Monthly Archives: November 2018

Potential Risk of CVE

Cisco Releases Security Updates – November 07, 2018

Cisco Releases Security Updates – November 07, 2018

Cisco Stealthwatch Management Console Authentication Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Cisco Small Business Switches Privileged Access Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Cisco Unity Express Arbitrary Command Execution Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Cisco Meraki Local Status Page Privilege Escalation Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meraki%20Local%20Status%20Page%20Privilege%20Escalation%20Vulnerability&vs_k=1

Data privacy, Under our observation

Self-Encrypting Solid-State Drive Vulnerabilities – November 06, 2018

Preface:
Retrospective last decade, the key word so called vulnerability look like a stranger to us. But it change today. Design vulnerability, it was no doubt to say. They are the belongings of cost effective solution, market competition (short development life cycle) and satisfy human want.

Design technique – Wear leveling (also written as wear levelling) is a technique for prolonging the service life of some kinds of erasable computer storage media.

Design limitation – Wear-leveling does not guarantee that an old copy of updated data is fully removed. If the updated data is written to a new segment, old versions of data may exist in the previous segment for some time after it has been updated (until that previous segment is overwritten).
Remark: Consumer Notice regarding Samsung SSDs – https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/

Impact – There is possible way to allow data theft to collect and read the encrypted data through physical attack (reverse engineering). A vulnerability for hardware encryption method.

Remedy – Fully turn off BitLocker to decrypt the drive on windows OS
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028

Potential Risk of CVE

Linux (systemd) current status update – 7th Nov 2018

Linux (systemd) current status update – 7th Nov 2018

If you are the old folk. Perhaps you will familiar with (init)?
The trend is going to replace the old mechanism (init) with new one (systemd). From techincal point of view, people satisfy the techincal features of “systemd”. However they are concern that such design are all in one place (package). Even though text book mentioned in theory so called trusted kernel kernel. The overall infrastructure will be build by several components. The realistic told the world that no safe place in cyber world. If you would like to make yourself secure, it is better to get rid your electronic belongings. We all know it was not possible!

Background – What is “systemd”?
The parent of all other processes (directly or indirectly)

Which Linux brand now fully deployed with “systemd” instead of “init”?
Fedora, OpenSuSE, Arch, RHEL, CentOS, etc.

Vulnerability status:
Refer attached diagram and below URL for references.

https://access.redhat.com/security/cve/cve-2018-15686

https://access.redhat.com/security/cve/cve-2018-15687

https://access.redhat.com/security/cve/cve-2018-15686

Conclusion: POSIX defined set of standards for an operating system or a program. But “systemd” not a POSIX standard. The computing system life cycle is really short today. It cannot compare with our home old day appliances.

Potential Risk of CVE

5th Nov 2018 – Apache Releases Security Advisory for Apache Struts. Is there any concern by Cisco?

US-CERT urge that stay alert for the former Apache Struts design weakness (CVE-2016-1000031 – Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution)

See whether does it effect cisco products?
Since this vulnerability just happened yesterday. And therefore no response from Vendor (Cisco) in the moment.

For details about this vulnerability. Please refer below URL for reference.

http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E

Status update – Cisco 7th Nov 2018 Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload

Potential Risk of CVE

Schneider Electric Security Notification – Nov 2018

A reminder to Schneider customer – official security alert!

Preface:
DLL file is in SysWOW64 folder and someone places a counterfeit dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the counterfeit dll file, as it has the same name as the DLL requested by the application. Once in memory, it can execute the malicious code contained in the file and may compromise your computer or networks.

Vulnerability:
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

Remedy:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-298-01+Schneider+Electric+Software+Update+%28SESU%29V1.1.pdf&p_Doc_Ref=SEVD-2018-298-01

Additional – Modicon M221:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-270-01+Modicon+M221.pdf&p_Doc_Ref=SEVD-2018-270-01

Potential Risk of CVE

CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures (Fri, 2 Nov 2018)

CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures (Fri, 2 Nov 2018)

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. As predicted, there are more and more branch prediction processor attacks are discovered soon!

Hey guys, if you are interested to read the details, please refer to below URL for reference.
https://seclists.org/oss-sec/2018/q4/123

In short, the design weakness let the processes running in parallel on the same physical core. The malicious process can thus measure the delay in the execution of its operations for target destination (port), and determine when the victim process is using the same destination (port). If victim process is a crypto operation. This is the way which causes possibilities recover a private key.

Proof of concept (GitHub)
https://github.com/bbbrumley/portsmash

Potential Risk of CVE

Texas Instrument Microcontrollers (CC2640 and CC2650) vulnerability made vendor headache! (Nov 2018)

As time goes by, we seen the cyber security coverage not limit to desktop, notebook and server. Even though WiFi chip set will be involved zero day vulnerability management cycle. Texas Instrument Microcontrollers expose that CC2640 and CC2650 has vulnerable to cyber attack. If the incoming data is over a certain length and continuous execution. As a result, it will copy the overly large packet to the buffer and cause a variable and heap overflow.This memory corruption can lead to code execution on the main CPU of the device, which could have the potential to affect other devices across a network if the origin is a networked device.
This vulnerability was patched in BLE-Stack v2.2.2 released by Texas Instruments on March 28, 2018. Affected devices will require a firmware update to obtain the updated BLE-Stack. However Cisco and other hardware manufacture just announce the remedy solution this week. Sound strange! Regarding to the announcement by Cisco, the Aironet Access Points and Meraki AP are the victim of this vulnerability. Should you have interest to find out the technical details, please refer below URL for reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap

Potential Risk of CVE

libssh Authentication Bypass Vulnerability Affecting Cisco Products and additional critical item – 31st October 2018

Background:
Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.
Vulnerability found on 17th Oct 2018:

The technical details are as follows, please refer to the URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

In addition, another important vulnerability announced this week is for your consideration.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

Reference: Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

 

Potential Risk of CVE

Cisco zero-day interfer ASA 9.4+ and FTD 6.0+ software operation – 31st Oct 2018

Just read articles recommend of my friend. It reminded me that Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software encounter Denial of Service Vulnerability.This vulnerability recorded CVE-2018-15454. A design weakness resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.

The interim remedy solution shown as below:
hostname(config)# policy-map global_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# no inspect sip
hostname(config-pmap)# exit
hostname(config)# policy-map sip_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# inspect sip
hostname(config-pmap)# exit
hostname(config)# service-policy sip_policy interface [interface]

Official technical details shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos

Besides there is another vulnerabilities occurs in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software simultaneously.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos

2018

Apache Releases Security Update for Apache Tomcat JK Connectors – 31st Oct 2018

A reverse proxy is not totally transparent to the application on the backend. When the application on the backend returns content including self-referential URLs using its own backend address and port, the client will usually not be able to use these URLs.
Deploy Apache Tomcat Connector (mod_jk) can easy to solve these technical problem. It supports the load balancing of HTTP calls to a set of Servlet containers, while maintaining sticky sessions and communicating over AJP.
Regarding to vulnerability detail of CVE-2018-11759, it shown that Apache Tomcat JK (mod_jk) Connector design flaw contains path traversal vulnerability.
My speculation is that such vulnerability will be effected SME firm web application server. If the vulnerability occurs, it provides a way let’s attacker trace the target destination especially the location services account file.

For more details, please refer below url for reference.

http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3C16a616e5-5245-f26a-a5a4-2752b2826703@apache.org%3E