Category Archives: Potential Risk of CVE

Potential Risk of CVE

VMware Releases Security Updates – November 20, 2018

Preface:
vSphere Data Protection is a backup and recovery solution designed for vSphere environments.It provides agentless, image-level virtual-machine backups to disk.
VMware vSphere 6.5 is the last release which includes the VDP product. All existing vSphere Data Protection installations with active Support and Subscription (SnS) will continue to be supported until their End of General Support (EOGS) date.

Vulnerability findings:
An attacker could exploit some of these vulnerabilities in VDP and thus to take control of an affected system.

Official remedy solution (see below URL):
https://www.vmware.com/security/advisories/VMSA-2018-0029.html

Appendix: VMware vSphere 6.5 is the last release which includes the VDP product. Meanwhile VMware announced the End of Availability (EOA) of the VMware vSphere Data Protection (VDP) product on April 5th, 2017. (See below URL)

https://kb.vmware.com/s/article/2149614

Potential Risk of CVE

Status update – Multiple Vulnerabilities in Some ZTE CPE Terminal Products 19th Nov 2018

Preface: GPON stands for Gigabit Passive Optical Networks. GPON is defined by ITU-T recommendation series G.984.1 through G.984.6.

ZTE model F670 is a GPON Optical Network Terminal designed for Fiber to the home (FTTH) scenario. Therefore, it is very popular in today’s Internet home use.

Vulnerability findings:
Some ZTE CPE terminal products encountered below vulnerability. For more detail please refer to official announcement.
1. Heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
2. May allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
3. May allows an attacker to cause a denial of service via appviahttp service.
4. May allows an unauthorized user to perform unauthorized operations on the router.
5. An attacker can be allowed to brute force account credentials.

Vulnerabilities and remedy details:
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383

Comments: We aware that there are plenty of IoT devices expose their vulnerabilities on internet. It such a way to let the cyber criminals form their cyber attack army (Botnet). So staying alert and following the vendor recommendation to execute the remedy.

Potential Risk of CVE

Security Focus (Microsoft Edge) – Critical vulnerabilities fixed in November 2018 Patch Tuesday

Preface:
Chakra is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. It is a fork of the JScript engine used in Internet Explorer.

Description:
The technical details issued by patch Tuesday not describe explicitly (see below).

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..

Speculation:
Remote attacker to execute arbitrary code on the system caused by a ballout error in the JavaScript JIT compiler when inling ‘Array.prototype.push’ with multiple arguments.
Remark: The push() method adds oneor more elements to the end of an array and returns the new length of the array.

Remedy:

CVE-2018-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541
CVE-2018-8542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8542
CVE-2018-8543
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543
CVE-2018-8551
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8551
CVE-2018-8555
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555
CVE-2018-8556
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556
CVE-2018-8557
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8557
CVE-2018-8588
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588

Potential Risk of CVE

Adobe Releases Security Updates – 13th Nov 2018

Preface:
Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. This is the standard authentication algorithm for Microsoft products.

Design weakness:
Hacker steal the NTLM Credentials via PDF Files. They exploit NTLM hash leaks stealing a Windows user’s NTLM hashes.

Official announcement:
Updates for Photoshop CC for Windows and macOS
https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Security updates for Adobe Acrobat and Reader for Windows
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html

Security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Potential Risk of CVE

Node.js third-party modules vulnerability – Nov 2018

Preface:
Node.js is an open source, cross-platform built on Chrome’s JavaScript runtime for fast and scalable server-side and networking applications.

Known technical concerns:
Node.js has a set of built-in modules which you can use without any further installation.
In order to enhance the function and effectiveness, the 3rd party modules are available to operate with node.js framework. Since node.js is a runtime environment for the JavaScript-based applications. JavaScript is built into your browser software (IE, Chrome, Firefox, and Safari). JavaScript is used by HTML code to provide two-way communication between your browser and the web server without you needing to refresh the web page.
So, in certain circumstances, it is bring out the security concerns.

Known vulnerability modules:

Prototype Pollution Vulnerability in cached-path-relative Package
https://hackerone.com/reports/390847

[tianma-static] Stored xss on filename
https://hackerone.com/reports/403692

[takeapeek] Path traversal allow to expose directory and files
https://hackerone.com/reports/403736

Potential Risk of CVE, Under our observation

Security Updates for SIPROTEC and SICAM Products (Oct 2018)

Preface:

SIPROTEC and SICAM – Siemens products and solutions for protection engineering, station automation, power quality, and measurement – can be connected directly and easily to MindSphere and other cloud-based platforms.

What is MindSphere?
MindSphere is an open cloud platform or “IoT operating system” developed by Siemens for applications in the context of the Internet of Things. MindSphere stores operational data and makes it accessible through digital applications to allow industrial customers to make decisions based on valuable factual information.

Product Updates:
SICAM Q200 V2.40 firmware released with security-relevant updates
SICAM Q100 V1.30 firmware released with security-relevant updates

Question?
OpenSSL sources modified by Siemens issued on 11th Sep 2018.
However OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack (use variations in the signing algorithm recover the private key).
Above vulnerability with reference number CVE-2018-0734 announced on 30th Oct 2018.
It looks that there is a gap in between version. But it cannot confirm whether there is an impact?
Regarding to above technical details. Do you have any doubt?

Potential Risk of CVE

VMware Releases Security Updates – November 09, 2018

Subject: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

Technical background:
VMXNET3 (VMXNET Generation 3) is a virtual network adapter designed to deliver high performance in virtual machines (VMs) running on the VMware vSphere platform.
How to enable it?
1. Power off your Virtual Appliance in the VMWare Console.
2. Right click the Virtual Appliance, go to Settings.
3. Select Network Adapter 1 and click Remove.
4. Click Add and choose Network Adapter.
5. Choose VMXNET3 under type.

Design weakness:
The uninitialized stack memory vulnerability will be present if vmxnet3 is enabled.
In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software.

Remedy:

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

IoT, Potential Risk of CVE

Does CUJO IoT firewall will be affected by U-Boot vulnerabilities? Nov 2018

Preface:
CUJO is the most adorable home firewall on the Market. Meanwhile if a threat is detected, CUJO smart firewall will tell the cloud what it has blocked so you can receive a notification on your mobile app to confirm it.

Technical background:
Cujo product working with U-boot.
U-Boot is the bootloader. Meanwhile, it provides the basic infrastructure to bring up a board to a point where it can load a linux kernel and start booting the operating system.

Synopsis:
Vulnerabilities found on U-Boot (CVE-2018-18439, CVE-2018-18440)
CVE-2018-18439: U-Boot filesystem image load buffer overflow
CVE-2018-18440: U-Boot insufficient boundary checks in filesystem image load

Observation: No technical information provided by Vendor (CUJO AI) in the moment. We keep our eye open whether a remedy will be issued by vendor soon.

 

Potential Risk of CVE

Cisco Releases Security Updates – November 07, 2018

Cisco Releases Security Updates – November 07, 2018

Cisco Stealthwatch Management Console Authentication Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Cisco Small Business Switches Privileged Access Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Cisco Unity Express Arbitrary Command Execution Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Cisco Meraki Local Status Page Privilege Escalation Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meraki%20Local%20Status%20Page%20Privilege%20Escalation%20Vulnerability&vs_k=1

Potential Risk of CVE

Linux (systemd) current status update – 7th Nov 2018

Linux (systemd) current status update – 7th Nov 2018

If you are the old folk. Perhaps you will familiar with (init)?
The trend is going to replace the old mechanism (init) with new one (systemd). From techincal point of view, people satisfy the techincal features of “systemd”. However they are concern that such design are all in one place (package). Even though text book mentioned in theory so called trusted kernel kernel. The overall infrastructure will be build by several components. The realistic told the world that no safe place in cyber world. If you would like to make yourself secure, it is better to get rid your electronic belongings. We all know it was not possible!

Background – What is “systemd”?
The parent of all other processes (directly or indirectly)

Which Linux brand now fully deployed with “systemd” instead of “init”?
Fedora, OpenSuSE, Arch, RHEL, CentOS, etc.

Vulnerability status:
Refer attached diagram and below URL for references.

https://access.redhat.com/security/cve/cve-2018-15686

https://access.redhat.com/security/cve/cve-2018-15687

https://access.redhat.com/security/cve/cve-2018-15686

Conclusion: POSIX defined set of standards for an operating system or a program. But “systemd” not a POSIX standard. The computing system life cycle is really short today. It cannot compare with our home old day appliances.