Over 19,000 end-of-life Cisco routers exposed to RCE attacks.
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
By chaining two security flaws disclosed last week, threat actors can bypass authentication (CVE-2023-20025) and execute arbitrary commands (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.
Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers' web-based management interface to gain root access.
https://www.bleepingcomputer.com/news/security/over-19-000-end-of-life-cisco-routers-exposed-to-rce-attacks/
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
By chaining two security flaws disclosed last week, threat actors can bypass authentication (CVE-2023-20025) and execute arbitrary commands (CVE-2023-2002) on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.
Unauthenticated attackers can exploit the critical severity auth bypass flaw remotely via specially crafted HTTP requests sent to the vulnerable routers' web-based management interface to gain root access.
https://www.bleepingcomputer.com/news/security/over-19-000-end-of-life-cisco-routers-exposed-to-rce-attacks/
BleepingComputer
Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
VMSA-2023-0001
CVSSv3 Range:5.3-9.8
Issue Date:2023-01-24
CVE(s):
CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711
Synopsis:
VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
CVSSv3 Range:5.3-9.8
Issue Date:2023-01-24
CVE(s):
CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711
Synopsis:
VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711)
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
Apple Releases Security Updates for Multiple Products
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/24/apple-releases-security-updates-multiple-products
www.cisa.gov
Apple Releases Security Updates for Multiple Products | CISA
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page…
.NET Framework Remote Code Execution Vulnerability
CVE-2022-41089
Microsoft is releasing this security advisory to provide information about a vulnerability in the versions of .NET used in PowerShell 7.2 and 7.3. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote code execution vulnerability exists in .NET 6.0 which is used in PowerShell 7.2, and .NET 7.0 which is used in PowerShell 7.3, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
The vulnerability affects PowerShell 7 prior to the following versions:
PowerShell 7 Version Fixed in
7.2 7.2.9
7.3 7.3.2
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
CVE-2022-41089
Microsoft is releasing this security advisory to provide information about a vulnerability in the versions of .NET used in PowerShell 7.2 and 7.3. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote code execution vulnerability exists in .NET 6.0 which is used in PowerShell 7.2, and .NET 7.0 which is used in PowerShell 7.3, where a malicious actor could cause a user to run arbitrary code as a result of parsing maliciously crafted xps files.
The vulnerability affects PowerShell 7 prior to the following versions:
PowerShell 7 Version Fixed in
7.2 7.2.9
7.3 7.3.2
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
Múltiples vulnerabilidades en BIND
Fecha de publicación: 26/01/2023
Identificador: INCIBE-2023-0026
Importancia: 4 - Alta
Descripción:
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.
Solución:
Internet Systems Consortium (ISC) recomienda actualizar las versiones de BIND afectadas a la última versión disponible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-4
Fecha de publicación: 26/01/2023
Identificador: INCIBE-2023-0026
Importancia: 4 - Alta
Descripción:
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.
Solución:
Internet Systems Consortium (ISC) recomienda actualizar las versiones de BIND afectadas a la última versión disponible.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-bind-4
INCIBE-CERT
Múltiples vulnerabilidades en BIND
Se han notificado 4 vulnerabilidades de severidad alta en BIND y BIND Supported Preview Edition.
Ruby on Rails apps vulnerable to data theft through Ransack search.
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.
https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Poor integration of the Ransack library into Ruby on Rails (RoR) applications could allow attackers to steal information from backend databases, security firm Positive Security has warned.
https://portswigger.net/daily-swig/ruby-on-rails-apps-vulnerable-to-data-theft-through-ransack-search
The Daily Swig | Cybersecurity news and views
Ruby on Rails apps vulnerable to data theft through Ransack search
Several applications were vulnerable to brute-force attacks; hundreds more could be at risk
Critical Vulnerability Impacts Over 120 Lexmark Printers.
[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.
https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/
[...]
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.
https://www.securityweek.com/critical-vulnerability-impacts-over-120-lexmark-printers/
SecurityWeek
Critical Vulnerability Impacts Over 120 Lexmark Printers
Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.
Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms.
https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/
https://unit42.paloaltonetworks.com/kubernetes-privilege-escalation/
Unit 42
Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms
We recap our research on privilege escalation and powerful permissions in Kubernetes and analyze the ways various platforms have addressed it.
Massive Microsoft 365 outage caused by WAN router IP change.
https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/
https://www.bleepingcomputer.com/news/microsoft/massive-microsoft-365-outage-caused-by-wan-router-ip-change/
BleepingComputer
Massive Microsoft 365 outage caused by WAN router IP change
Microsoft says this week's five-hour-long Microsoft 365 worldwide outage was caused by a router IP address change that led to packet forwarding issues between all other routers in its Wide Area Network (WAN).
Vulnerabilidad que afecta a los dispositivos QNAP
Fecha de publicación: 30/01/2023
Importancia: 5 - Crítica
Recursos afectados:
Dispositivos de QNAP con versiones:
QTS 5.0.1;
QuTS hero h5.0.1.
Descripción:
QNAP ha detectado una vulnerabilidad de severidad crítica que afecta a los dispositivos detallados anteriormente.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-afecta-los-dispositivos-qnap
Fecha de publicación: 30/01/2023
Importancia: 5 - Crítica
Recursos afectados:
Dispositivos de QNAP con versiones:
QTS 5.0.1;
QuTS hero h5.0.1.
Descripción:
QNAP ha detectado una vulnerabilidad de severidad crítica que afecta a los dispositivos detallados anteriormente.
https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-afecta-los-dispositivos-qnap
Ejecución remota de código en múltiples productos ManageEngine
Fecha de publicación: 31/01/2023
Identificador: INCIBE-2023-0033
Importancia: 5 - Crítica
Descripción:
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no autenticado, ejecutar código arbitrario en múltiples productos de ManageEngine cuando se cumplen los criterios sobre SAML SSO citados anteriormente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-manageengine
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
Fecha de publicación: 31/01/2023
Identificador: INCIBE-2023-0033
Importancia: 5 - Crítica
Descripción:
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no autenticado, ejecutar código arbitrario en múltiples productos de ManageEngine cuando se cumplen los criterios sobre SAML SSO citados anteriormente.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-multiples-productos-manageengine
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
INCIBE-CERT
Ejecución remota de código en múltiples productos ManageEngine
El investigador Khoadha, de Viettel Cyber Security, ha reportado a través del programa bug bounty del fabricante, una vulnerabilidad de severidad crítica que podría permitir a un atacante, no
SysAdmin 24x7
VMSA-2023-0001 CVSSv3 Range:5.3-9.8 Issue Date:2023-01-24 CVE(s): CVE-2022-31703, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711 Synopsis: VMware vRealize Log Insight latest updates address multiple security vulnerabilities (CVE-2022-31703, CVE-2022-31704…
VMSA-2023-0001.1
CVSSv3 Range: 5.3-9.8
Issue Date:2023-01-24
Updated On:2023-01-31
CVE(s):
CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711
Impacted Products
VMware vRealize Log Insight
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
CVSSv3 Range: 5.3-9.8
Issue Date:2023-01-24
Updated On:2023-01-31
CVE(s):
CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711
Impacted Products
VMware vRealize Log Insight
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
VMSA-2023-0002
CVSSv3 Range:6.5
Issue Date:2023-01-31
CVE(s):
CVE-2023-20856
Synopsis:
VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)
Impacted Products
VMware vRealize Operations (vROps)
https://www.vmware.com/security/advisories/VMSA-2023-0002.html
CVSSv3 Range:6.5
Issue Date:2023-01-31
CVE(s):
CVE-2023-20856
Synopsis:
VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)
Impacted Products
VMware vRealize Operations (vROps)
https://www.vmware.com/security/advisories/VMSA-2023-0002.html
VMware
VMSA-2023-0002
VMware vRealize Operations (vROps) update addresses a CSRF bypass vulnerability (CVE-2023-20856)
.NET Framework Information Disclosure Vulnerability
CVE-2022-41064
Released: Nov 8, 2022
Last updated: Feb 1, 2023
v3.0
In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064
CVE-2022-41064
Released: Nov 8, 2022
Last updated: Feb 1, 2023
v3.0
In the Security Updates table, added .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 installed on supported editions of Windows Server 2016 and Windows 10 version 1607 as these versions of Windows with .NET Framework AND 4.6.2/4.7/4.7.1/4.7.2 installed are affected by this vulnerability. Customers running these versions of .NET Framework should install the November 2022 security updates to be protected from this vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064
Vulnerabilidad de inyección de comandos en Cisco IOx
Fecha de publicación: 02/02/2023
Identificador: INCIBE-2023-0036
Importancia: 4 - Alta
Recursos afectados:
La vulnerabilidad afecta a los siguientes productos de Cisco, siempre y cuando cuenten con la función Cisco IOx activada y no tengan soporte nativo de docker:
Dispositivos Cisco que cuenten con el software Cisco IOS XE.
Dispositivos Cisco que cuenten con una versión de software vulnerable:
800 Series Industrial ISRs;
Catalyst Access Points (COS-APs);
CGR1000 Compute Modules;
IC3000 Industrial Compute Gateways (versión de software inferior a la 1.2.1);
IR510 WPAN Industrial Routers.
Para más información acerca de las versiones concretas de software vulnerables, visitar el siguiente aviso.
Descripción:
Sam Quinn y Kasimir Schulz, del Centro de Investigación Avanzada de Trellix, han reportado una vulnerabilidad de severidad alta, que podría permitir a un atacante remoto, no autenticado, ejecutar comandos arbitrarios como root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-comandos-cisco-iox
Fecha de publicación: 02/02/2023
Identificador: INCIBE-2023-0036
Importancia: 4 - Alta
Recursos afectados:
La vulnerabilidad afecta a los siguientes productos de Cisco, siempre y cuando cuenten con la función Cisco IOx activada y no tengan soporte nativo de docker:
Dispositivos Cisco que cuenten con el software Cisco IOS XE.
Dispositivos Cisco que cuenten con una versión de software vulnerable:
800 Series Industrial ISRs;
Catalyst Access Points (COS-APs);
CGR1000 Compute Modules;
IC3000 Industrial Compute Gateways (versión de software inferior a la 1.2.1);
IR510 WPAN Industrial Routers.
Para más información acerca de las versiones concretas de software vulnerables, visitar el siguiente aviso.
Descripción:
Sam Quinn y Kasimir Schulz, del Centro de Investigación Avanzada de Trellix, han reportado una vulnerabilidad de severidad alta, que podría permitir a un atacante remoto, no autenticado, ejecutar comandos arbitrarios como root.
https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-comandos-cisco-iox
INCIBE-CERT
Vulnerabilidad de inyección de comandos en Cisco IOx
Sam Quinn y Kasimir Schulz, del Centro de Investigación Avanzada de Trellix, han reportado una vulnerabilidad de severidad alta, que podría permitir a un atacante remoto, no autenticado, ejecutar
VMSA-2023-0003
CVSSv3 Range: 7.8
Issue Date: 2023-02-02
CVE(s): CVE-2023-20854
Synopsis:
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
Impacted Products
VMware Workstation
https://www.vmware.com/security/advisories/VMSA-2023-0003.html
CVSSv3 Range: 7.8
Issue Date: 2023-02-02
CVE(s): CVE-2023-20854
Synopsis:
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
Impacted Products
VMware Workstation
https://www.vmware.com/security/advisories/VMSA-2023-0003.html
Password-stealing “vulnerability” reported in KeePass – bug or feature?
It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all.
https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/
It’s been a newsworthy few weeks for password managers – those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all.
https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/
Sophos News
Password-stealing “vulnerability” reported in KeePass – bug or feature?
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
New HeadCrab malware infects 1,200 Redis servers to mine Monero.
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
https://www.bleepingcomputer.com/news/security/new-headcrab-malware-infects-1-200-redis-servers-to-mine-monero/
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
https://www.bleepingcomputer.com/news/security/new-headcrab-malware-infects-1-200-redis-servers-to-mine-monero/
BleepingComputer
New HeadCrab malware infects 1,200 Redis servers to mine Monero
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet that mines for Monero cryptocurrency.
GitHub code-signing certificates stolen (but will be revoked this week)
https://nakedsecurity.sophos.com/2023/01/31/github-code-signing-certificates-stolen-but-will-be-revoked-this-week/
https://nakedsecurity.sophos.com/2023/01/31/github-code-signing-certificates-stolen-but-will-be-revoked-this-week/
Naked Security
GitHub code-signing certificates stolen (but will be revoked this week)
There was a breach, so the bad news isn’t great, but the good news isn’t too bad…
Forwarded from Una al día
Vulnerabilidad zero-day en AWS Glue
https://unaaldia.hispasec.com/2023/02/vulnerabilidad-zero-day-en-aws-glue.html?utm_source=rss&utm_medium=rss&utm_campaign=vulnerabilidad-zero-day-en-aws-glue
https://unaaldia.hispasec.com/2023/02/vulnerabilidad-zero-day-en-aws-glue.html?utm_source=rss&utm_medium=rss&utm_campaign=vulnerabilidad-zero-day-en-aws-glue
Una al Día
Vulnerabilidad zero-day en AWS Glue
Una vulnerabilidad zero-day permitía a potenciales atacantes abusar del servicio AWS Glue para acceder a recursos de otros clientes.
Cisco Releases Security Advisories for Multiple Products
Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/cisco-releases-security-advisories-multiple-products
Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/cisco-releases-security-advisories-multiple-products