Múltiples vulnerabilidades en productos de Cisco

Fecha de publicación: 12/01/2023
Identificador: INCIBE-2023-0009
Importancia: 5 - Crítica

Recursos afectados:
Cisco RV Series Small Business Routers:
RV016 Multi-WAN VPN,
RV042 Dual WAN VPN,
RV042G Dual Gigabit WAN VPN,
RV082 Dual WAN VPN.
IP Phone 7800 y 8800 Series.
Cisco Industrial Network Director (IND).
Cisco BroadWorks Application Delivery Platform Device Management Software.
Cisco BroadWorks Xtended Services Platform.

Descripción:
Cisco ha publicado 6 vulnerabilidades, 1 de severidad crítica, 3 alta y 2 medias, que afectan a varios productos.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-85

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms.

CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/drupal-releases-security-update-address-vulnerability-private

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/12/juniper-networks-releases-security-updates-multiple-products

Actualizaciones críticas en Oracle (enero 2023)

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0019
Importancia: 5 - Crítica

Descripción:
Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades que afectan a múltiples productos.

Solución:
Aplicar los parches correspondientes, según los productos afectados. La información para descargar las actualizaciones puede obtenerse del boletín de seguridad publicado por Oracle.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-enero-2023

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 18/01/2023
Identificador: INCIBE-2023-0020
Importancia: 5 - Crítica

Recursos afectados:
Versiones anteriores a 15.7.5, 15.6.6 y 15.5.9 de GitLab Community Edition (CE) y Enterprise Edition (EE). Todos los tipos de despliegue (omnibus, source code, helm chart, etc.) están afectados.

Descripción:
GitLab ha informado de dos vulnerabilidades que afectan a GitLab Community Edition (CE) y Enterprise Edition (EE) que permitirían en ambos casos un desbordamiento de enteros, lo que podría provocar una ejecución remota de código.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-3

Edición arbitraria de ficheros con sudo

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta

Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.

Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.

Solución:
Se recomienda actualizar a la versión 1.9.12p2

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo

Vulnerabilidad crítica en Drupal

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica

Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).

Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.

Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html

EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.

Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced

Cisco Unified Communications Manager SQL Injection Vulnerability

Advisory ID:
cisco-sa-cucm-sql-rpPczR8n

First Published:
2023 January 18 16:00 GMT
Version 1.0: Final

Workarounds: No workarounds available
Cisco Bug IDs:
CSCwb37205 CSCwb37563
CVE-2023-20010

CVSS Score: Base 8.1


Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

Vulnerable Products
This vulnerability affects the following Cisco products:

Unified CM
Unified CM SME
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n

Over 19,000 end-of-life Cisco routers exposed to RCE attacks.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.

By chaining two security flaws disclosed last week, threat actors can bypass authentication (CVE-2023-20025) and execute arbitrary commands (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers' web-based management interface to gain root access.

https://www.bleepingcomputer.com/news/security/over-19-000-end-of-life-cisco-routers-exposed-to-rce-attacks/

VMSA-2023-0001

CVSSv3 Range:5.3-9.8
Issue Date:2023-01-24
CVE(s):
CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711

Synopsis:
VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Apple Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products

.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089

Microsoft is releasing this security advisory to provide information about a vulnerability in the versions of .NET used in PowerShell 7.2 and 7.3. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A remote code execution vulnerability exists in .NET 6.0 which is used in PowerShell 7.2, and .NET 7.0 which is used in PowerShell 7.3, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

The vulnerability affects PowerShell 7 prior to the following versions:
PowerShell 7 Version Fixed in
7.2 7.2.9
7.3 7.3.2

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089

Múltiples vulnerabilidades en BIND

Fecha de publicación: 26/01/2023
Identificador: INCIBE-2023-0026
Importancia: 4 - Alta

Descripción:
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.

Solución:
Internet Systems Consortium (ISC) recomienda actualizar las versiones de BIND afectadas a la última versión disponible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-4

Ruby on Rails apps vulnerable to data theft through Ransack search.

Several applications were vulnerable to brute-force attacks; hundreds more could be at risk

Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.

https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search

Critical Vulnerability Impacts Over 120 Lexmark Printers.

[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.

https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/

Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms.

https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/

Massive Microsoft 365 outage caused by WAN router IP change.

https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/

Vulnerabilidad que afecta a los dispositivos QNAP

Fecha de publicación: 30/01/2023
Importancia: 5 - Crítica

Recursos afectados:
Dispositivos de QNAP con versiones:
QTS 5.0.1;
QuTS hero h5.0.1.
Descripción:
QNAP ha detectado una vulnerabilidad de severidad crítica que afecta a los dispositivos detallados anteriormente.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-afecta-los-dispositivos-qnap

Ejecución remota de código en múltiples productos ManageEngine

Fecha de publicación: 31/01/2023
Identificador: INCIBE-2023-0033
Importancia: 5 - Crítica

Descripción:
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no autenticado, ejecutar código arbitrario en múltiples productos de ManageEngine cuando se cumplen los criterios sobre SAML SSO citados anteriormente.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-manageengine

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html