CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures (Fri, 2 Nov 2018)

Spectre is a vulnerability that affects modern microprocessors that perform branch prediction. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. As predicted, there are more and more branch prediction processor attacks are discovered soon!

Hey guys, if you are interested to read the details, please refer to below URL for reference.
https://seclists.org/oss-sec/2018/q4/123

In short, the design weakness let the processes running in parallel on the same physical core. The malicious process can thus measure the delay in the execution of its operations for target destination (port), and determine when the victim process is using the same destination (port). If victim process is a crypto operation. This is the way which causes possibilities recover a private key.

Proof of concept (GitHub)
https://github.com/bbbrumley/portsmash

As time goes by, we seen the cyber security coverage not limit to desktop, notebook and server. Even though WiFi chip set will be involved zero day vulnerability management cycle. Texas Instrument Microcontrollers expose that CC2640 and CC2650 has vulnerable to cyber attack. If the incoming data is over a certain length and continuous execution. As a result, it will copy the overly large packet to the buffer and cause a variable and heap overflow.This memory corruption can lead to code execution on the main CPU of the device, which could have the potential to affect other devices across a network if the origin is a networked device.
This vulnerability was patched in BLE-Stack v2.2.2 released by Texas Instruments on March 28, 2018. Affected devices will require a firmware update to obtain the updated BLE-Stack. However Cisco and other hardware manufacture just announce the remedy solution this week. Sound strange! Regarding to the announcement by Cisco, the Aironet Access Points and Meraki AP are the victim of this vulnerability. Should you have interest to find out the technical details, please refer below URL for reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181101-ap

Background:
Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.
Vulnerability found on 17th Oct 2018:

The technical details are as follows, please refer to the URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

In addition, another important vulnerability announced this week is for your consideration.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

Reference: Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Just read articles recommend of my friend. It reminded me that Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software encounter Denial of Service Vulnerability.This vulnerability recorded CVE-2018-15454. A design weakness resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.

The interim remedy solution shown as below:
hostname(config)# policy-map global_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# no inspect sip
hostname(config-pmap)# exit
hostname(config)# policy-map sip_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# inspect sip
hostname(config-pmap)# exit
hostname(config)# service-policy sip_policy interface [interface]

Official technical details shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos

Besides there is another vulnerabilities occurs in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software simultaneously.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos

Few years ago, when your friend ask you which is the best smartphone in the world. Seems it is easy to answer. Perhaps the zero day attack and malware wreak havoc today. So it is hard to answer those question in quick!

We are now familiar with vulnerability terms especially stack-based buffer overflow, privilege escalation and lack of Input Validation. Qualcomm  Snapdragon is a suite of system on a chip (SoC) semiconductor products for mobile devices designed and marketed by Qualcomm Technologies Inc. The Snapdragon central processing unit (CPU) uses the ARM RISC instruction set.The Snapdragon 800 series is the top tier of Qualcomm’s processor. However the design weakness found on Snapdragon have plenty.  For more details, please find below url for reference.

https://www.qualcomm.com/company/product-security/bulletins

Remark: We see many people walking on the street daily. However they are insists to look at the smartphone even though cross the road. It is hard to imagine that if their phone has flaw and not able to use for 1 day. What will be happen afterwards?

Apple Releases Multiple Security Updates on product especially IOS 12.1.
Are you going to update as soon as possible or observe for a moment then action?
Can we say, we are now alive Insane technology world and suffer with vulnerability daily!

Safari 12.0.1
https://support.apple.com/en-us/HT209196

iCloud for Windows 7.8
https://support.apple.com/en-us/HT209198

iTunes 12.9.1
https://support.apple.com/en-us/HT209197

watchOS 5.1
https://support.apple.com/en-us/HT209195

iOS 12.1
https://support.apple.com/en-us/HT209192

tvOS 12.1
https://support.apple.com/en-us/HT209194

macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra –
https://support.apple.com/en-us/HT209193

A flaw was found in xorg-x11-server. X.Org Server is the free and open-source implementation of the display server for the X Window System. It is very common in computing environment. But IT administrator must stay alert whether your have Linux Desktop install on top of your VM infrastructure. Since a flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Reference shown as below:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665

Advantech WebAccess remain vulnerable (8.3.1 & 8.3.2)

When vulnerability allows an attacker to execute “arbitrary code”, it typically means that the hacker can run any command. Although critical facilities especially Petroleum, electricity, Gas and water SCADA infrastructure are prohibited setup internet access function. However to cope with modernization. It is hard to avoid to do the network integration. Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing & embedded systems. We found that both two different version of web access function has vulnerabilities occurs. See whether this information is related to your expertise area. For more details, please see below:

Advantech ICSA-18-296-01 WebAccess Multiple Security Vulnerabilities

https://www.securityfocus.com/bid/105728

• CVE-2018-15703: Multiple Reflected Cross-Site Scripting
• CVE-2018-15704: Authenticated Stack Buffer Overflow

https://www.tenable.com/security/research/tra-2018-33

Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

Due to design weakness of ACL, WebExService that can execute arbitrary commands at SYSTEM-level privilege.

Below remedy only reset the service to the default permission.

sc sdset webexservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

But you should update your Cisco Webex Meetings Desktop App installation to a 33.6.0 or later release since WebExService will still be vulnerable to local privilege escalation, though, without the patch!

Below details is the official announcement for your reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection

Security Alert – Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

MQTT (formerly MQ Telemetry Transport) is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based “lightweight” messaging protocol for use on top of the TCP/IP protocol. Since the original design objective of this protocol not for handling confidential information and therefore cyber security not the major focus. Smart City infrastructure work closely with MQTT technology. Moxa products have connected over 30 million devices worldwide in a wide range of applications, including factory automation, smart rail, smart grid, intelligent transportation, oil & gas, marine, and mining. Found vulnerabilities on Moxa ThingsPro IIoT Gateway and Device Management Software recently. If you the end user of Moxa, you must consider to contact your local representative in order to conduct the remedy action.

Official web site url shown as below:

https://www.moxa.com/support/support_home_new.aspx