPress sites under massive complex attacks.

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country.

https://securityaffairs.co/wordpress/128613/cyber-warfare-2/ukrainian-wordpress-sites-attacks.html

Remote code execution vulnerability uncovered in Hashnode blogging platform.

A local file coding error could be exploited to trigger RCE

https://portswigger.net/daily-swig/remote-code-execution-vulnerability-uncovered-in-hashnode-blogging-platform

Firefox 97.0.2 and Firefox ESR 91.6.1 are out with critical security fixes.

https://www.ghacks.net/2022/03/05/firefox-97-0-2-and-firefox-esr-91-6-1-are-out-with-critical-security-fixes/

Hackers leak 190GB of alleged Samsung data, source code.

https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/

Avast released a free decryptor for the HermeticRansom that hit Ukraine.

https://securityaffairs.co/wordpress/128652/breaking-news/free-decryptor-hermeticransom-ukraine.html

New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?

CVE-2022-0492 Public on 7 de febrero de 2022

https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/

Malware now using stolen NVIDIA code signing certificates

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.

This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.

The extortion group, known as Lapsus$, states that they stole 1TB of data during the attack and began leaking the data online

https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/

Múltiples vulnerabilidades en productos de Asterisk

Fecha de publicación: 07/03/2022
Importancia: 5 - Crítica

Recursos afectados:
Asterisk Open Source:
versiones 16.x;
versiones 18.x;
versiones 19.x.
Certified Asterisk: versiones 16.x.

Descripción:
Asterisk ha publicado 3 vulnerabilidades: 2 de severidad crítica y 1 media, por las que un atacante podría ejecutar código arbitrario o realizar una denegación de servicio o un acceso a la memoria fuera de límites.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-asterisk

AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service.

https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/

New Linux bug gives root on all major distros, exploit released.

This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit.

The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.

https://dirtypipe.cm4all.com/

Divulgación de información sensible en phpMyAdmin

Fecha de publicación: 08/03/2022
Importancia: 3 - Media

Recursos afectados:
PhpMyAdmin, versión 5.1.1 y anteriores.

Descripción:
INCIBE ha coordinado la publicación de una vulnerabilidad en phpMyAdmin, con el código interno INCIBE-2022-0636, que ha sido descubierta por Rafael Pedrero.

A esta vulnerabilidad se le ha asignado el código CVE-2022-0813. Se ha calculado una puntuación base CVSS v3.1 de 5,3, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/divulgacion-informacion-sensible-phpmyadmin

Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device.

Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, we decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and CVE-2021-21745 — to show how they could be chained together by an attacker to completely take over a device.

https://blog.talosintelligence.com/2022/03/deep-dive-vulnerabilities-in-zte-router.html

New Supply Chain Vulnerabilities Impact Medical and IoT Devices.

https://www.forescout.com/blog/access-7-vulnerabilities-impact-supply-chain-component-in-medical-and-iot-device-models/

Microsoft Security Update Summary for March

Critical Security Updates
============================
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 11
HEVC Video Extension
HEVC Video Extensions
VP9 Video Extensions


https://msrc.microsoft.com/update-guide/

SAP Releases March 2022 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/sap-releases-march-2022-security-updates

TLStorm

Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices.

https://www.armis.com/research/tlstorm/