F5 fixed 2 high-severity Remote Code Execution bugs in its products.

Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products.

Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The experts also discovered several bypasses of security controls that the security vendor F5 does not recognize as exploitable vulnerabilities.

https://securityaffairs.co/wordpress/138631/security/2-rce-f5-products.html

Microsoft fixes bug behind Windows 10 freezes, desktop issues.

Microsoft has resolved a known issue triggering errors and temporarily causing the taskbar and desktop to disappear on Windows 10 systems.

The company also linked the same issue with instances where the users' devices would stop responding to input and freeze.

"You might experience an error in which the desktop or taskbar might momentarily disappear, or your device might become unresponsive," Microsoft explains on the Windows health dashboard.

The list of affected Windows platforms includes the following client releases: Windows 10 version 20H2, Windows 10 version 21H1, Windows 10 version 21H2, and Windows 10 version 22H2.

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-10-freezes-desktop-issues/

Bitbucket Server and Data Center- Command Injection Vulnerability - CVE-2022-43781

Summary of Vulnerability
This advisory discloses a critical severity security vulnerability introduced in version 7.0.0 of Bitbucket Server and Data Center. The following versions are affected by this vulnerability:

Bitbucket Data Center and Server 7.0 to 7.21

Bitbucket Data Center and Server 8.0 to 8.4 if mesh.enabled is set to false in bitbucket.properties

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system.

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-security-advisory-2022-11-16-1180141667.html

Crowd Security Advisory (November 2022)

CVE-2022-43782 - Critical security misconfiguration vulnerability

The vulnerability allows an attacker connecting from IP in the allow list to authenticate as the crowd application through bypassing a password check. This would allow the attacker to call privileged endpoints in Crowd's REST API under the usermanagement path. As explained above, it can only be exploited by IPs specified under the crowd application’s allowlist in the Remote Addresses configuration. To remediate the vulnerability, Atlassian recommends that you upgrade your instance to one of the fixed versions listed in the ‘Fixed Versions' section below.

https://confluence.atlassian.com/crowd/crowd-security-advisory-november-2022-1168866129.html

Security advisory: IBEXA-SA-2022-009
Critical vulnerabilities in GraphQL, role assignment, CT editing, and drafts tooltips

Publication date: 10/11/2022, 16:10

Severity: High

Affected versions: Ibexa DXP v3.3.*, v4.2.*, eZ Platform v2.5.*
Resolving versions: Ibexa DXP v3.3.28, v4.2.3, eZ Platform v2.5.31

GraphQL exposes sensitive data of certain users (CVE-2022-41876)

https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips

Autenticación incorrecta en Velneo vClient

Fecha de publicación: 23/11/2022
Identificador: INCIBE-2022-1017
Importancia: 4 - Alta

Recursos afectados:
Velneo vClient, versión 28.1.3.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/autenticacion-incorrecta-velneo-vclient

Múltiples vulnerabilidades en HPE Cloudline

Fecha de publicación: 23/11/2022
Identificador: INCIBE-2022-1026
Importancia: 5 - Crítica

Recursos afectados:
HPE Cloudline CL2200/CL2100 Gen10 Server, versiones anteriores a BMC 12.77.04.

Descripción:
Se han identificado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y 1 media, en distintos modelos de HPE Cloudline

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-hpe-cloudline

KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967

https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb

VMSA-2022-0029

CVSSv3 Range: 3.3
Issue Date: 2022-11-29

CVE(s): CVE-2022-31693

Synopsis:
VMware Tools for Windows update addresses a denial-of-service vulnerability (CVE-2021-31693)

https://www.vmware.com/security/advisories/VMSA-2022-0029.html

Múltiples vulnerabilidades en Lansweeper

Fecha de publicación: 02/12/2022
Identificador: INCIBE-2022-1040
Importancia: 5 - Crítica

Recursos afectados:
Lansweeper 10.1.1.0.

Descripción:
Marcin ‘Icewall’ Noga, investigador de Cisco Talos, ha descubierto 6 vulnerabilidades de severidad crítica en Lansweeper, cuya explotación podría permitir lectura y subida de archivos aleatorios o inyección de código JavaScript.

Solución:
Actualizar Lansweeper a una versión superior a 10.1.1.0.
Las reglas de SNORT 59990-59992, 59999-60000, 60001-60002, 60054-60056, 60142-60144 y 60219 detectan intentos de explotación contra estas vulnerabilidades.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-lansweeper-0

Bulletin (SB22-339)
Vulnerability Summary for the Week of November 28, 2022

https://www.cisa.gov/uscert/ncas/bulletins/sb22-339

Vulnerabilidad en el cliente web de TIBCO Nimbus

Fecha de publicación: 07/12/2022
Identificador: INICBE-2022-1042
Importancia: 5 - Crítica

Recursos afectados:
El cliente web de TIBCO Nimbus versión 10.5.0

Descripción:
TIBCO Nimbus ha comunicado una vulnerabilidad que permite que un atacante no autenticado con acceso a la red aproveche una vulnerabilidad de tipo redirección abierta en el sistema afectado.

Solución:
TIBCON Nimbus ha publicado la actualización 10.5.1 o posterior, que soluciona el problema.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-el-cliente-web-tibco-nimbus

VMSA-2022-0030

CVSSv3 Range: 4.2-7.5
Issue Date: 2022-12-08
Updated On: 2022-12-08 (Initial Advisory)
CVE(s): CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699

Synopsis:
VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699)
Impacted Products
VMware ESXi
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

Introduction
Multiple vulnerabilities in VMware ESXi and vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2022-0030.html

VMSA-2021-0025.5

CVSSv3 Range: 7.1
Issue Date: 2021-11-10
Updated On: 2022-12-08
CVE(s): CVE-2021-22048

Synopsis:
VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)

Impacted Products
VMware vCenter Server (vCenter Server)
VMware Cloud Foundation (Cloud Foundation)

Introduction
A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products.

https://www.vmware.com/security/advisories/VMSA-2021-0025.html

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.

https://thehackernews.com/2022/12/researchers-detail-new-attack-method-to.html

NodeBB prototype pollution flaw could lead to account takeover.

‘Not a prototype pollution vulnerability as you might normally understand it’

NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability that could allow attackers to impersonate other users and take over administrator accounts.

The vulnerability was caused by the mishandling of JavaScript’s flexibility in changing object prototypes at runtime.

https://portswigger.net/daily-swig/nodebb-prototype-pollution-flaw-could-lead-to-account-takeover

Trojanized OneNote Document Leads to Formbook Malware.

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service. Formbook malware can steal data from various web browsers and from other applications. This malware also has keylogging functionality and can take screenshots.

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/

SafeBreach Labs Researcher Discovers Multiple Zero-Day Vulnerabilities in Leading Endpoint Detection and Response (EDR) and Antivirus (AV) Solutions.

The vulnerabilities were used to develop an undetectable, next-generation wiper—dubbed the Aikido Wiper—with the potential to impact hundreds of millions of endpoints worldwide.

The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks. As part of my recent research, I uncovered multiple zero-day vulnerabilities that I was able to use to turn endpoint detection and response (EDR) and antivirus (AV) tools into next-generation wipers with the potential to impact hundreds of millions of endpoints all around the world.

https://www.safebreach.com/resources/blog/safebreach-labs-researcher-discovers-multiple-zero-day-vulnerabilities/

Sophos fixed a critical flaw in its Sophos Firewall version 19.5.

Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues.

Sophos has released security patches to address seven vulnerabilities in Sophos Firewall version 19.5, including some arbitrary code execution bugs.

The most severe issue addressed by the security vendor is a critical code injection vulnerability tracked as CVE-2022-3236.

https://securityaffairs.co/wordpress/139362/security/sophos-firewall-critical-flaw.html

Desbordamiento de búfer en productos Fortinet

Fecha de publicación: 13/12/2022
Identificador: INCIBE-2022-1050
Importancia: 5 - Crítica

Recursos afectados:
FortiOS, versiones:
desde 7.2.0 hasta 7.2.2;
desde 7.0.0 hasta 7.0.8;
desde 6.4.0 hasta 6.4.10;
desde 6.2.0 hasta 6.2.11.
FortiOS-6K7K, versiones:
desde 7.0.0 hasta 7.0.7;
desde 6.4.0 hasta 6.4.9;
desde 6.2.0 hasta 6.2.11;
desde 6.0.0 hasta 6.0.14.

Descripción:
Fortinet ha reportado una vulnerabilidad crítica de desbordamiento de búfer en FortiOS SSL-VPN, que podría permitir a un atacante remoto, no autenticado, ejecutar código o comandos arbitrarios a través de solicitudes maliciosas.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/desbordamiento-bufer-productos-fortinet

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway

Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.

CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems.

https://www.cisa.gov/uscert/ncas/current-activity/2022/12/13/citrix-releases-security-updates-citrix-adc-citrix-gateway