Preface: HyperFlex is Cisco’s hyper-converged infrastructure (HCI) platform. It enable centralized management and enhanced operation efficiency.

Vulnerability detail:
The vulnerability resides in the hxterm service of the Cisco HyperFlex software package and it can “allow an unauthenticated, local attacker to gain root access to all nodes in the cluster, said Cisco.

If the following occurs:
You may login to the HX Data Platform command line interface in the Storage Controller VM in the following ways:
From a browser, a CLI terminal (SSH) and HX Connect Web CLI page.

OpenSSH can forward TCP sockets and UNIX domain sockets. If privilege separation is disabled, then on the server side, the forwarding is handled by a child of sshd that has root privileges. If an attacker who is permitted to log in as a normal user over SSH (using “ssh -L”). It can effectively connect to non-abstract unix domain sockets with root privileges.

Remedy: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access

Preface: CX-Supervisor is dedicated to the design and operation of PC visualization and machine control in Omron controller applications.

Technical background: Configuring CX supervisor in OPC and DDE is extremely simple if you have your DDE and OPC server with the SCADA package. CX supervisor contains a large number of predefined functions and libraries, and even very complex applications can be generated with a powerful programming language or VBScript.

Vulnerability detail: CX-Supervisor (Versions 3.42 and prior) has an vulnerability occurs. In technical aspect, we so called access of uninitialized pointer.
That is if the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks.

What is the best practice for an pointer?
The best way is setting it to NULL if it doesn’t point to anything.

Vendor announcement (see below url). But it did not mentioned this CVE yet! http://iotsecuritynews.com/omron-cx-supervisor-update-a/

Preface: Linus Torvalds, he is the principal developer of the Linux kernel. Many Linux distributions and operating systems are based on Linus Torvalds design foundation.

Synopsis: The module (virt/kvm/kvm_main.c) enables machines with Intel VT-x extensions to run virtual machines without emulation or binary translation. The module (virt/kvm/kvm_main.c) enables machines with Intel VT-x extensions to run virtual machines without emulation or binary translation. However a vulnerability occurs in the kvm_ioctl_create_device function of the Linux Kernel.

Details: The vulnerability exists due to a race condition that causes the kvm_ioctl_create_device function.
Affected software: kvm_main.c source code file

Impact: A successful exploit could trigger a use-after-free condition vulnerability. Thus causes the targeted virtual machine crash ( DoS condition). Besides, a successful exploit could allow the attacker to gain elevated privileges on a targeted system.

Remedy action: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9

Preface: Cisco provide status update on CVE-2018-5391 on 18th Feb 2019 , it is the follow up action for Linux kernel flaw announced August last year.

Synopsis: A decade ago, we said that the vulnerabilities of Microsoft windows will be jeopardize the IT world. Perhaps this statement not suitable today because Linux and open sources application encountered risks in frequent.

Vulnerability: From technical point of view, this flaw is easy exploit by attacker. They can send a packet trigger time and calculation expensive fragment reassembly algorithms overload the CPU power.

Don’t neglect this vulnerability:
Perhaps you say that your IPS can filter such malicious attack. The specify product has been patched. So your campus will be secure. But Linux base platform of machines are common today in your IT infrastructure. What if similar of attack is a insider threat. What’s the result?

Cisco official announcement – 18th Feb 2019 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment

Preface: Why REST so popular? REST can be used over nearly any protocol, when used for web APIs it typically takes advantage of HTTP.

Canonical snapd technical features: Snap is a software deployment and package management system.It capable to deliver and update your app on any Linux distribution for desktop, cloud, and Internet of Things.

Vulnerability occurred:

1. Creating a file that contains uid=0 in its name: /tmp/ktgolhtvdk;uid=0;
2. Binding to socket file – After a UNIX domain socket is created, you must bind the socket to a unique file path by using the bind function.
3. Then using it to initiate a connection to the snapd socket.
4. Overwrite the previous user identifier (UID) after the string is parsed and appear to the snapd daemon as a root user.
5. Allow the attacker to create a new local user with root privileges using the API’s POST /v2/create-user function.

Vendor Announcements: Canonical has released software updates at the following link.

https://github.com/snapcore/snapd/releases

Preface: Docker containers can be created in VMware. Therefore, VMware and Docker can work together. Therefore, they are not just competitors.

Vulnerability background: Docker announce on 12th Feb 2019 that they are vulnerable for malicious attack. The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host.

Impact:
The attacker could trick a user with these permissions into deploying a malicious container or running docker exec for them.

Remedy: VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime (CVE-2019-5736) . For more details, please refer official details shown below: https://www.vmware.com/security/advisories/VMSA-2019-0001.html

Conclusion: VMware is committed to work with the community to help establish common, open standards and specifications for containers on Jul 2017. I think such vulnerability also has impact to Stateful Containers on vSphere with the Orchestrator architecture. Therefore may have announcement will be posted soon!

Preface: Cisco MSE is distributed as an Open Virtual Appliance (OVA) for installation on a virtual appliance and as an ISO image for installation on a physical appliance. Cisco MSE acts as a platform (physical or virtual Cisco Mobility Services Engine [MSE] appliance) to deploy and run the Cisco services.

Open Container Initiative overview:
OCI currently contains two specifications: the Runtime Specification (runtime-spec) and the Image Specification (image-spec).

Cisco worries that OCI flaw will be affecting his Products:
The /proc/self refers to the current running process’s own environment, exec is actually calling itself. When flaw allow someone improperly handles file descriptors related to /proc/self/exe. In the sense that attacker similar escalate privileges on a targeted system.

For more details, refer below Official announcement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc