Múltiples vulnerabilidades que afectan a productos Cisco
Fecha de publicación: 16/06/2022
Importancia: 5 - Crítica
Recursos afectados:
Cisco ESA (Email Security Appliance) y Cisco Secure Email and Web Manager con versiones de Cisco AsyncOS Software vulnerables. Puedes consultar las versiones en la página de Cisco.
Cisco Small Business RV Series Routers:
RV110W Wireless-N VPN Firewall,
RV130 VPN Router,
RV130W Wireless-N Multifunction VPN Router,
RV215W Wireless-N VPN Router.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-82
Fecha de publicación: 16/06/2022
Importancia: 5 - Crítica
Recursos afectados:
Cisco ESA (Email Security Appliance) y Cisco Secure Email and Web Manager con versiones de Cisco AsyncOS Software vulnerables. Puedes consultar las versiones en la página de Cisco.
Cisco Small Business RV Series Routers:
RV110W Wireless-N VPN Firewall,
RV130 VPN Router,
RV130W Wireless-N Multifunction VPN Router,
RV215W Wireless-N VPN Router.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-82
INCIBE-CERT
Múltiples vulnerabilidades en productos de Cisco
Cisco ha reportado dos vulnerabilidades de severidad crítica que permitirían evadir la autenticación e iniciar sesión en la interfaz de gestión de un dispositivo, ejecutar código arbitrario o causar
Omisión de autenticación en productos HPE
Fecha de publicación: 17/06/2022
Identificador: INCIBE-2022-0800
Importancia: 5 - Crítica
Recursos afectados:
Cray Legacy Shasta System Solutions y supercomputadores HPE Cray EX:
todas las versiones del firmware del controlador de nodo asociadas a las palas de refrigeración líquida HPE Cray EX;
todas las versiones del firmware del controlador de chasis asociadas a las cabinas de refrigeración líquida HPE Cray EX anteriores a 1.6.27/1.5.33/1.4.27.
HPE Slingshot, versiones anteriores a 1.7.2.
Descripción:
HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-hpe
Fecha de publicación: 17/06/2022
Identificador: INCIBE-2022-0800
Importancia: 5 - Crítica
Recursos afectados:
Cray Legacy Shasta System Solutions y supercomputadores HPE Cray EX:
todas las versiones del firmware del controlador de nodo asociadas a las palas de refrigeración líquida HPE Cray EX;
todas las versiones del firmware del controlador de chasis asociadas a las cabinas de refrigeración líquida HPE Cray EX anteriores a 1.6.27/1.5.33/1.4.27.
HPE Slingshot, versiones anteriores a 1.7.2.
Descripción:
HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-hpe
INCIBE-CERT
Omisión de autenticación en productos HPE
HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto.
Critical Citrix ADM vulnerability creates means to reset admin passwords.
https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords
https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords
The Daily Swig | Cybersecurity news and views
Critical Citrix ADM vulnerability creates means to reset admin passwords
Improper access control flaw poses DoS-to-RCE hijack risk
Millions of Secrets Exposed via Web Application Frontend – An Internet-Wide Study.
https://redhuntlabs.com/blog/millions-of-secrets-exposed-via-web-application-frontend.html
https://redhuntlabs.com/blog/millions-of-secrets-exposed-via-web-application-frontend.html
Divulgación de información sensible en HPE NonStop DSM/SCM
Fecha de publicación: 22/06/2022
Identificador: INCIBE-2022-0807
Importancia: 5 - Crítica
Recursos afectados:
DSM/SCM SPR T6031H03^ADP.
RVUs potencialmente afectados:
L21.11.02;
L21.11.01;
L21.06.02;
L21.06.01;
L21.06.00;
L20.10.00;
L20.05.00;
J06.23.01;
J06.23.00.
Descripción:
HPE Product Security Response Team ha notificado una vulnerabilidad de severidad crítica que podría causar la divulgación de información sensible en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/divulgacion-informacion-sensible-hpe-nonstop-dsmscm
Fecha de publicación: 22/06/2022
Identificador: INCIBE-2022-0807
Importancia: 5 - Crítica
Recursos afectados:
DSM/SCM SPR T6031H03^ADP.
RVUs potencialmente afectados:
L21.11.02;
L21.11.01;
L21.06.02;
L21.06.01;
L21.06.00;
L20.10.00;
L20.05.00;
J06.23.01;
J06.23.00.
Descripción:
HPE Product Security Response Team ha notificado una vulnerabilidad de severidad crítica que podría causar la divulgación de información sensible en el dispositivo afectado.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/divulgacion-informacion-sensible-hpe-nonstop-dsmscm
INCIBE-CERT
Divulgación de información sensible en HPE NonStop DSM/SCM
HPE Product Security Response Team ha notificado una vulnerabilidad de severidad crítica que podría causar la divulgación de información sensible en el dispositivo afectado.
Ejecución arbitraria de código en IBM CICS TX
Fecha de publicación: 23/06/2022
Identificador: INCIBE-2022-0810
Importancia: 5 - Crítica
Recursos afectados:
IBM CICS TX Standard, todas las versiones.
IBM CICS TX Advanced, versión 11.1.
Descripción:
IBM ha publicado una vulnerabilidad que podría permitir a un atacante la ejecución arbitraria de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-arbitraria-codigo-ibm-cics-tx
Fecha de publicación: 23/06/2022
Identificador: INCIBE-2022-0810
Importancia: 5 - Crítica
Recursos afectados:
IBM CICS TX Standard, todas las versiones.
IBM CICS TX Advanced, versión 11.1.
Descripción:
IBM ha publicado una vulnerabilidad que podría permitir a un atacante la ejecución arbitraria de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-arbitraria-codigo-ibm-cics-tx
INCIBE-CERT
Ejecución arbitraria de código en IBM CICS TX
IBM ha publicado una vulnerabilidad que podría permitir a un atacante la ejecución arbitraria de código.
New DFSCoerce NTLM relay attack allows taking control over Windows domains.
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain.
Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain.
https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain.
Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain.
https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html
Security Affairs
DFSCoerce NTLM relay attack allows taking control over Win domains
Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain.
ICS Medical Advisory (ICSMA-22-174-01)
OFFIS DCMTK
EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable from an adjacent network/low attack complexity
Vendor: OFFIS
Equipment: DCMTK
Vulnerabilities: Path Traversal, Relative Path Traversal, NULL Pointer Dereference
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution.
https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01
OFFIS DCMTK
EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable from an adjacent network/low attack complexity
Vendor: OFFIS
Equipment: DCMTK
Vulnerabilities: Path Traversal, Relative Path Traversal, NULL Pointer Dereference
RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution.
https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2022-30131
Released: Jun 14, 2022
Last updated: Jun 22, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30131
CVE-2022-30131
Released: Jun 14, 2022
Last updated: Jun 22, 2022
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30131
Citrix Releases Security Updates for Hypervisor
Description of Problem
A security issue has been identified in Citrix Hypervisor 7.1 LTSR CU2 that may allow privileged code in a PV guest VM to compromise the host. Citrix believes that there would be significant complexity in performing this attack in Citrix Hypervisor.
The issue has the following CVE identifier:
CVE-2022-26362
In addition Intel has disclosed several issues that affect CPU hardware and may allow code inside a guest VM to access very small sections of memory data that are actively being used elsewhere on the system. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include product changes to mitigate these CPU issues.
These issues have the following CVE identifiers:
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
Customers who are not running PV guest VMs are not affected by the Citrix Hypervisor issue.
Customers who are not using Intel CPUs are not affected by the Intel CPU issues.
https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update
Description of Problem
A security issue has been identified in Citrix Hypervisor 7.1 LTSR CU2 that may allow privileged code in a PV guest VM to compromise the host. Citrix believes that there would be significant complexity in performing this attack in Citrix Hypervisor.
The issue has the following CVE identifier:
CVE-2022-26362
In addition Intel has disclosed several issues that affect CPU hardware and may allow code inside a guest VM to access very small sections of memory data that are actively being used elsewhere on the system. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include product changes to mitigate these CPU issues.
These issues have the following CVE identifiers:
CVE-2022-21123
CVE-2022-21125
CVE-2022-21127
CVE-2022-21166
Customers who are not running PV guest VMs are not affected by the Citrix Hypervisor issue.
Customers who are not using Intel CPUs are not affected by the Intel CPU issues.
https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update
Múltiples vulnerabilidades en SRM de Synology
Fecha de publicación: 27/06/2022
Importancia: 4 - Alta
Recursos afectados:
Synology Router Manager (SRM), versiones 1.2 y 1.3.
Descripción:
Synology ha publicado varias vulnerabilidades de severidad alta que afectan al software SRM, las cuales podrían permitir a un ciberatacante inyectar comandos SQL o leer y escribir archivos arbitrarios.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-srm-synology
Fecha de publicación: 27/06/2022
Importancia: 4 - Alta
Recursos afectados:
Synology Router Manager (SRM), versiones 1.2 y 1.3.
Descripción:
Synology ha publicado varias vulnerabilidades de severidad alta que afectan al software SRM, las cuales podrían permitir a un ciberatacante inyectar comandos SQL o leer y escribir archivos arbitrarios.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-srm-synology
INCIBE
Múltiples vulnerabilidades en SRM de Synology
Mitel VoIP Bug Exploited in Ransomware Attacks.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
https://threatpost.com/mitel-voip-bug-exploited/180079/
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
https://threatpost.com/mitel-voip-bug-exploited/180079/
Threat Post
Mitel VoIP Bug Exploited in Ransomware Attacks
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
Dozens of cryptography libraries vulnerable to private key theft.
Signing mechanism security shortcomings exposed
A poor implementation of Ed25519, a popular digital signature algorithm, has left dozens of cryptography libraries vulnerable to attacks.
According to Konstantinos Chalkias, a cryptographer at MystenLabs who discovered and reported the vulnerability, attackers could exploit the bug to steal private keys from cryptocurrency wallets.
Some but not yet all of the vulnerable technologies have been patched.
https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft
https://github.com/MystenLabs/ed25519-unsafe-libs
Signing mechanism security shortcomings exposed
A poor implementation of Ed25519, a popular digital signature algorithm, has left dozens of cryptography libraries vulnerable to attacks.
According to Konstantinos Chalkias, a cryptographer at MystenLabs who discovered and reported the vulnerability, attackers could exploit the bug to steal private keys from cryptocurrency wallets.
Some but not yet all of the vulnerable technologies have been patched.
https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft
https://github.com/MystenLabs/ed25519-unsafe-libs
Múltiples vulnerabilidades en productos Netgear
Fecha de publicación: 30/06/2022
Identificador: INCIBE-2022-0816
Importancia: 5 - Crítica
Descripción:
Las investigaciones de wtbw han reportado 2 vulnerabilidades críticas en varios productos de Netgear.
Solución:
Descargar la última versión del firmware disponible para cada producto desde la página web de soporte de Netgear.
Detalle:
Las vulnerabilidades son del tipo:
omisión de autenticación,
inyección de comandos previa a la autenticación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-20
https://www.netgear.com/support/?_ga=2.103705091.246084655.1656482490-551952353.1601964157
Fecha de publicación: 30/06/2022
Identificador: INCIBE-2022-0816
Importancia: 5 - Crítica
Descripción:
Las investigaciones de wtbw han reportado 2 vulnerabilidades críticas en varios productos de Netgear.
Solución:
Descargar la última versión del firmware disponible para cada producto desde la página web de soporte de Netgear.
Detalle:
Las vulnerabilidades son del tipo:
omisión de autenticación,
inyección de comandos previa a la autenticación.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-20
https://www.netgear.com/support/?_ga=2.103705091.246084655.1656482490-551952353.1601964157
INCIBE-CERT
Múltiples vulnerabilidades en productos Netgear
Las investigaciones de wtbw han reportado 2 vulnerabilidades críticas en varios productos de Netgear.
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric.
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node and take over all other nodes in the cluster.
The privilege-escalation bug is only exploitable on Linux containers, though it is present in Windows container environments as well, Microsoft said in an advisory Tuesday.
https://www.darkreading.com/remote-workforce/patch-now-linux-container-escape-flaw-azure-service-fabric
https://www.theregister.com/2022/06/29/azure_service_fabric_cve_2022_30137/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node and take over all other nodes in the cluster.
The privilege-escalation bug is only exploitable on Linux containers, though it is present in Windows container environments as well, Microsoft said in an advisory Tuesday.
https://www.darkreading.com/remote-workforce/patch-now-linux-container-escape-flaw-azure-service-fabric
https://www.theregister.com/2022/06/29/azure_service_fabric_cve_2022_30137/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Darkreading
Patch Now: Linux Container-Escape Flaw in Azure Service Fabric
Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug.
Forwarded from Una al día
Routers de diversos fabricantes objetivos del nuevo malware ZuoRAT
https://unaaldia.hispasec.com/2022/07/routers-de-diversos-fabricantes-objetivos-del-nuevo-malware-zuorat.html
https://unaaldia.hispasec.com/2022/07/routers-de-diversos-fabricantes-objetivos-del-nuevo-malware-zuorat.html
Una al Día
Routers de diversos fabricantes objetivos del nuevo malware ZuoRAT
Se ha descubierto un nuevo troyano de acceso remoto (RAT) con un alto nivel de sofisticación cuyo objetivo son routers de diversas marcas.
Tens of Jenkins plugins are affected by zero-day vulnerabilities.
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched.
https://securityaffairs.co/wordpress/132836/security/jenkins-plugins-zero-day-flaws.html
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched.
https://securityaffairs.co/wordpress/132836/security/jenkins-plugins-zero-day-flaws.html
Security Affairs
Tens of Jenkins plugins are affected by zero-day vulnerabilities
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched.
Vulnerabilidad de inyección SQL a través de Django
Fecha de publicación: 05/07/2022
Identificador: INCIBE-2022-0821
Importancia: 4 - Alta
Recursos afectados:
Rama principal de Django,
Django 4.1 (actualmente en estado beta),
Django 4.0,
Django 3.2.
Descripción:
El investigador Takuto Yoshikai, de Aeye Security Lab, ha informado de una posible vulnerabilidad de inyección SQL en Django, un conocido framework de desarrollo web basado en Python. Un atacante podría aprovechar esta vulnerabilidad para efectuar ataques de inyección SQL en páginas web desarrolladas con este framework.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-traves-django
Fecha de publicación: 05/07/2022
Identificador: INCIBE-2022-0821
Importancia: 4 - Alta
Recursos afectados:
Rama principal de Django,
Django 4.1 (actualmente en estado beta),
Django 4.0,
Django 3.2.
Descripción:
El investigador Takuto Yoshikai, de Aeye Security Lab, ha informado de una posible vulnerabilidad de inyección SQL en Django, un conocido framework de desarrollo web basado en Python. Un atacante podría aprovechar esta vulnerabilidad para efectuar ataques de inyección SQL en páginas web desarrolladas con este framework.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-traves-django
INCIBE-CERT
Vulnerabilidad de inyección SQL a través de Django
El investigador Takuto Yoshikai, de Aeye Security Lab, ha informado de una posible vulnerabilidad de inyección SQL en Django, un conocido framework de desarrollo web basado en Python. Un atacante
OpenSSL Releases Security Update
Original release date: July 06, 2022
OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update
https://www.openssl.org/news/secadv/20220705.txt
Original release date: July 06, 2022
OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update
https://www.openssl.org/news/secadv/20220705.txt
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/07/cisco-releases-security-updates-multiple-products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/07/cisco-releases-security-updates-multiple-products
www.cisa.gov
Cisco Releases Security Updates for Multiple Products | CISA
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco…
Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
CVE-2022-29149
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29149
CVE-2022-29149
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29149