CVE-2022-1183: Destroying a TLS session early causes assertion failure

Posting date: 18 May 2022
Program impacted: BIND
CVSS Score: 7.0
Severity: High

Versions affected: BIND 9.18.0 -> 9.18.2 and 9.19.0 of the BIND 9.19 development branch
Exploitable: Remotely

Description:
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early.

Impact:
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected.

https://kb.isc.org/docs/cve-2022-1183

ICS Advisory (ICSA-22-139-01)
Mitsubishi Electric MELSEC iQ-F Series

1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-F Series
Vulnerabilities: Improper Input Validation

2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause a denial-of-service condition by sending specially crafted packets. A system reset is required for recovery.

https://www.cisa.gov/uscert/ics/advisories/icsa-22-139-01

May 2022
You might see authentication failures on the server or client for services

Status Originating update History
Resolved OS Build 19042.1706
KB5013942
2022-05-10 Resolved: 2022-05-19, 19:16 PT
Opened: 2022-05-11, 18:38 PT

After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). An issue has been found related to how the mapping of certificates to machine accounts is being handled by the domain controller.

https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-20h2#2826msgdesc

https://twitter.com/WindowsUpdate/status/1527400220216025088

VMSA-2022-0015

CVSSv3 Range:5.8
Issue Date:2022-05-24
CVE(s):CVE-2022-22977

Synopsis:
VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977)

https://www.vmware.com/security/advisories/VMSA-2022-0015.html

Drupal soluciona una vulnerabilidad que afecta a la librería Guzzel

Fecha de publicación: 26/05/2022
Importancia: 3 - Media

Recursos afectados:
Las versiones de Drupal anteriores a:
Drupal 9.3.14,
Drupal 9.2.20.

Descripción:
Se ha detectado una vulnerabilidad en la librería Guzzel utilizada por módulos de Drupal para gestionar peticiones y respuestas a servicios externos con el protocolo HTTP.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/drupal-soluciona-vulnerabilidad-afecta-libreria-guzzel

Citrix Releases Security Updates for ADC and Gateway
Original release date: May 26, 2022

Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/citrix-releases-security-updates-adc-and-gateway

VMSA-2022-0014.1

CVSSv3 Range: 7.8-9.8
Issue Date: 2022-05-18
Updated On: 2022-05-27

CVE(s): CVE-2022-22972, CVE-2022-22973

Synopsis:
VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.

Impacted Products
VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

Introduction
Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2022-0014.html

Multiple Microsoft Office versions impacted by an actively exploited zero-day

A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems.
The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code.

https://securityaffairs.co/wordpress/131800/hacking/multiple-microsoft-office-versions-zero-day.html

https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784/detection

https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 02/06/2022
Identificador: INCIBE-2022-0776
Importancia: 5 - Crítica

Recursos afectados:
Versiones anteriores a la 15.0.1, 14.10.4, y 14.9.5, de los productos:
GitLab Community Edition (CE),
GitLab Enterprise Edition (EE).

Descripción:
GitLab ha publicado nuevas versiones que solucionan 8 vulnerabilidades, siendo 1 crítica, 2 altas, 4 medias y 1 baja.

Solución:
Actualizar a la última versión disponible (15.0.1, 14.10.4, 14.9.5 o posteriores).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-0

[Actualización 02/06/2022] Múltiples vulnerabilidades en productos Aruba

Fecha de publicación: 18/05/2022
Importancia: 5 - Crítica

Recursos afectados:
AirWave Management Platform, versión 8.2.14.0 y anteriores;
Aruba Fabric Composer (AFC) y Plexxi Composable Fabric Manager (CFM), versión 6.2.0 y anteriores;
Aruba EdgeConnect Enterprise, versiones ECOS 9.1.1.3, ECOS 9.0.6.0, ECOS 8.3.6.0 y anteriores;
Aruba EdgeConnect Enterprise Orchestrator (on-premises).
[Actualización 02/06/2022]
Aruba ClearPass Policy Manager, versiones:
6.10.4 y anteriores;
6.9.10 y anteriores;
6.8.9 sin hotfix para fallos de Q1 2022 Security.

Descripción:
Múltiples vulnerabilidades en la biblioteca de procesamiento XML Expat afectan a productos de Aruba.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-aruba

ICS Advisory (ICSA-22-153-02)
Illumina Local Run Manager

EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Illumina

Equipment: Local Run Manager (LRM)
Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information

RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network..

AFFECTED PRODUCTS
The following devices and instruments using LRM software are affected:
Illumina In Vitro Diagnostic (IVD) devices:
NextSeq 550Dx: LRM Versions 1.3 to 3.1
MiSeq Dx: LRM Versions 1.3 to 3.1

Researcher Use Only (ROU) instruments:
NextSeq 500 Instrument: LRM Versions 1.3 to 3.1
NextSeq 550 Instrument: LRM Versions 1.3 to 3.1
MiSeq Instrument: LRM Versions 1.3 to 3.1
iSeq 100 Instrument: LRM Versions 1.3 to 3.1
MiniSeq Instrument: LRM Versions 1.3 to 3.1


https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

ICS Advisory (ICSA-22-153-01)

Carrier LenelS2 HID Mercury access panels
Original release date: June 02, 2022

EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Carrier LenelS2
Equipment: HID Mercury access panels sold by LenelS2
Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection

RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.

AFFECTED PRODUCTS
Carrier reports these vulnerabilities affect the following HID Mercury access panels sold by LenelS2:
LNL-X2210
LNL-X2220
LNL-X3300
LNL-X4420
LNL-4420
S2-LP-1501
S2-LP-4502
S2-LP-2500
S2-LP-1502

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01

Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability

Summary
CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center

Advisory Release Date
02 Jun 2022 1 PM PDT (Pacific Time, -7 hours)

Affected Products
Confluence
Confluence Server
Confluence Data Center

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

[Actualización 06/06/2022]
Se ha confirmado que las versiones posteriores a la 1.3.0 tambien están afectadas

Autenticación inadecuada en Dell iDRAC9

Fecha de publicación: 07/06/2022
Identificador: INCIBE-2022-0783
Importancia: 5 - Crítica

Recursos afectados:
En el producto Dell Precision Workstation 7920 Rack, la tecnología Dell iDRAC9, versiones 5.00.00.00 y posteriores, pero anteriores a 5.10.10.00.

Descripción:
Se ha identificado una vulnerabilidad crítica en Dell Precision Workstation 7920 Rack que podría ser explotada por un atacante para comprometer el sistema afectado.

Solución:
Actualizar iDRAC9 a la versión 5.10.10.00.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/autenticacion-inadecuada-dell-idrac9

Vulnerabilidad crítica en el gestor de arranque U-Boot de dispositivos embebidos.

https://unaaldia.hispasec.com/2022/06/vulnerabilidad-critica-en-el-gestor-de-arranque-u-boot-de-dispositivos-embebidos.html

VMSA-2022-0016

CVSSv3 Range: 3.8
Issue Date: 2022-06-14
CVE(s): CVE-2022-21123, CVE-2022-21125, CVE-2022-21166

Synopsis:
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)

Impacted Products
VMware ESXi
VMware Cloud Foundation

https://www.vmware.com/security/advisories/VMSA-2022-0016.html

Microsoft
June 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Múltiples vulnerabilidades que afectan a productos Cisco

Fecha de publicación: 16/06/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco ESA (Email Security Appliance) y Cisco Secure Email and Web Manager con versiones de Cisco AsyncOS Software vulnerables. Puedes consultar las versiones en la página de Cisco.
Cisco Small Business RV Series Routers:
RV110W Wireless-N VPN Firewall,
RV130 VPN Router,
RV130W Wireless-N Multifunction VPN Router,
RV215W Wireless-N VPN Router.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-82

Omisión de autenticación en productos HPE

Fecha de publicación: 17/06/2022
Identificador: INCIBE-2022-0800
Importancia: 5 - Crítica

Recursos afectados:
Cray Legacy Shasta System Solutions y supercomputadores HPE Cray EX:
todas las versiones del firmware del controlador de nodo asociadas a las palas de refrigeración líquida HPE Cray EX;
todas las versiones del firmware del controlador de chasis asociadas a las cabinas de refrigeración líquida HPE Cray EX anteriores a 1.6.27/1.5.33/1.4.27.
HPE Slingshot, versiones anteriores a 1.7.2.

Descripción:
HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-hpe

Critical Citrix ADM vulnerability creates means to reset admin passwords.

https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords