Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-nxosbgp
First Published: 2018 June 20 16:00 GMT
Last Updated: 2022 September 22 20:15 GMT
Workarounds: No workarounds available
CVSS Score: Base 8.6

Summary:
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading.

Version: 1.1
Description: CSCve87784 added for Nexus 7000 and 9000 platforms.
Section: Fixed Software
Status: Final
Date: 2022-SEP-22

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp

Malicious OAuth applications used to compromise email servers and spread spam

Microsoft 365 Defender Research Team

https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/

RHSA-2022:6681 - Security Advisory

Synopsis
Important: OpenShift Virtualization 4.9.6 Images security and bug fix update

Affected Products
Red Hat Container Native Virtualization 4.9 for RHEL 8 x86_64
Red Hat Container Native Virtualization 4.9 for RHEL 7 x86_64

https://access.redhat.com/errata/RHSA-2022:6681

ISC Releases Security Advisories for Multiple Versions of BIND 9

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix.

CISA encourages users and administrators to review the following ISC advisories CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, and CVE-2022-38178 and apply the necessary mitigations.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/22/isc-releases-security-advisories-multiple-versions-bind-9

Resolved RCE in Sophos Firewall (CVE-2022-3236)

Product(s)
Sophos Firewall
Publication ID: sophos-sa-20220923-sfos-rce
Article Version: 1
First Published: 2022 Sep 23
Workaround: Yes

Remediation
Ensure you are running a supported version
Hotfixes for the following versions published on September 21, 2022:
v19.0 GA, MR1, and MR1-1
v18.5 GA, MR1, MR1-1, MR2, MR3, and MR4
Hotfixes for the following versions published on September 23, 2022:
v18.0 MR3, MR4, MR5, and MR6
v17.5 MR12, MR13, MR14, MR15, MR16, and MR17
v17.0 MR10
Fix included in v18.5 MR5 (18.5.5), v19.0 MR2 (19.0.2), and v19.5 GA

Users of older versions of Sophos Firewall are required to upgrade to receive the latest protections, and this fix

https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Múltiples vulnerabilidades en productos HPE y Aruba

Fecha de publicación: 28/09/2022
Identificador: INCIBE-2022-0941
Importancia: 5 - Crítica

Recursos afectados:
HP-UX OpenSSL Software, versiones anteriores a A.01.01.01p.001;
Aruba InstantOS, versiones:
6.4.4.8-4.2.4.20 y anteriores;
6.5.4.23 y anteriores;
8.6.0.18 y anteriores;
8.7.1.9 y anteriores;
8.10.0.1 y anteriores;
10.3.1.0 y anteriores;
branches que se encuentran en fin de soporte (EOL).

Descripción:
Se han identificado 16 vulnerabilidades en productos HPE y Aruba: 9 de severidad crítica, 4 altas y 3 medias.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-hpe-y-aruba-0

Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks.

Clients vulnerable due to improper certificate validation

A newly-discovered vulnerability in Apache Pulsar allows a remote attacker to carry out a manipulator-in-the-middle (MitM) attack due to improper certificate validation.

Apache Pulsar is a distributed, open source solution for server-to-server messaging and queuing built on the publisher-subscribe pattern.

https://portswigger.net/daily-swig/vulnerability-in-apache-pulsar-allowed-manipulator-in-the-middle-attacks

Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks.

Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets.

https://www.bleepingcomputer.com/news/security/ethernet-vlan-stacking-flaws-let-hackers-launch-dos-mitm-attacks/

Vulnerabilidades 0day en Microsoft Exchange Server

Fecha de publicación: 30/09/2022
Identificador: INCIBE-2022-0947
Importancia: 5 - Crítica

Recursos afectados:
Microsoft Exchange Server, versiones 2013, 2016 y 2019.

Para ayudar a las organizaciones a comprobar si sus servidores Exchange han sido explotados por este fallo, GTSC ha publicado una guía y una herramienta para escanear los archivos de registro de IIS:
Ejecutar el comando de PowerShell:
Get-ChildItem -Recurse -Path <Path_IIS_Logs> -Filter "*.log" | Select-String -Pattern 'powershell.*autodiscover\.json.*\@.*200
Utilizar la herramienta NCSE0Scanner desarrollada por GTSC.

Descripción:
GTSC Cyber Security ha informado de una nueva campaña de ataque que explota 2 vulnerabilidades 0-day afectando a Microsoft Exchange Server, que fueron notificadas a Microsoft a través del programa ZDI de Trend Micro: ZDI-CAN-18333 (CVSS 8.8) y ZDI-CAN-18802 (CVSS 6.3). La explotación de estas vulnerabilidades podría permitir a un atacante ejecutar código remoto.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidades-0day-microsoft-exchange-server

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

https://www.helpnetsecurity.com/2022/09/30/cve-2022-41040-cve-2022-41082/

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.

An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/microsoft-releases-guidance-zero-day-vulnerabilities-microsoft

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/

Cisco Releases Security Updates for Multiple Products

Original release date: September 30, 2022

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisco-releases-security-updates-multiple-products

Drupal Releases Security Update

Original release date: September 30, 2022

Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.

CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/drupal-releases-security-update

Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41040

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040

Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-41082

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082

Cisco Releases Security Updates for Multiple Products
Original release date: October 06, 2022

https://www.cisa.gov/uscert/ncas/current-activity/2022/10/06/cisco-releases-security-updates-multiple-products

VMSA-2022-0025
CVSSv3 Range: 3.8-7.2
Issue Date: 2022-10-06
CVE(s): CVE-2022-31680, CVE-2022-31681

Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31680, CVE-2022-31681)

Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

https://www.vmware.com/security/advisories/VMSA-2022-0025.html

Múltiples vulnerabilidades en GLPI

Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0956
Importancia: 5 - Crítica

Recursos afectados:
GLPI, versiones anteriores a 9.5.9 o 10.0.3.

Descripción:
Se han identificados 2 vulnerabilidades de severidad crítica en GLPI, una de ellas en la librería de terceros HTMLAWED usada por GLPI, cuyas explotaciones podrían permitir a un atacante realizar inyección SQL y ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-glpi

Vulnerabilidad 0day de RCE en Zimbra Collaboration Suite

Fecha de publicación: 07/10/2022
Identificador: INCIBE-2022-0957
Importancia: 5 - Crítica

Recursos afectados:
Zimbra Collaboration Suite (ZCS), versiones 8.8.15 y 9.0 en las distribuciones de Linux:
Oracle Linux 8,
Red Hat Enterprise Linux 8,
Rocky Linux 8,
CentOS 8.

Descripción:
Rapid7 ha reportado una vulnerabilidad 0day de ejecución remota de código (RCE) en Zimbra Collaboration Suite (ZCS), que surge del uso inseguro de la utilidad cpio para analizar los correos electrónicos entrantes, específicamente del uso del motor antivirus de Zimbra (Amavis) en dicha utilidad.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-0day-rce-zimbra-collaboration-suite