Cisco Releases Security Advisories for Multiple Products

Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/02/cisco-releases-security-advisories-multiple-products

Apigee Edge - Moderately critical - Access bypass -

SA-CONTRIB-2023-005
Project: Apigee Edge
Date: 2023-February-01

Security risk:
Moderately critical 13∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

Description:
The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal.

Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places.

https://www.drupal.org/sa-contrib-2023-005

A HIGH-SEVERITY BUG IN F5 BIG-IP CAN LEAD TO CODE EXECUTION AND DOS

The flaw affects the following versions of BIG-IP:

F5 BIG-IP 17.0.0
F5 BIG-IP 16.1.2.2 – 16.1.3
F5 BIG-IP 15.1.5.1 – 15.1.8
F5 BIG-IP 14.1.4.6 – 14.1.5
F5 BIG-IP 13.1.5
“The most likely impact of a successful attack is to crash the server process. A skilled attacker could potentially develop a remote code execution exploit, which would run code on the F5 BIG-IP device as the root user.” continues Rapid7’s advisory.

https://securityaffairs.com/141728/security/f5-big-ip-bug.html

https://my.f5.com/manage/s/article/K000130415

Fallo de autenticación en productos Jira de Atlassian

Fecha de publicación: 03/02/2023
Identificador: INCIBE-2023-0039
Importancia: 5 - Crítica

Descripción:
Atlassian ha notificado una vulnerabilidad crítica de fallo de autenticación en Jira Service Management Server y Data Center, que podría permitir a un atacante suplantar a otro usuario y obtener acceso a una instancia de Jira Service Management.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/fallo-autenticacion-productos-jira-atlassian

OpenSSH fixes double-free memory bug that’s pokable over the network.

The open source operating system distribution OpenBSD is well-known amongst sysadmins, especially those who manage servers, for its focus on security over speed, features and fancy front-ends.

https://nakedsecurity.sophos.com/2023/02/03/openssh-fixes-double-free-memory-bug-thats-pokable-over-the-network/

Vulnerabilidad 0day en un plugin de Prestashop

Fecha de publicación: 06/02/2023
Importancia: 3 - Media

Recursos afectados:
Plugin M4 PDF para sitios web Prestashop, versiones 3.2.3 y anteriores.

Descripción:
Se han detectado dos vulnerabilidades de tipo 0day, una de criticidad media y otra de criticidad baja, que afectan al Plugin M4 PDF para sitios web Prestashop.

https://www.incibe.es/protege-tu-empresa/avisos-seguridad/vulnerabilidad-0day-plugin-prestashop

Boletín de seguridad de Android de febrero de 2023

Fecha de publicación: 07/02/2023
Identificador: INCIBE-2023-0043
Importancia: Crítica

Recursos afectados:
Android Open Source Project (AOSP): versiones 10, 11, 12, 12L y 13.
Componentes:
framework,
media framework,
system,
sistema de actualizaciones de Google Play,
kernel,
MediaTek,
Unisoc,
Qualcomm (incluidos closed-source).

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/boletin-seguridad-android-febrero-2023

Múltiples vulnerabilidades en OpenSSL
Fecha de publicación: 08/02/2023
Identificador: INCIBE-2023-0044
Importancia: 4 - Alta

Recursos afectados:
OpenSSL, versiones:
desde 3.0 hasta 3.0.7;
1.1.1;
1.0.2.

Descripción:
OpenSSL ha publicado un aviso que recoge 8 vulnerabilidades: 1 de severidad alta y 7 de severidad media, cuya explotación podría permitir a un atacante leer el contenido de la memoria, provocar una denegación de servicio, descifrar los datos de la aplicación enviados a través de una conexión o provocar un fallo en la aplicación.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-openssl-4

CISA Releases ESXiArgs Ransomware Recovery Script

Original release date: February 07, 2023

CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable.

CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to determine if it is fit for attempting to recover access to files in their environment.

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/07/cisa-releases-esxiargs-ransomware-recovery-script

Organizations can access the recovery script here:
https://github.com/cisagov/ESXiArgs-Recover

OpenSSL Releases Security Advisory

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information.

CISA encourages users and administrators to review the OpenSSL advisory and make the necessary updates.

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/09/openssl-releases-security-advisory

https://www.openssl.org/news/secadv/20230207.txt

Microsoft Releases February 2023 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2023-Feb

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
• Safari 16.3.1
• iOS 16.3.1 and iPadOS 16.3.1
• macOS 13.2.1

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/apple-releases-security-updates-multiple-products

Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/adobe-releases-security-updates-multiple-products

Múltiples vulnerabilidades en GitLab

Fecha de publicación: 15/02/2023
Identificador: INCIBE-2023-0055
Importancia: 5 - Crítica

Recursos afectados:
Las vulnerabilidades reportadas afectan a todas las versiones de GitLab Omnibus comprendidas entre los siguientes rangos:
versiones desde 14.1, hasta 15.6.7;
versiones desde 15.7, hasta 15.7.7;
versiones desde 15.8, hasta 15.8.2.

Descripción:
Joern Schneeweisz, de GitLab (CVE-2023-23946), y Yvvdwf (CVE-2023-22490), han reportado 2 vulnerabilidades de severidad media, que podrían permitir a un atacante ejecutar comandos arbitrarios y obtener información sensible.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-4

Múltiples vulnerabilidades en productos de Intel

Fecha de publicación: 15/02/2023
Identificador: INICBE-2023-0054
Importancia: 5 - Crítica

Recursos afectados:
Firmware BMC integrado anterior a las versiones 2.86, 2.09 y 2.78.
Firmware OpenBMC anterior a las versiones 0.72, wht-1.01-61 y egs-0.91-179.

Descripción:
Ignacio Hernández, Tomasz Bagniuk, Witold Kryszak y Piotr Dorozynski han reportado 5 vulnerabilidades: una de severidad crítica, otra de severidad alta y 3 de severidad media. Estas podrían permitir una escalada de privilegios o una denegación de servicio en los recursos afectados.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-intel-14

Actualización de seguridad de SAP de febrero de 2023

Fecha de publicación: 15/02/2023
Identificador: INCIBE-2023-0053
Importancia: 4 - Alta

Recursos afectados:
SAP Host Agent Service, versiones 7.21, 7.22.
SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP), versiones 420, 430.
SAP BusinessObjects Business Intelligence platform (CMC), versiones 420, 430.
El resto de productos afectados se pueden consultar en SAP Security Patch Day – Febrero 2023.

Descripción:
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-sap-febrero-2023

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

https://www.cisa.gov/uscert/ncas/current-activity/2023/02/16/cisco-releases-security-advisories-multiple-products

https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Múltiples vulnerabilidades en Git afectan a productos Atlassian

Fecha de publicación: 16/02/2023
Identificador: INCIBE-2023-0058
Importancia: 5 - Crítica

Recursos afectados:
Todas las versiones de los productos:
Bitbucket Server y Data Center,
Bamboo Server y Data Center,
Fisheye,
Crucible,
Sourcetree para Mac y Windows.

Descripción:
2 vulnerabilidades críticas en Git afectan a varios productos de Atlassian. La explotación de estas vulnerabilidades podría permitir a un atacante ejecutar código remoto.

https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-git-afectan-productos-atlassian

Microsoft: February updates break some Windows Server 2022 VMs

Microsoft says some Windows Server 2022 virtual machines might not boot up after installing updates released during this month's Patch Tuesday.

This known issue only impacts VMs with Secure Boot enabled running on vSphere ESXi 6.7 U2/U3 or vSphere ESXi 7.0.x.

"After installing KB5022842 on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up," Microsoft said.

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-updates-break-some-windows-server-2022-vms/

Microsoft SQL Server Remote Code Execution Vulnerability

CVE-2023-21528
Released: Feb 14, 2023
Last updated: Feb 16, 2023

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528