Denegación de servicio en PowerVM VIOS de IBM

Fecha de publicación: 29/07/2022
Identificador: INCIBE-2022-0858
Importancia: 5 - Crítica

Recursos afectados:
PowerVM VIOS, versión 3.1.

Descripción:
Se ha publicado una vulnerabilidad en productos IBM que podría permitir a un atacante, remoto, manipular la configuración del sistema o provocar una denegación de servicio.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/denegacion-servicio-powervm-vios-ibm

Múltiples vulnerabilidades en productos Netgear

Fecha de publicación: 01/08/2022
Identificador: INCIBE-2022-0861
Importancia: 5 - Crítica

Descripción:
Las investigaciones de wtbw han reportado 2 vulnerabilidades críticas en varios productos de Netgear.

Solución:
Descargar la última versión del firmware disponible para cada producto desde la página web de soporte de Netgear.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-21

Omisión de autenticación en Dell CloudLink

Fecha de publicación: 02/08/2022
Identificador: INCIBE-2022-0863
Importancia: 5 - Crítica

Recursos afectados:
Dell CloudLink, versiones anteriores a la 7.1.3.

Descripción:
Se ha publicado una vulnerabilidad en Dell CloudLink que podría permitir a un atacante tomar el control del sistema.

Solución:
Actualizar a la versión 7.1.3.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-dell-cloudlink

VMSA-2022-0021

CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02

CVE(s):
CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665

Synopsis:
VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.

Impacted Products
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

Múltiples vulnerabilidades en routers Arris

Fecha de publicación: 03/08/2022
Identificador: INCIBE-2022-0865
Importancia: 5 - Crítica

Recursos afectados:
Servidor web muhttpd, empleado en equipos de cliente (CPE) de ISP, principalmente en el firmware de Arris utilizado en los modelos de router (listado no completo):

NVG443, NVG599, NVG589, NVG510, BGW210, BGW320.

Las búsquedas en Internet revelaron 19.000 routers vulnerables conectados a la Red.

Descripción:
El investigador, Derek Abdine, ha publicado una investigación en la que se identifican 3 vulnerabilidades, que afectan a varios modelos de routers Arris, de tipo limitación incorrecta de la ruta a un directorio restringido, desreferencia a puntero nulo y desbordamiento de búfer.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-routers-arris

Múltiples vulnerabilidades en productos VMware

Fecha de publicación: 03/08/2022
Identificador: INCIBE-2022-0864
Importancia: 5 - Crítica

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-vmware-27

Cisco Small Business RV Series Routers Vulnerabilities

Advisory ID: cisco-sa-sb-mult-vuln-CbVp4SUR
First Published: 2022 August 3 16:00 GMT
CVSS Score: Base 9.8

Vulnerable Products
CVE-2022-20827 and CVE-2022-20841 affect the following Cisco products:
RV160 VPN Routers
RV160W Wireless-AC VPN Routers
RV260 VPN Routers
RV260P VPN Routers with PoE
RV260W Wireless-AC VPN Routers
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers

CVE-2022-20842 affects the following Cisco products:
RV340 Dual WAN Gigabit VPN Routers
RV340W Dual WAN Gigabit Wireless-AC VPN Routers
RV345 Dual WAN Gigabit VPN Routers
RV345P Dual WAN Gigabit POE VPN Routers

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-mult-vuln-CbVp4SUR

Ejecución remota de código en DrayTek Vigor Routers

Fecha de publicación: 04/08/2022
Identificador: INCIBE-2022-0867
Importancia: 5 - Crítica

Detalle:
La interfaz de gestión web de los dispositivos vulnerables de DrayTek está afectada por un desbordamiento de búfer en la página de inicio de sesión en /cgi-bin/wlogin.cgi. Un atacante puede suministrar un nombre de usuario y/o una contraseña especialmente diseñados como cadenas codificadas en base64, dentro de los campos 'aa' y 'ab' de la página de inicio de sesión, provocando un error lógico en la verificación del tamaño de estas cadenas codificadas, lo que podría suponer el compromiso total del dispositivo o al acceso, no autorizado, a los recursos internos. Se ha asignado el identificador CVE-2022-32548 para esta vulnerabilidad.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-draytek-vigor-routers

F5 Releases Security Updates

Original release date: August 04, 2022

F5 has released security updates to address vulnerabilities in multiple products. A privileged attacker could exploit some of these vulnerabilities to take control of an affected system.

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/04/f5-releases-security-updates

Large-Scale Phishing Attacks Targeting Microsoft Enterprise Email Services.

Security researchers from ThreatLabz have uncovered a new strain of a large-scale phishing campaign using adversary-in-the-middle (AiTM) techniques along with several evasion tactics.

According to an advisory published by the company on Tuesday, similar AiTM phishing techniques were used in a separate phishing campaign described by Microsoft last month.

Now, ThreatLabz revealed that using intelligence gathered from the Zscaler cloud, it observed an increase in the use of advanced phishing kits in a large-scale campaign in June.

https://www.infosecurity-magazine.com/news/phishing-attacks-microsoft/

https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

Vulnerability Spotlight: Vulnerabilities in Alyac antivirus program could stop virus scanning, cause code execution.

Update (Aug. 3, 2022): Talos disclosed two new vulnerabilities in the Alyac antivirus software and added their details to this post.

Cisco Talos recently discovered out-of-bounds read and buffer overflow vulnerabilities in ESTsecurity Corp.’s Alyac antivirus software that could cause a denial-of-service condition or arbitrary code execution. Alyac is an antivirus software developed for Microsoft Windows machines.

TALOS-2022-1452 (CVE-2022-21147) is a vulnerability that exists in a specific Alyac module that, eventually, leads to a crash of Alyac’s scanning process, which effectively neutralizes the antivirus scan.

https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html

Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory.

https://portswigger.net/daily-swig/jenkins-security-unpatched-xss-csrf-bugs-included-in-latest-plugin-advisory

August 5, 2022

An incident impacting some accounts and private information on Twitter

https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts

RHBA-2022:5874 - Bug Fix Advisory

Issued:2022-08-09

OpenShift Container Platform 4.10.26 packages update

Affected Products
Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.10 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.10 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.10 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.10 aarch64

https://access.redhat.com/errata/RHBA-2022:5874

VMSA-2022-0021.1

CVSSv3 Range: 4.7-9.8
Issue Date: 2022-08-02
Updated On: 2022-08-09

Impacted Products
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

VMSA-2022-0022

CVSSv3 Range: 5.6-7.2
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, CVE-2022-31675

Synopsis:
VMware vRealize Operations contains multiple vulnerabilities

https://www.vmware.com/security/advisories/VMSA-2022-0022.html

VMSA-2022-0023

CVSSv3 Range: 5.7
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-22983

Synopsis:
VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)

Known Attack Vectors

A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

https://www.vmware.com/security/advisories/VMSA-2022-0023.html

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/09/adobe-releases-security-updates-multiple-products

Microsoft Releases August 2022 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2022-Aug

Palo Alto Networks Releases Security Update for PAN-OS

https://www.cisa.gov/uscert/ncas/current-activity/2022/08/05/palo-alto-networks-releases-security-update-pan-os

Cisco Talos shares insights related to recent cyber attack on Cisco

[...]
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
[...]

https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html