Preface: The product of MatrixSSL is used by many companies. Since MatrixSSL design in low memory footprint.
Whereby, they can partner with smart city infrastructure and IoT devices.

Vulnerability details: A vulnerability in MatrixSSL could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

Our speculation:

1. x509 is the name for certificates which are defined for informal internet electronic mail, IPsec, and WWW applications.
2. X.509 original ver 1, and then a ver 2. But now we use the version 3.
3. Reading the corresponding RFC the structure shown as below:
   Certificate ::= SEQUENCE {
   tbsCertificate TBSCertificate,
   signatureAlgorithm AlgorithmIdentifier,
   signatureValue BIT STRING }
4. Above are ASN.1 structures.
5. If attacker send a crafted certificate to the targeted system.
6. An error in parsing a maliciously formatted ASN.1 Bit Field primitive could cause a crash due to a memory read beyond allocated memory.

Vendor release software updates – https://github.com/matrixssl/matrixssl/releases

Preface: Cyber attack similar real world. There are different types of ideas and concepts in the world make humans become extreme. So we have war and different arguments. Besides, there are bacteria and virus try to infect our body. Kernel like tiny world, they also hits above circumstances.

Vulnerability details:

CVE-2019-10639 – Linux Kernel IP ID Values Information Disclosure Vulnerability. The vulnerability exists because it is possible to extract the Kernel Address Space Layout Randomization (KASLR) kernel image offset of the affected software using the IP ID values that the kernel produces for connectionless protocols.

CVE-2019-10638 – Linux Kernel Connectionless Protocols IP ID Values Information Disclosure Vulnerability. The vulnerability exists because the affected software uses the IP ID values that the kernel produces for connectionless protocols.

Reference: The IDR provides the ability to map an ID to a pointer, while the IDA provides only ID allocation, and as a result is much more memory-efficient.

CVE-2018-20815 – The vulnerability is due to buffer errors in the deprecated load_image function, as defined in the device_tree.c source code file of the affected software.

Summary: The impact of above vulnerability especially CVE-2018-20815, a large footprint of impact to virtual machine software provider. IP ID Values Information Disclosure Vulnerabilities has been addressed by Kernel.org.
But Linux user must staying alert.

CVE-2019-10638, CVE-2019-10639 – https://www.kernel.org/

CVE-2018-20815 – https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17

Preface:The cloud can be managed with a web-based dashboard or command-line clients, which allow administrators to control.At the same time it lures the arrival of cyber attackers.

Product background: Red Hat OpenStack Platform provides the foundation to build a private or public Infrastructure-as-a-Service (IaaS) cloud on top of Red Hat Enterprise Linux.

Vulnerability details:

A SQL-injection vulnerability was found in openstack-ironic-inspector’s node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results
An attacker could exploit this vulnerability by submitting malicious introspection data to the targeted system. A successful exploit could allow the attacker to conduct SQL injection attacks on the targeted system.

Remediation: Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.

Preface: Switched Fabric or switching fabric is a network topology in which network nodes interconnect via one or more network switches.

What is Cisco ACI? – Cisco ACI is a tightly coupled policy-driven solution that integrates software and hardware. The hardware for Cisco ACI is based on the Cisco Nexus 9000 family of switches. The software and integration points for ACI include a few components, including Additional Data Center Pod, Data Center Policy Engine, and Non-Directly Attached Virtual and Physical Leaf Switches.

Vulnerability background & details: 802.1AB(LLDP) build in May 2005. LLDP was developed as an open and extendable standard. It was modeled on and borrowed concepts from the numerous vendor proprietary discovery protocols such as Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP) and others. At that time cyber security not as serious today. So the design weakness extend till today and causes an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN.

We seen the impact posted by Cisco. They state that if strict mode is configured, this vulnerability cannot be exploited. Strict mode enforces further firmware security checks before allowing a connection.

Remark: Only Cisco Discovery Protocol provides an additional capability not found in LLDP-MED that allows the switch to extend trust to the phone. That is the phone will be trusted to mark the packets received on the PC port accordingly.

Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass

Preface: ESXi is not built upon the Linux kernel, but uses an own VMware proprietary kernel (the VMkernel) and software, and it misses most of the applications and components that are commonly found in all Linux distributions.

In common Linux circumstances to avoid SACK vulnerabilities. The workaround are:

CVE-2019-11477
Workground – Disable sack:
sudo sysctl -w net.ipv4.tcp_sack=0

CVE-2019-11478
Workground – Disable sack:
sudo sysctl -w net.ipv4.tcp_sack=0

CVE-2019-11479
Filter command:
Sudo iptables -A INPUT -p tcp -m tcpmss –mss 1:500 -j DROP

Turn off tcp_mtu_probing:
Sysctl net.ipv4.tcp_mtu_probing

Perhaps this is VMWARE. So you must follow below solution by vendor.

https://www.vmware.com/security/advisories/VMSA-2019-0010.html

Preface: As time goes by, As time goes by, the common software design mistake found on business computer world now extend to industrial area. The impact includes SCADA , PLC and graphical user interfaces software.

Design defect: On systems, a default administration account exists which is set to a simple default password which is hard-coded into the program or device.From cyber security point of view, it is not the best practices. Meanwhile it boots up the overall risk level.

Vulnerability details: Design limitation encountered on ABB HMI components: A hidden administrative accounts embedded. This credential will be used during the provisioning phase of the HMI interface. Apart from that the credentials allow the provisioning tool “Panel Builder 600” to flash a new interface and Tags (MODBUS coils) mapping to the HMI.

Impact: An attacker can use these credentials to login to ABB HMI to control the operations. Those credentials are used over both HTTP(S) and FTP. Furthermore it let the attacker receive the read/write authority. As a result, it provide a pathway to implant malware into the system.

Official announcement ABB PB610 – https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch

Official announcement ABB CP635 HMI – https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch

Official announcement ABB CP651 HMI – https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch