ICS Advisory (ICSA-22-153-02)
Illumina Local Run Manager

EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Illumina

Equipment: Local Run Manager (LRM)
Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information

RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network..

AFFECTED PRODUCTS
The following devices and instruments using LRM software are affected:
Illumina In Vitro Diagnostic (IVD) devices:
NextSeq 550Dx: LRM Versions 1.3 to 3.1
MiSeq Dx: LRM Versions 1.3 to 3.1

Researcher Use Only (ROU) instruments:
NextSeq 500 Instrument: LRM Versions 1.3 to 3.1
NextSeq 550 Instrument: LRM Versions 1.3 to 3.1
MiSeq Instrument: LRM Versions 1.3 to 3.1
iSeq 100 Instrument: LRM Versions 1.3 to 3.1
MiniSeq Instrument: LRM Versions 1.3 to 3.1


https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

ICS Advisory (ICSA-22-153-01)

Carrier LenelS2 HID Mercury access panels
Original release date: June 02, 2022

EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Carrier LenelS2
Equipment: HID Mercury access panels sold by LenelS2
Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection

RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition.

AFFECTED PRODUCTS
Carrier reports these vulnerabilities affect the following HID Mercury access panels sold by LenelS2:
LNL-X2210
LNL-X2220
LNL-X3300
LNL-X4420
LNL-4420
S2-LP-1501
S2-LP-4502
S2-LP-2500
S2-LP-1502

https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01

Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability

Summary
CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center

Advisory Release Date
02 Jun 2022 1 PM PDT (Pacific Time, -7 hours)

Affected Products
Confluence
Confluence Server
Confluence Data Center

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

[Actualización 06/06/2022]
Se ha confirmado que las versiones posteriores a la 1.3.0 tambien están afectadas

Autenticación inadecuada en Dell iDRAC9

Fecha de publicación: 07/06/2022
Identificador: INCIBE-2022-0783
Importancia: 5 - Crítica

Recursos afectados:
En el producto Dell Precision Workstation 7920 Rack, la tecnología Dell iDRAC9, versiones 5.00.00.00 y posteriores, pero anteriores a 5.10.10.00.

Descripción:
Se ha identificado una vulnerabilidad crítica en Dell Precision Workstation 7920 Rack que podría ser explotada por un atacante para comprometer el sistema afectado.

Solución:
Actualizar iDRAC9 a la versión 5.10.10.00.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/autenticacion-inadecuada-dell-idrac9

Vulnerabilidad crítica en el gestor de arranque U-Boot de dispositivos embebidos.

https://unaaldia.hispasec.com/2022/06/vulnerabilidad-critica-en-el-gestor-de-arranque-u-boot-de-dispositivos-embebidos.html

VMSA-2022-0016

CVSSv3 Range: 3.8
Issue Date: 2022-06-14
CVE(s): CVE-2022-21123, CVE-2022-21125, CVE-2022-21166

Synopsis:
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)

Impacted Products
VMware ESXi
VMware Cloud Foundation

https://www.vmware.com/security/advisories/VMSA-2022-0016.html

Microsoft
June 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Múltiples vulnerabilidades que afectan a productos Cisco

Fecha de publicación: 16/06/2022
Importancia: 5 - Crítica

Recursos afectados:
Cisco ESA (Email Security Appliance) y Cisco Secure Email and Web Manager con versiones de Cisco AsyncOS Software vulnerables. Puedes consultar las versiones en la página de Cisco.
Cisco Small Business RV Series Routers:
RV110W Wireless-N VPN Firewall,
RV130 VPN Router,
RV130W Wireless-N Multifunction VPN Router,
RV215W Wireless-N VPN Router.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-82

Omisión de autenticación en productos HPE

Fecha de publicación: 17/06/2022
Identificador: INCIBE-2022-0800
Importancia: 5 - Crítica

Recursos afectados:
Cray Legacy Shasta System Solutions y supercomputadores HPE Cray EX:
todas las versiones del firmware del controlador de nodo asociadas a las palas de refrigeración líquida HPE Cray EX;
todas las versiones del firmware del controlador de chasis asociadas a las cabinas de refrigeración líquida HPE Cray EX anteriores a 1.6.27/1.5.33/1.4.27.
HPE Slingshot, versiones anteriores a 1.7.2.

Descripción:
HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-hpe

Critical Citrix ADM vulnerability creates means to reset admin passwords.

https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords

Millions of Secrets Exposed via Web Application Frontend – An Internet-Wide Study.

https://redhuntlabs.com/blog/millions-of-secrets-exposed-via-web-application-frontend.html

Divulgación de información sensible en HPE NonStop DSM/SCM

Fecha de publicación: 22/06/2022
Identificador: INCIBE-2022-0807
Importancia: 5 - Crítica

Recursos afectados:
DSM/SCM SPR T6031H03^ADP.
RVUs potencialmente afectados:
L21.11.02;
L21.11.01;
L21.06.02;
L21.06.01;
L21.06.00;
L20.10.00;
L20.05.00;
J06.23.01;
J06.23.00.

Descripción:
HPE Product Security Response Team ha notificado una vulnerabilidad de severidad crítica que podría causar la divulgación de información sensible en el dispositivo afectado.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/divulgacion-informacion-sensible-hpe-nonstop-dsmscm

Ejecución arbitraria de código en IBM CICS TX

Fecha de publicación: 23/06/2022
Identificador: INCIBE-2022-0810
Importancia: 5 - Crítica

Recursos afectados:
IBM CICS TX Standard, todas las versiones.
IBM CICS TX Advanced, versión 11.1.

Descripción:
IBM ha publicado una vulnerabilidad que podría permitir a un atacante la ejecución arbitraria de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-arbitraria-codigo-ibm-cics-tx

New DFSCoerce NTLM relay attack allows taking control over Windows domains.

Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain.

Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain.

https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html

ICS Medical Advisory (ICSMA-22-174-01)
OFFIS DCMTK

EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable from an adjacent network/low attack complexity
Vendor: OFFIS
Equipment: DCMTK
Vulnerabilities: Path Traversal, Relative Path Traversal, NULL Pointer Dereference

RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution.

https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2022-30131

Released: Jun 14, 2022
Last updated: Jun 22, 2022

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30131

Citrix Releases Security Updates for Hypervisor

Description of Problem
A security issue has been identified in Citrix Hypervisor 7.1 LTSR CU2 that may allow privileged code in a PV guest VM to compromise the host. Citrix believes that there would be significant complexity in performing this attack in Citrix Hypervisor.

The issue has the following CVE identifier:
CVE-2022-26362
In addition Intel has disclosed several issues that affect CPU hardware and may allow code inside a guest VM to access very small sections of memory data that are actively being used elsewhere on the system. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include product changes to mitigate these CPU issues.

These issues have the following CVE identifiers:
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
Customers who are not running PV guest VMs are not affected by the Citrix Hypervisor issue.
Customers who are not using Intel CPUs are not affected by the Intel CPU issues.

https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

Múltiples vulnerabilidades en SRM de Synology

Fecha de publicación: 27/06/2022
Importancia: 4 - Alta

Recursos afectados:
Synology Router Manager (SRM), versiones 1.2 y 1.3.

Descripción:
Synology ha publicado varias vulnerabilidades de severidad alta que afectan al software SRM, las cuales podrían permitir a un ciberatacante inyectar comandos SQL o leer y escribir archivos arbitrarios.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-srm-synology

Mitel VoIP Bug Exploited in Ransomware Attacks.

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

https://threatpost.com/mitel-voip-bug-exploited/180079/

Dozens of cryptography libraries vulnerable to private key theft.

Signing mechanism security shortcomings exposed

A poor implementation of Ed25519, a popular digital signature algorithm, has left dozens of cryptography libraries vulnerable to attacks.

According to Konstantinos Chalkias, a cryptographer at MystenLabs who discovered and reported the vulnerability, attackers could exploit the bug to steal private keys from cryptocurrency wallets.

Some but not yet all of the vulnerable technologies have been patched.

https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft

https://github.com/MystenLabs/ed25519-unsafe-libs