Preface: 3350 companies reportedly use Elasticsearch in their tech stacks, including Uber, Shopify, and Udemy.

Background: Organizations can use big data analytics systems and software to make data-driven decisions that can improve business-related outcomes. Elasticsearch is a popular open-source search
and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.

Remark: Elastic, the company behind Elasticsearch and Kibana, has made a change to their licensing. They’ve taken a unique approach to “doubling down on open”: customers can now choose between two non-open source licenses. 

Vulnerability details: Flaw found in Kibana and Elasticsearch version before 7.11.2 abd 6.8.15. It risk to exposure of Sensitive Information to an Unauthorized person and unintentionally extending authenticated users sessions. Details shown as below:

CVE-2021-22136 – https://nvd.nist.gov/vuln/detail/CVE-2021-22136

CVE-2021-22135 – https://nvd.nist.gov/vuln/detail/CVE-2021-22135

Preface: Near field communication (NFC) technology lets smartphones and other enabled devices communicate with other devices containing a NFC tag.

Vulnerability details: Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user (with capability CAP_NET_RAW).
What if Creating raw socket in Python without root privileges?

Reference:

Activating the SUID bit for the file with a command like chmod +s file and set its owner to root with chown root.root file.
This will run your script as root, regardless of the effective user that executed it.

Setting the CAP_NET_RAW capability on the given file with a command like setcap cap_net_raw+ep file.
This will give it only the privileges required to open a raw socket

Announcement by vendor – https://access.redhat.com/security/cve/CVE-2021-23134

Preface: The Improper Access Control weakness describes a case where software fails to restrict access to an object properly.

Background: Citrix Workspace ensures corporate data is safe and malicious activities are spotted quickly. If the installation is user-based, Citrix Workspace app must be installed for each user who logs on to the local machine.

Vulnerability details: Citrix has released security updates to address a vulnerability in Citrix Workspace App for Windows. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability affects all supported versions of Citrix Workspace app for Windows but does not affect Citrix Workspace app on any other platforms. Since vendor do not mentioned explicitly what is the actual flaw. However , whether does it encounter former design weakness again (Refer to diagram for details).

Official announcement: CTX307794 (Citrix Workspace App Security Update) – https://support.citrix.com/article/CTX307794

Preface: The term ‘NoSQL’ means ‘non-relational’. It means that MongoDB isn’t based on the table like relational database structure.

Background: MongoDB storage format called BSON. It is similar to JSON format. Traditional database store data in tabular format. In a MongoDB database, data is stored in collections and a collection has documents. A document has fields and values, like in a JSON. The field types include scalar types (string, number, date, etc.) and composite types (arrays and objects). The query operations on array fields using the db.collection.find() method in the mongo shell. MongoDB supports query operations on geospatial data. MongoDB uses collections of documents instead of tables of rows to organize and store data. In MongoDB, you can store geospatial data as GeoJSON objects or as legacy coordinate pairs.

Vulnerability details: A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4. For more details, please refer to diagram attached.

Remedy: Add stricter parser checks around positional projection
Branch: v4.4 – https://github.com/mongodb/mongo/commit/0c7f643a2dfe4000ac9630ed5dace0cb40ec9740

Preface: vSphere 6.5 – introduction of several new REST APIs included in the vCenter Server Appliance (VCSA).

Background: You can use vRealize Business for Cloud to manage the following VMware products and services: vCenter Server,vCloud Director,vRealize Automation & vRealize Operations Manage. Through the REST API. To get access VCSA appliance. The corresponding API endpoint for available updates are under the [/]rest[/]appliance[/]update section.If you run the API explorer, you will get the following result. Endpoint shows UP_TO_DATE, while VAMI shows 5 available updates.

Vulnerability details: Attackers can exploit this security flaw using management interface (VAMI) upgrade APIs to gain access to unpatched vRealize Business for Cloud Virtual Appliances.

Remedy – Official announcement : https://www.vmware.com/security/advisories/VMSA-2021-0007.html

Background: DBUtil_2_3. Sys is a Windows driver. A driver is a small software program that allows your computer to communicate with
hardware or connected devices. This means that a driver has direct access to the internals of the operating system,
hardware etc.

Vulnerability details: Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges,
denial of service, or information disclosure. Local authenticated user access is required. Vendor plans to release proof of concept code for CVE-2021-21551 on 1st June 2021, said Dell computer.
But we can do the imagination before they announce the update. For details, please refer to diagram.

Official announcement – https://www.dell.com/support/kbdoc/zh-hk/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Preface: US Homeland security urge their local country computer users should stay alert of multiple vulnerabilities matter on Pulse Secure product. Perhaps all the world should be aware of it.

Synopsis: As times goes by, Pulse secure acquired juniper SSL VPN product for few years. Perhaps we can remember that Juniper is the active player on telecommunication services provider. Around the world including enterprise firm, they are satisfy with Juniper SSL VPN services.

Security focus: Product Affected by vulnerabilities (PCS: 9.1Rx and 9.0Rx)
CVE-2021-22894 – Buffer overflow in Pulse Connect Secure Collaboration Suite before 9.1R11.4 allows a remote authenticated users to execute arbitrary code as the root user via maliciously crafted meeting room.
CVE-2021-22899 – allows a remote authenticated users to perform remote code execution via Windows File Resource Profiles.
CVE-2021-22900 – allow an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Details please refer to link – https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/

Technical background: A Samba file server enables file sharing across different operating systems over a network. It lets you access your desktop files from a laptop and share files with Windows and macOS users.

Vulnerability details: Unprivileged users can delete files in network shares that they shouldn’t access.
However, vendor stated that they conduct analysis of the code paths but not yet confirm the specify way for a remote user to be able to trigger this flaw reproducibly.
Perhaps you may have luck to find out the root causes. For more details, please refer to attached diagram .

Official details (CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids()) – https://www.samba.org/samba/security/CVE-2021-20254.html

Protecting an unpatched Samba server: The easiest way is to use the “Host Allow” and “Host Deny” options in the Samba configuration [smb.conf] file to only allow access to your server from a specific range of hosts. The example is shown below:

[]hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24[]
[]hosts deny = 0.0.0.0/0[]