Atlassian: Two-week-long cloud outage impacted 775 customers.

Atlassian says that this month's two-week-long cloud outage has impacted almost double the number of customers it initially estimated after learning of the incident.

https://www.bleepingcomputer.com/news/technology/atlassian-two-week-long-cloud-outage-impacted-775-customers/

Vulnerabilidades críticas en DSM y SRM de Synology

Fecha de publicación: 03/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Software para los NAS (DSM) y los rúteres (SRM):
DSM, versiones 7.1, 7.0 y 6.2;
Firmware, versión VS 2.3;
SRM, versión 1.2.

Descripción:
Synology ha publicado varias vulnerabilidades de severidad crítica que afectan al software DSM y SRM, las cuales podrían permitir a un atacante ejecutar código arbitrario u obtener información confidencial.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidades-criticas-dsm-y-srm-synology

Ejecución remota de código en switches de Aruba

Fecha de publicación: 04/05/2022
Importancia: 5 - Crítica

Descripción:
El equipo de investigación de Armis ha descubierto múltiples vulnerabilidades de desbordamiento de búfer basado en memoria dinámica (heap) en varios dispositivos de Aruba que podría permitir a un atacante remoto la ejecución de código arbitrario en el dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-switches-aruba

Security Advisory Description
Undisclosed requests may bypass iControl REST authentication. (CVE-2022-1388)

Impact
This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only.

https://support.f5.com/csp/article/K23605346

K55879220: Overview of F5 vulnerabilities (May 2022)

https://support.f5.com/csp/article/K55879220

Múltiples vulnerabilidades en NFVIS de Cisco

Fecha de publicación: 05/05/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco Enterprise NFV Infrastructure Software (NFVIS), con la configuración por defecto.

Descripción:
Se han publicado 2 vulnerabilidades, una crítica y otra alta, en Cisco Enterprise NFV Infrastructure (NFVIS), que podrían permitir a un atacante pasar de la máquina virtual (VM) invitada al host, inyectar comandos como root o filtrar datos del sistema, desde el anfitrión a la máquina virtual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-nfvis-cisco

Insight Software: CVE-2022-29972 Magnitude Simba Amazon Redshift ODBC Driver
CVE-2022-29972

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972

May 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-May

May 2022 Microsoft Security Updates

RCE's en el reporte de mayo:

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21972

Windows LDAP Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22012
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29128
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29129
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29130
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29131
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29139

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22015

Remote Desktop Client Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22017

Remote Procedure Call Runtime Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22019

Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23270

Windows Address Book Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26926

Windows Graphics Component Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26927

Windows Network File System Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26937

Microsoft SharePoint Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29108

Microsoft Excel Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29109
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29110

Windows Fax Service Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29115

Visual Studio Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29148
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30129

May 2022 Microsoft Security Updates
Tabla resumen.

Actualización de seguridad de SAP de mayo de 2022

Fecha de publicación: 11/05/2022
Importancia: 5 - Crítica

Recursos afectados:
SAP Business One Cloud, versión 1.1;
SAP Commerce, versiones 1905, 2005, 2105 y 2011;
SAP Customer Profitability Analytics, versión 2;
SAP Webdispatcher, versiones 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 y 7.85;
SAP Netweaver AS para ABAP y Java (ICM), versiones KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 y 8.04;
SAP BusinessObjects Business Intelligence Platform, versiones 420 y 430;
SAP NetWeaver Application Server para ABAP y ABAP Platform, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 y 788;
SAP Employee Self Service (Fiori My Leave Request), versión 605;
SAP Host Agent, versión 7.22.

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-mayo-2022

Intel® NUC Firmware Advisory

Intel ID: INTEL-SA-00654
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege
Severity rating: HIGH

Original release: 05/10/2022

Summary:
Potential security vulnerabilities in some Intel® NUCs may allow escalation of privilege.
Intel is releasing firmware updates to mitigate these potential vulnerabilities.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00654.html

HP PC BIOS - May 2022 Security Updates

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

Severity: High
HP Reference: HPSBHF03788 Rev. 2
Release date: May 10, 2022

https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788

SonicWall urges customers to fix SMA 1000 vulnerabilities.

SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products.

SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. An attacker can exploit the vulnerabilities to bypass authorization and, potentially, compromise vulnerable devices.


https://securityaffairs.co/wordpress/131247/security/sonicwall-urges-customers-to-fix-sma-1000-vulnerabilities.html

Vulnerabilidad en el sistema operativo de los cortafuegos de Zyxel

Fecha de publicación: 16/05/2022
Importancia: 4 - Alta

Recursos afectados:
USG FLEX 100(W), 200, 500 y 700 con versiones de firmware ZLD V5.00 hasta ZLD V5.21 Patch 1.
USG FLEX 50(W) y USG20(W)-VPN con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1.
ATP series con versiones de firmware ZLD V5.10 hasta ZLD V5.21 Patch 1.
VPN series con versiones de firmware ZLD V4.60 hasta ZLD V5.21 Patch 1.

Descripción:
Zyxel ha publicado el parche que soluciona una vulnerabilidad de inyección de comandos en el sistema operativo de los firewalls detallados en “Recursos afectados”.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-el-sistema-operativo-los-cortafuegos-zyxel

Apache Releases Security Advisory for Tomcat
Original release date: May 16, 2022

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/16/apache-releases-security-advisory-tomcat

Microsoft recently observed a campaign targeting SQL servers that, like many attacks, uses brute force methods for initial compromise. What makes this campaign stand out is its use of the in-box utility sqlps.exe.

https://twitter.com/MsftSecIntel/status/1526680337216114693

Múltiples vulnerabilidades en productos Aruba

Fecha de publicación: 18/05/2022
Importancia: 5 - Crítica

Recursos afectados:
AirWave Management Platform, versión 8.2.14.0 y anteriores;
Aruba Fabric Composer (AFC) y Plexxi Composable Fabric Manager (CFM), versión 6.2.0 y anteriores;
Aruba EdgeConnect Enterprise, versiones ECOS 9.1.1.3, ECOS 9.0.6.0, ECOS 8.3.6.0 y anteriores;
Aruba EdgeConnect Enterprise Orchestrator (on-premises).

Descripción:
Múltiples vulnerabilidades en la biblioteca de procesamiento XML Expat afectan a productos de Aruba.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-aruba

Actualiza tus dispositivos Apple y evita estas vulnerabilidades

Fecha de publicación: 17/05/2022
Importancia: Alta

Recursos afectados
macOS Catalina, versiones anteriores a 2022-004.
macOS Big Sur versiones, anteriores a 11.6.6.
macOS Monterey, versiones anteriores a 12.4.
iOS e iPadOS, versiones anteriores a 15.5:
iPhone 6s y posteriores,
iPad Pro (todos los modelos),
iPad Air 2 y posteriores,
iPad 5th generation y posteriores,
iPad mini 4 y posteriores,
iPod touch (7th generation).
Safari, versiones anteriores a 15.5.

Descripción
Apple ha identificado y corregido vulnerabilidades de lectura y escritura de memoria fuera de límites, ejecución arbitraria de código y elevación de privilegios que afectan a varios de sus sistemas, por lo que recomienda actualizar los sistemas afectados.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/actualiza-tus-dispositivos-apple-y-evita-estas-vulnerabilidades

VMSA-2022-0014

CVSSv3 Range: 7.8-9.8
Issue Date: 2022-05-18

CVE(s): CVE-2022-22972, CVE-2022-22973

Synopsis:
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

CVE-2022-1183: Destroying a TLS session early causes assertion failure

Posting date: 18 May 2022
Program impacted: BIND
CVSS Score: 7.0
Severity: High

Versions affected: BIND 9.18.0 -> 9.18.2 and 9.19.0 of the BIND 9.19 development branch
Exploitable: Remotely

Description:
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.

Impact:
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected.

https://kb.isc.org/docs/cve-2022-1183