Actualización de seguridad de SAP de enero de 2023

Fecha de publicación: 11/01/2023
Identificador: INCIBE-2023-0007
Importancia: 5 - Crítica

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

Solución:
Visitar el portal de soporte de SAP e instalar las actualizaciones o los parches necesarios, según indique el fabricante.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-enero-2023

Actively Exploiting Critical "Control Web Panel" RCE Vulnerability

Control Web Panel or CentOS Web Panel - CVE-2022-44877

Base Score: 9.8 CRITICAL

Description
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.

https://nvd.nist.gov/vuln/detail/CVE-2022-44877


Current Versions: CWP6: 0.9.8.943 (EOL) / CWP7: 0.9.8.1148
CWP for CentOS 7 is recommended version.
CWP7+ compatible with CentOS Linux 8, CentOS Stream, Alma Linux , Rocky Linux and Oracle Linux

https://control-webpanel.com/changelog#1669855527714-450fb335-6194

Múltiples vulnerabilidades en productos de Cisco

Fecha de publicación: 12/01/2023
Identificador: INCIBE-2023-0009
Importancia: 5 - Crítica

Recursos afectados:
Cisco RV Series Small Business Routers:
RV016 Multi-WAN VPN,
RV042 Dual WAN VPN,
RV042G Dual Gigabit WAN VPN,
RV082 Dual WAN VPN.
IP Phone 7800 y 8800 Series.
Cisco Industrial Network Director (IND).
Cisco BroadWorks Application Delivery Platform Device Management Software.
Cisco BroadWorks Xtended Services Platform.

Descripción:
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-85

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.

CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/drupal-releases-security-update-address-vulnerability-private

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products

Actualizaciones críticas en Oracle (enero 2023)

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0019
Importancia: 5 - Crítica

Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.

Solución:
Aplicar los parches correspondientes, según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-enero-2023

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0020
Importancia: 5 - Crítica

Recursos afectados:
Versiones anteriores a 15.7.5, 15.6.6 y 15.5.9 de GitLab Community Edition (CE) y Enterprise Edition (EE). Todos los tipos de despliegue (omnibus, source code, helm chart, etc.) están afectados.

Descripción:
GitLab ha informado de dos vulnerabilidades que afectan a GitLab Community Edition (CE) y Enterprise Edition (EE) que permitirían en ambos casos un desbordamiento de enteros, lo que podría provocar una ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-3

Edición arbitraria de ficheros con sudo

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta

Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.

Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.

Solución:
Se recomienda actualizar a la versión 1.9.12p2

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo

Vulnerabilidad crítica en Drupal

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica

Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).

Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.

Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html

EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.

Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced

Cisco Unified Communications Manager SQL Injection Vulnerability

Advisory ID:
cisco-sa-cucm-sql-rpPczR8n

First Published:
2023 January 18 16:00 GMT
Version 1.0: Final

Workarounds: No workarounds available
Cisco Bug IDs:
CSCwb37205 CSCwb37563
CVE-2023-20010

CVSS Score: Base 8.1


Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

Vulnerable Products
This vulnerability affects the following Cisco products:

Unified CM
Unified CM SME
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n

Over 19,000 end-of-life Cisco routers exposed to RCE attacks.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.

By chaining two security flaws disclosed last week, threat actors can bypass authentication (CVE-2023-20025) and execute arbitrary commands (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers' web-based management interface to gain root access.

https://www.bleepingcomputer.com/news/security/over-19-000-end-of-life-cisco-routers-exposed-to-rce-attacks/

VMSA-2023-0001

CVSSv3 Range:5.3-9.8
Issue Date:2023-01-24
CVE(s):
CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711

Synopsis:
VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Apple Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products

.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089

Microsoft is releasing this security advisory to provide information about a vulnerability in the versions of .NET used in PowerShell 7.2 and 7.3. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A remote code execution vulnerability exists in .NET 6.0 which is used in PowerShell 7.2, and .NET 7.0 which is used in PowerShell 7.3, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

The vulnerability affects PowerShell 7 prior to the following versions:
PowerShell 7 Version Fixed in
7.2 7.2.9
7.3 7.3.2

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089

Múltiples vulnerabilidades en BIND

Fecha de publicación: 26/01/2023
Identificador: INCIBE-2023-0026
Importancia: 4 - Alta

Descripción:
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.

Solución:
Internet Systems Consortium (ISC) recomienda actualizar las versiones de BIND afectadas a la última versión disponible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-4

Ruby on Rails apps vulnerable to data theft through Ransack search.

Several applications were vulnerable to brute-force attacks; hundreds more could be at risk

Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.

https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search

Critical Vulnerability Impacts Over 120 Lexmark Printers.

[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.

https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/

Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms.

https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/

Massive Microsoft 365 outage caused by WAN router IP change.

https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/