Preface: Analyzing big data not so easy.

Synopsis: Analyzing big data not so easy. It requires knowledge of enterprise search engines for making content from different sources like enterprise database, social media, sensor data etc. searchable to a defined audience. Elasticsearch is one of the free and open source enterprise search software.

Vulnerability detail: The vulnerability exists because the affected software mishandles user-supplied input. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software.

Causes: Timeline uses regular HTML DOM to render the timeline and items put on the timeline. This allows for flexible customization using css styling.
With the HTML DOM, JavaScript can access and change all the elements of an HTML document.
The design limitation allow the attacker to execute arbitrary JavaScript code on the system.

Remedy: Refer to URL – https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077

Preface: Vendor operate in high visibility, initiate fix vulnerabilities means they are more secure than other products.

Synopsis: From hardware appliance to software base. From Layer 3 to Layer 7, the growth of operations expanded, it is hard to avoid vulnerability occurs.

Vulnerability Details:
Cisco IOS and IOS XE Software Network-Based Application Recognition Denial of Service Vulnerabilities – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-nbar

CVE-2019-1753: Cisco IOS XE Software Privilege Escalation Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc

CVE-2019-1754: Cisco IOS XE Software Privilege Escalation Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-iosxe-privesc

Remark: Perhaps the total numbers of high severity vulnerability has 19 items. The remaining is address denial of server and command injection. But the privileges escalation merely our focus this time. So the remaining do not display in this discussion.

Preface: The statistic by Netcraft in January 2019, Apache server coverage market reach 30.88%.

Technical background: Apache server not only contain web server service, it can config as a reserve proxy server to enhance the web infrastructure isolation level. Single sign-on authentication method growth significant in past few years. A popular web architecture model, setup Apache become reserve proxy service and thus integrate to single sign on (SAML) function.

Vulnerability detail: If Apache is configured as a reverse proxy with mod_auth_mellon for authentication, the authentication can be bypassed by adding SAML 2.0 ECP headers to the request.

Official announcement and security fixes: https://github.com/Uninett/mod_auth_mellon/releases

Preface: In order to avoid cyber attack and insider threat. The monitoring feature is a critical feature in IT world.

Background: CapMon monitors and collects information from the infrastructure and applications. The system does not require installation of extra software on other units in the network. CapMon IT monitoring has a Web based user interface, ensuring fast access to the various functionalities.

Vulnerability details:
Design weakness in this software – all priviliges commands “only” grants local administrator privilege. There is a command that allows for even higher privilege escalation – namely the “CALScriptDRUN” command.
The fact is that an issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunElevated.exe provides “NT AUTHORITY\SYSTEM” access to unprivileged users via the –system option.

Should you have interest, please refer to Improsec analytic report, url shown as below: https://improsec.com/tech-blog/cam1

Preface: RSA Authentication Manager delivers intelligent, transparent, behind-the-scenes authentication to enhance every secure access scenario.

Product advantage: Take full advantage of virtualization in your organization to ease deployment, administration, and on-going system management.

Vulnerability details:
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A
malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.
Hints: Please refer to attached diagram.

Remedy:
Install RSA Authentication Manager version 8.4 P1 and later version.

Preface: Cisco has announcement yesterday that there are vulnerabilities found on IP Phone 8800 Series.

About IP Phone 8800 Series: The Cisco IP Phone 8800 Series delivers HD video and VoIP communications, and integrates with your mobile device to meet your business needs.

Vulnerability details are shown as below:

• Cisco IP Phone 8800 Series Path Traversal Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
• Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos
• Cisco IP Phone 8800 Series Authorization Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab
• Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce
• Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf

Synopsis of 2 items of vulnerability: Perhaps Cisco did not provides the vulnerability details on CVE-2019-1716 and CVE-2019-1763. However there are hints let’s we can speculate those issues. Web applications are highly vulnerable to input validation errors. Inputting the invalid entry “!@#$%^&*()” on a vulnerable web application may cause performance issues or denial of service on a vulnerable system or invalid passwords such as “pwd’” or “1=1— ” may result in unauthorized access.