IOS XE built on Linux and provides a distributed software architecture that moves many operating system responsibilities out of the IOS process and has a copy of IOS running as a separate process.

Since it runs a copy of IOS, all CLI commands are the same between Cisco IOS and IOS XE, in contrast to IOS XR which has a completely different code base and its developers implemented quite a different CLI command set.

IOS XE look like a docker container component.

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability(buffer overflow)

The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos

Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
Cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
Improper processing of SIP packets in transit while NAT is performed on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg

Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh

Cisco IOS XE Software Command Injection Vulnerabilities
The vulnerabilities exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Cisco IOS XE Software Errdisable Denial of Service Vulnerability
The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp

Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability
The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak

Cisco Webex Meetings Client for Windows Privilege Escalation Vulnerability
The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe

About vulnerabilities for NX-OS – status update 18th Oct 2018

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability – The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability – The vulnerability is due to a lack of protection against PTP frame flood attacks.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability – The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos

In the past, servers would physically connect to a hardware-based switch located in the data center. When VMware created server virtualization the access layer changed from having to be connected to a physical switch to being able to connect to a virtual switch. This virtual switch is a software layer that resides in a server that is hosting virtual machines (VMs). VMs, and now also containers, such as Docker, have logical or virtual Ethernet ports. These logical ports connect to a virtual switch.

There are total 3 items of vulnerabilities found few months ago (Jun 2018). From security point of view, I focus on CVE-2018-17206 since vulnerability can let attacker relies on maliciously exploited to access privileged information.

References:

CVE-2018-17206 – https://access.redhat.com/security/cve/cve-2018-17206

CVE-2018-17204 – https://access.redhat.com/security/cve/cve-2018-17204

CVE-2018-17205 – https://access.redhat.com/security/cve/cve-2018-17205

Perhaps we believe that the vulnerability of industrial automation system or SCADA merely happens on Microsoft product. As a matter of fact, Linux OS base system do not have exception. They are also vulnerable!

Below vulnerabilties details was found on Rockwell RSLinx Classic. RSLinx Classic is an inclusive communication server which provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix 5/500/5000, RSView32, FactoryTalk View Site Edition & FactoryTalk Transaction Manager. RSLinx provides connectivity for client applications using OPC or DDE. OPC is the preferred interface for data acquisition applications because it is the Defacto standard for factory communications.

References:

STACK-BASED BUFFER OVERFLOW – https://www.cvedetails.com/cve/CVE-2018-14829/

HEAP-BASED BUFFER OVERFLOW –https://www.cvedetails.com/cve/CVE-2018-14821/

UNCONTROLLED RESOURCE CONSUMPTION (‘RESOURCE EXHAUSTION’) – https://www.cvedetails.com/cve/CVE-2018-14827/

The Mid-Autumn Festival is a harvest festival celebrated notably by the Chinese and Vietnamese people. Perhaps this is a specify day for celebration and traditional people will take rest and do the family dinner gathering.Cyber world operation looks does not have holiday. This is the robot life. Perhaps you and me do not want to become a robot. But we are on the way!

Apple Releases Security Update for macOS Mojave – 24thSep2018

Bluetooth – CVE-2018-5383
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

App Store – CVE-2018-4324
Impact: A malicious application may be able to determine the Apple ID of the owner of the computer

Application Firewall – CVE-2018-4353
Impact: A sandboxed process may be able to circumvent sandbox restrictions

Auto Unlock – CVE-2018-4321
Impact: A malicious application may be able to access local users AppleIDs

Crash Reporter – CVE-2018-4333
Impact: An application may be able to read restricted memory

Kernel – CVE-2018-4336, CVE-2018-4344
Impact: An application may be able to execute arbitrary code with kernel privileges

Security – CVE-2016-1777
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Reference: https://support.apple.com/en-us/HT209139

Nowadays, the trend of business industries are bring their application on top of Cloud services. But some of the firm has reluctant to cloud because they are concerning about data breaches, data ownership and different areas of law regulations. As a matter of fact, doing the cyber security protection on your own or without managed sercurity services looks not in the right direction. As a result , there are more project development priority to select cloud services application platform. The hottest one is the SAP.

Vendor SAP do the vulnerability managment looks fine since they are the market leader. As we know, the security patch day announced on 11th September 2018. Yes, it is above one week ago. I observe this round of patch management have 2 items awaken company CSO thinking. Even the medium piority of vulnerability items also contain potential risk. For instance CVE-2018-2454,CVE-2018-2455 and CVE-2018-2461. The first and second CVE issues (CVE-2018-2454 & CVE-2018-2455 )are lack of authorization check. In the sense that this type of indirect privileges escalation causes by insider threats. So a careless user will be jeopardize or compromised the system.The last one (CVE-2018-2461) indicate the vulnerability happend in SAP HCM. The SAP Fiori app suite for HCM makes use of SAP’s new UX strategy to help your employees, irrespective of any level, to trigger different HR needs, such as paid leave application, viewing of pay stubs. The vulnerability belongs to data privacy is also lack of authorization check. So medium severity of vulnerability sometimes will also be dangerous. Should you have interest to know more, please refer to below url.

SAP Security Patch Day – September 2018

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Does it a design flaw or it is a ………..?

While exploring her new home, a girl named Coraline discovers a secret door, behind which lies an alternate world that closely mirrors her own but,…..

Remediation announcement – Cisco Video Surveillance Manager Appliance Default Password Vulnerability – 2018 September 21 (below url for reference)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

Similar vulnerability found on Cisco products within this year, is it a coincidence? (see below):

CVE-2018-0150 – Cisco IOS XE static credential default account
CVE-2018-0222 – Digital Network Architecture Center Static Credentials Vulnerability
CVE-2018-0268 – bypass for a Kubernetes container management subsystem embedded inside Cisco’s DNA Center.
CVE-2018-0271 – An authentication bypass in the DNA Center’s API gateway.
CVE-2018-0375 – vulnerability in the Cluster Manager of Cisco Policy Suite
CVE-2018-0329 – The hardcoded credentials resides in the read-only SNMP community string in the configuration file of the SNMP daemon,
CVE-2018-15427 – Cisco Video Surveillance Manager Appliance Default Password Vulnerability

SCADA helps people automate our world. It includes water, wastewater, and storm water management,Oil and Gas,Electricity,Transit systems and traffic,Facilities,Agriculture and Manufacturing.

OPC UA can be used for supervisory control, now eliminating the use of Windows-based intermediate systems to streamline the data transfer process from the field and control levels vertically to the management and enterprise levels. Recently found Buffer overflow in OPC UA applications. It allows remote attackers to trigger a stack overflow with carefully structured requests. Stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. Buffer overflows in the stack segment may allow an attacker to modify the values of automatic variables or execute arbitrary code.

Official announcement shown as below URL:

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf

What is BIND 9? BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users.

On 2006, named.conf parser design limitation found by Anonymous Monk. He list out the following.

• BIND::Conf_Parser – doesn’t deal with 9.x
• BIND::Config::Parser – bails out with ‘Bad text’ on my named.conf
• Cpanel – near to impossible to cut out something usable outside cpanel
• Webmin – seems to deal only with bind 8.x
• the /usr/sbin/named-checkconf utility packed with bind.9 – gives just an OK/not ok verdict upon named.conf, no way to store the underlying structure.

Announce design flaw – Sep 2018

The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field.

Remark: A Kerberos realm is a set of managed nodes that share the same Kerberos database.

CVE-2018-5741: Update policies krb5-subdomain and ms-subdomain – https://kb.isc.org/docs/cve-2018-5741

Summary:

ISC BIND before releases 9.11.4-P2 and 9.12.2-P2 does not properly document the behaviour of the krb5-subdomain and ms-subdomain update policies.

Reference – Vulnerabilities announced last few months

8th Aug 2018 – ISC Releases Security Advisory for BIND

June 13, 2018 – ISC Releases Security Advisory for BIND

May 18, 2018 – ISC Releases Security Advisories for BIND

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. Electronic document transform to an attacking tools are worry in cyber security world so far. The fact is that it is hard to detect such indirect attack. The simple we will know it is easy to evade the defense machanism. A malicious user can pass a `cff` font file to the application to cause a heap-based buffer overflow that can lead to an out-of-bounds write. This can cause the application to crash or overwrite values in the heap. If it overwrite chunk header, corrupt free(), but program doesn’t crash. It will be very dangerous!

Don’t underestimate! Offical URL shown as below:

https://helpx.adobe.com/security/products/acrobat/apsb18-34.html