Vulnerabilidad de spoofing en Microsoft Endpoint Configuration Manager
Fecha de publicación: 22/09/2022
Importancia: Alta
Recursos afectados
Microsoft Endpoint Configuration Manager, versiones:
2103, 2107, 2111, 2203, 2207.
Descripción
El investigador, Brandon Colley, en colaboración con Trimarc Security, ha descubierto una vulnerabilidad de severidad alta en Microsoft Endpoint Configuration Manager, que ha sido publicada en un aviso fuera de ciclo por parte del fabricante. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-spoofing-microsoft-endpoint-configuration-manager
Fecha de publicación: 22/09/2022
Importancia: Alta
Recursos afectados
Microsoft Endpoint Configuration Manager, versiones:
2103, 2107, 2111, 2203, 2207.
Descripción
El investigador, Brandon Colley, en colaboración con Trimarc Security, ha descubierto una vulnerabilidad de severidad alta en Microsoft Endpoint Configuration Manager, que ha sido publicada en un aviso fuera de ciclo por parte del fabricante. Un atacante podría aprovechar esta vulnerabilidad para obtener información sensible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-spoofing-microsoft-endpoint-configuration-manager
www.incibe.es
Vulnerabilidad de spoofing en Microsoft Endpoint Configuration Manager
El investigador, Brandon Colley, en colaboración con Trimarc Security, ha descubierto una vulnerabilid
Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
Advisory ID: cisco-sa-20180620-nxosbgp
First Published: 2018 June 20 16:00 GMT
Last Updated: 2022 September 22 20:15 GMT
Workarounds: No workarounds available
CVSS Score: Base 8.6
Summary:
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading.
Version: 1.1
Description: CSCve87784 added for Nexus 7000 and 9000 platforms.
Section: Fixed Software
Status: Final
Date: 2022-SEP-22
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
Advisory ID: cisco-sa-20180620-nxosbgp
First Published: 2018 June 20 16:00 GMT
Last Updated: 2022 September 22 20:15 GMT
Workarounds: No workarounds available
CVSS Score: Base 8.6
Summary:
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading.
Version: 1.1
Description: CSCve87784 added for Nexus 7000 and 9000 platforms.
Section: Fixed Software
Status: Final
Date: 2022-SEP-22
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
Cisco
Cisco Security Advisory: Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading.
The vulnerability is due to…
The vulnerability is due to…
Malicious OAuth applications used to compromise email servers and spread spam
Microsoft 365 Defender Research Team
https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/
Microsoft 365 Defender Research Team
https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/
RHSA-2022:6681 - Security Advisory
Synopsis
Important: OpenShift Virtualization 4.9.6 Images security and bug fix update
Affected Products
Red Hat Container Native Virtualization 4.9 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.9 for RHEL 7 x86_64
https://access.redhat.com/errata/RHSA-2022:6681
Synopsis
Important: OpenShift Virtualization 4.9.6 Images security and bug fix update
Affected Products
Red Hat Container Native Virtualization 4.9 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.9 for RHEL 7 x86_64
https://access.redhat.com/errata/RHSA-2022:6681
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix.
CISA encourages users and administrators to review the following ISC advisories CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, and CVE-2022-38178 and apply the necessary mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/22/isc-releases-security-advisories-multiple-versions-bind-9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix.
CISA encourages users and administrators to review the following ISC advisories CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, and CVE-2022-38178 and apply the necessary mitigations.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/22/isc-releases-security-advisories-multiple-versions-bind-9
www.cisa.gov
ISC Releases Security Advisories for Multiple Versions of BIND 9 | CISA
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause…
Resolved RCE in Sophos Firewall (CVE-2022-3236)
Product(s)
Sophos Firewall
Publication ID: sophos-sa-20220923-sfos-rce
Article Version: 1
First Published: 2022 Sep 23
Workaround: Yes
Remediation
Ensure you are running a supported version
Hotfixes for the following versions published on September 21, 2022:
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
Hotfixes for the following versions published on September 23, 2022:
v18.0 MR3, MR4, MR5, and MR6
v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
v17.0 MR10
Fix included in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA
Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections, and this fix
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
Product(s)
Sophos Firewall
Publication ID: sophos-sa-20220923-sfos-rce
Article Version: 1
First Published: 2022 Sep 23
Workaround: Yes
Remediation
Ensure you are running a supported version
Hotfixes for the following versions published on September 21, 2022:
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
Hotfixes for the following versions published on September 23, 2022:
v18.0 MR3, MR4, MR5, and MR6
v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
v17.0 MR10
Fix included in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA
Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections, and this fix
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
SOPHOS
Cybersecurity as a Service Delivered | Sophos
We Deliver Superior Cybersecurity Outcomes for Real-World Organizations Worldwide with a Broad Portfolio of Advanced Security Products and Services.
Múltiples vulnerabilidades en productos HPE y Aruba
Fecha de publicación: 28/09/2022
Identificador: INCIBE-2022-0941
Importancia: 5 - Crítica
Recursos afectados:
HP-UX OpenSSL Software, versiones anteriores a A.01.01.01p.001;
Aruba InstantOS, versiones:
6.4.4.8-4.2.4.20 y anteriores;
6.5.4.23 y anteriores;
8.6.0.18 y anteriores;
8.7.1.9 y anteriores;
8.10.0.1 y anteriores;
10.3.1.0 y anteriores;
branches que se encuentran en fin de soporte (EOL).
Descripción:
Se han identificado 16 vulnerabilidades en productos HPE y Aruba: 9 de severidad crítica, 4 altas y 3 medias.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-y-aruba-0
Fecha de publicación: 28/09/2022
Identificador: INCIBE-2022-0941
Importancia: 5 - Crítica
Recursos afectados:
HP-UX OpenSSL Software, versiones anteriores a A.01.01.01p.001;
Aruba InstantOS, versiones:
6.4.4.8-4.2.4.20 y anteriores;
6.5.4.23 y anteriores;
8.6.0.18 y anteriores;
8.7.1.9 y anteriores;
8.10.0.1 y anteriores;
10.3.1.0 y anteriores;
branches que se encuentran en fin de soporte (EOL).
Descripción:
Se han identificado 16 vulnerabilidades en productos HPE y Aruba: 9 de severidad crítica, 4 altas y 3 medias.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-y-aruba-0
www.incibe.es
Multiples Vulnerabilidades Productos Hpe Y Aruba 0 | INCIBE-CERT | INCIBE
Se han identificado 16 vulnerabilidades en productos HPE y Aruba: 9 de severidad crítica, 4 altas y 3
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks.
Clients vulnerable due to improper certificate validation
A newly-discovered vulnerability in Apache Pulsar allows a remote attacker to carry out a manipulator-in-the-middle (MitM) attack due to improper certificate validation.
Apache Pulsar is a distributed, open source solution for server-to-server messaging and queuing built on the publisher-subscribe pattern.
https://portswigger.net/daily-swig/vulnerability-in-apache-pulsar-allowed-manipulator-in-the-middle-attacks
Clients vulnerable due to improper certificate validation
A newly-discovered vulnerability in Apache Pulsar allows a remote attacker to carry out a manipulator-in-the-middle (MitM) attack due to improper certificate validation.
Apache Pulsar is a distributed, open source solution for server-to-server messaging and queuing built on the publisher-subscribe pattern.
https://portswigger.net/daily-swig/vulnerability-in-apache-pulsar-allowed-manipulator-in-the-middle-attacks
The Daily Swig | Cybersecurity news and views
Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks
Clients vulnerable due to improper certificate validation
Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks.
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.
https://www.bleepingcomputer.com/news/security/ethernet-vlan-stacking-flaws-let-hackers-launch-dos-mitm-attacks/
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.
https://www.bleepingcomputer.com/news/security/ethernet-vlan-stacking-flaws-let-hackers-launch-dos-mitm-attacks/
BleepingComputer
Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.
Vulnerabilidades 0day en Microsoft Exchange Server
Fecha de publicación: 30/09/2022
Identificador: INCIBE-2022-0947
Importancia: 5 - Crítica
Recursos afectados:
Microsoft Exchange Server, versiones 2013, 2016 y 2019.
Para ayudar a las organizaciones a comprobar si sus servidores Exchange han sido explotados por este fallo, GTSC ha publicado una guía y una herramienta para escanear los archivos de registro de IIS:
Ejecutar el comando de PowerShell:
Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200
Utilizar la herramienta NCSE0Scanner desarrollada por GTSC.
Descripción:
GTSC Cyber Security ha informado de una nueva campaña de ataque que explota 2 vulnerabilidades 0-day afectando a Microsoft Exchange Server, que fueron notificadas a Microsoft a través del programa ZDI de Trend Micro: ZDI-CAN-18333 (CVSS 8.8) y ZDI-CAN-18802 (CVSS 6.3). La explotación de estas vulnerabilidades podría permitir a un atacante ejecutar código remoto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-0day-microsoft-exchange-server
Fecha de publicación: 30/09/2022
Identificador: INCIBE-2022-0947
Importancia: 5 - Crítica
Recursos afectados:
Microsoft Exchange Server, versiones 2013, 2016 y 2019.
Para ayudar a las organizaciones a comprobar si sus servidores Exchange han sido explotados por este fallo, GTSC ha publicado una guía y una herramienta para escanear los archivos de registro de IIS:
Ejecutar el comando de PowerShell:
Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200
Utilizar la herramienta NCSE0Scanner desarrollada por GTSC.
Descripción:
GTSC Cyber Security ha informado de una nueva campaña de ataque que explota 2 vulnerabilidades 0-day afectando a Microsoft Exchange Server, que fueron notificadas a Microsoft a través del programa ZDI de Trend Micro: ZDI-CAN-18333 (CVSS 8.8) y ZDI-CAN-18802 (CVSS 6.3). La explotación de estas vulnerabilidades podría permitir a un atacante ejecutar código remoto.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-0day-microsoft-exchange-server
SysAdmin 24x7
Vulnerabilidades 0day en Microsoft Exchange Server Fecha de publicación: 30/09/2022 Identificador: INCIBE-2022-0947 Importancia: 5 - Crítica Recursos afectados: Microsoft Exchange Server, versiones 2013, 2016 y 2019. Para ayudar a las organizaciones a…
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.
https://www.helpnetsecurity.com/2022/09/30/cve-2022-41040-cve-2022-41082/
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.
https://www.helpnetsecurity.com/2022/09/30/cve-2022-41040-cve-2022-41082/
Help Net Security
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.
Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server
Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.
An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/microsoft-releases-guidance-zero-day-vulnerabilities-microsoft
Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.
An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/microsoft-releases-guidance-zero-day-vulnerabilities-microsoft
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/
Microsoft News
Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
Cisco Releases Security Updates for Multiple Products
Original release date: September 30, 2022
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the advisories and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisco-releases-security-updates-multiple-products
Original release date: September 30, 2022
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the advisories and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisco-releases-security-updates-multiple-products
www.cisa.gov
Cisco Releases Security Updates for Multiple Products | CISA
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the…
Drupal Releases Security Update
Original release date: September 30, 2022
Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.
CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/drupal-releases-security-update
Original release date: September 30, 2022
Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.
CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/drupal-releases-security-update
www.cisa.gov
Drupal Releases Security Update | CISA
Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security…
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41040
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040
CVE-2022-41040
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-41082
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
CVE-2022-41082
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
Cisco Releases Security Updates for Multiple Products
Original release date: October 06, 2022
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/06/cisco-releases-security-updates-multiple-products
Original release date: October 06, 2022
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/06/cisco-releases-security-updates-multiple-products
www.cisa.gov
Cisco Releases Security Updates for Multiple Products | CISA
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the…
VMSA-2022-0025
CVSSv3 Range: 3.8-7.2
Issue Date: 2022-10-06
CVE(s): CVE-2022-31680, CVE-2022-31681
Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)
Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
CVSSv3 Range: 3.8-7.2
Issue Date: 2022-10-06
CVE(s): CVE-2022-31680, CVE-2022-31681
Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)
Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)
https://www.vmware.com/security/advisories/VMSA-2022-0025.html
Múltiples vulnerabilidades en GLPI
Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0956
Importancia: 5 - Crítica
Recursos afectados:
GLPI, versiones anteriores a 9.5.9 o 10.0.3.
Descripción:
Se han identificados 2 vulnerabilidades de severidad crítica en GLPI, una de ellas en la librería de terceros HTMLAWED usada por GLPI, cuyas explotaciones podrían permitir a un atacante realizar inyección SQL y ejecución remota de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-glpi
Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0956
Importancia: 5 - Crítica
Recursos afectados:
GLPI, versiones anteriores a 9.5.9 o 10.0.3.
Descripción:
Se han identificados 2 vulnerabilidades de severidad crítica en GLPI, una de ellas en la librería de terceros HTMLAWED usada por GLPI, cuyas explotaciones podrían permitir a un atacante realizar inyección SQL y ejecución remota de código.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-glpi
www.incibe.es
Múltiples vulnerabilidades en GLPI
Se han identificados 2 vulnerabilidades de severidad crítica en GLPI, una de ellas en la librería de t