Edición arbitraria de ficheros con sudo

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0022
Importancia: 4 - Alta

Recursos afectados:
Versiones de Sudo 1.8.0 a 1.9.12p1, ambas incluidas.

Descripción:
Se ha conocido un fallo en la opción -e de sudo (también conocida como sudoedit), que permite a un usuario malicioso con privilegios de sudoedit editar archivos arbitrarios, pudiendo permitir una escalada de privilegios.

Solución:
Se recomienda actualizar a la versión 1.9.12p2

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/edicion-arbitraria-ficheros-sudo

Vulnerabilidad crítica en Drupal

Fecha de publicación: 19/01/2023
Identificador: INCIBE-2023-0023
Importancia: 5 - Crítica

Recursos afectados:
Versiones comprendidas entre la 8.0.0 (incluida) hasta la 9.4.10 (no incluida).
Versiones comprendidas entre la 9.5.0 (incluida) hasta la 9.5.2 (no incluida).
Versiones comprendidas entre la 10.0.0 (incluida) hasta la 10.0.2 (no incluida).

Descripción:
El equipo de seguridad de Drupal ha publicado una actualización para Drupal 10.0, 9.5 y 9.4 que corrige una vulnerabilidad crítica en el núcleo.

Solución:
Se recomienda actualizar a la última versión:
Para Drupal 10.0, actualiza a Drupal 10.0.2.
Para Drupal 9.5, actualiza a Drupal 9.5.2.
Para Drupal 9.4, actualiza a Drupal 9.4.10.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-critica-drupal

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

https://securityaffairs.com/141007/hacking/microsoft-azure-emojideploy-rce.html

EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.

Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced

Cisco Unified Communications Manager SQL Injection Vulnerability

Advisory ID:
cisco-sa-cucm-sql-rpPczR8n

First Published:
2023 January 18 16:00 GMT
Version 1.0: Final

Workarounds: No workarounds available
Cisco Bug IDs:
CSCwb37205 CSCwb37563
CVE-2023-20010

CVSS Score: Base 8.1


Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

Vulnerable Products
This vulnerability affects the following Cisco products:

Unified CM
Unified CM SME
For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n

Over 19,000 end-of-life Cisco routers exposed to RCE attacks.

Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.

By chaining two security flaws disclosed last week, threat actors can bypass authentication (CVE-2023-20025) and execute arbitrary commands (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.

Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers' web-based management interface to gain root access.

https://www.bleepingcomputer.com/news/security/over-19-000-end-of-life-cisco-routers-exposed-to-rce-attacks/

VMSA-2023-0001

CVSSv3 Range:5.3-9.8
Issue Date:2023-01-24
CVE(s):
CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711

Synopsis:
VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Apple Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products

.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089

Microsoft is releasing this security advisory to provide information about a vulnerability in the versions of .NET used in PowerShell 7.2 and 7.3. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A remote code execution vulnerability exists in .NET 6.0 which is used in PowerShell 7.2, and .NET 7.0 which is used in PowerShell 7.3, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.

The vulnerability affects PowerShell 7 prior to the following versions:
PowerShell 7 Version Fixed in
7.2 7.2.9
7.3 7.3.2

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089

Múltiples vulnerabilidades en BIND

Fecha de publicación: 26/01/2023
Identificador: INCIBE-2023-0026
Importancia: 4 - Alta

Descripción:
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.

Solución:
Internet Systems Consortium (ISC) recomienda actualizar las versiones de BIND afectadas a la última versión disponible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-4

Ruby on Rails apps vulnerable to data theft through Ransack search.

Several applications were vulnerable to brute-force attacks; hundreds more could be at risk

Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.

https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search

Critical Vulnerability Impacts Over 120 Lexmark Printers.

[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.

https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/

Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms.

https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/

Massive Microsoft 365 outage caused by WAN router IP change.

https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/

Vulnerabilidad que afecta a los dispositivos QNAP

Fecha de publicación: 30/01/2023
Importancia: 5 - Crítica

Recursos afectados:
Dispositivos de QNAP con versiones:
QTS 5.0.1;
QuTS hero h5.0.1.
Descripción:
QNAP ha detectado una vulnerabilidad de severidad crítica que afecta a los dispositivos detallados anteriormente.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-afecta-los-dispositivos-qnap

Ejecución remota de código en múltiples productos ManageEngine

Fecha de publicación: 31/01/2023
Identificador: INCIBE-2023-0033
Importancia: 5 - Crítica

Descripción:
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no autenticado, ejecutar código arbitrario en múltiples productos de ManageEngine cuando se cumplen los criterios sobre SAML SSO citados anteriormente.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-manageengine

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

VMSA-2023-0001.1

CVSSv3 Range: 5.3-9.8
Issue Date:2023-01-24
Updated On:2023-01-31

CVE(s):
CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711

Impacted Products
VMware vRealize Log Insight

https://www.vmware.com/security/advisories/VMSA-2023-0001.html

VMSA-2023-0002

CVSSv3 Range:6.5
Issue Date:2023-01-31

CVE(s):
CVE-2023-20856

Synopsis:
VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)

Impacted Products
VMware vRealize Operations (vROps)

https://www.vmware.com/security/advisories/VMSA-2023-0002.html

.NET Framework Information Disclosure Vulnerability
CVE-2022-41064

Released: Nov 8, 2022
Last updated: Feb 1, 2023

v3.0
In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064

Vulnerabilidad de inyección de comandos en Cisco IOx

Fecha de publicación: 02/02/2023
Identificador: INCIBE-2023-0036
Importancia: 4 - Alta

Recursos afectados:
La vulnerabilidad afecta a los siguientes productos de Cisco, siempre y cuando cuenten con la función Cisco IOx activada y no tengan soporte nativo de docker:
Dispositivos Cisco que cuenten con el software Cisco IOS XE.
Dispositivos Cisco que cuenten con una versión de software vulnerable:
800 Series Industrial ISRs;
Catalyst Access Points (COS-APs);
CGR1000 Compute Modules;
IC3000 Industrial Compute Gateways (versión de software inferior a la 1.2.1);
IR510 WPAN Industrial Routers.
Para más información acerca de las versiones concretas de software vulnerables, visitar el siguiente aviso.

Descripción:
Sam Quinn y Kasimir Schulz, del Centro de Investigación Avanzada de Trellix, han reportado una vulnerabilidad de severidad alta, que podría permitir a un atacante remoto, no autenticado, ejecutar comandos arbitrarios como root.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-comandos-cisco-iox

VMSA-2023-0003

CVSSv3 Range: 7.8
Issue Date: 2023-02-02
CVE(s): CVE-2023-20854

Synopsis:
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)

Impacted Products
VMware Workstation

https://www.vmware.com/security/advisories/VMSA-2023-0003.html