Category Archives: Potential Risk of CVE

VMware has released a security update to address a vulnerability in AirWatch Console – 5thOct2018

From security point of view, it is not recommend deploy single sign-on authentication. A single user ID with single password manage multiple system increase the risk in proportion . Perhaps this factor ignore by modern business world. And therefore SAML single sign on is popular today.

VMware has released a security update to address a vulnerability in AirWatch Console. An attacker could exploit this vulnerability to take control of an affected system. Below URL provided by vendor in order to resolve SAML authentication bypass vulnerability in VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console).

https://www.vmware.com/security/advisories/VMSA-2018-0024.html

Your doctor (Cisco) is going to provides a nursing this week – 3rd Oct 2018

Your doctor is going to provides a nursing this week. Since vendor only provided high-level overview of vulnerability. But believe that the weakness given by REST-API.

Critical CVE-2018-15386
Cisco Digital Network Architecture Center Unauthenticated Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-unauth-access

Critical CVE-2018-0448
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-dna-auth-bypass

Additional 1:

Critical CVE-2018-15379
Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp

Additional 2:

High CVE-2018-15390
Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos

High CVE-2018-0455
Cisco Firepower System Software Detection Engine Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort

High CVE-2018-15389
Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-cpcp-password

* A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during install.

High CVE-2018-15387
Cisco SD-WAN Solution Certificate Validation Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-sd-wan-bypass

High CVE-2018-15383
Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos

 

Vulnerabilities causes attacker take control of an affected system – Firefox & Firefox ESR Oct 2018

Firefox 62.0.3 and Firefox ESR 60.2.2 user require attention!

System vulnerability never stop and keep running in cyber world. Sometimes you feel frustrated and may give up! As a modern people, no way ! So the only way is follow to do so!

People say human can control computer systen. But now vulnerabilities control business, industry, healthcare, public facility. Perhaps it is not require bring up a robot. They are virtually control your life. It sound scary!

Mozilla Releases Security Updates for Firefox. The bug will causes remote attacker could exploit these vulnerabilities to take control of an affected system.

Security vulnerabilities fixed in Firefox 62.0.3 and Firefox ESR 60.2.2

https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/

Honeywell Mobile Computers with Android Operating Systems – CVE-2018-14825

Port of Barcelona and Port of San Diego suffers cyber attack on September 2018. The San Diego port indicated the ransomware attack is mainly an administrative problem and the port is open and operating as usual. Cyber attacker conducting cyber attack to logistic industry not new. Honeywell one of the Industrial Control Systems leading manufacturer. They found that a vulnerability occurs in their android mobile computer devices. Since the headline news last week did not mentioned about the vulnerability details. In order to avoid hacker trigger the attack and vendor not going to provide the vulnerabiity details. My observation is that Android has dangerous permission group which allow user to execute in special circumustances.

The details are shown on attach diagram. Should you have interest, please refer to diagram.

The techincal reference can found in below url:

https://www.honeywellaidc.com/en/-/media/en/files-public/technical-publications/multi-product/ALLSKU-AND-ENUS-ZY.pdf

Adobe Releases Security Updates – Oct 2018

Adobe Releases Security Updates – Oct 2018

Many years ago adobe has two main modules Adam and Eve. Now use….. It looks that adobe products hard to manage memory space. So the critical vulnerabilities happens again. It looks that the software patching hit rate in demanding today. It is better to consider virtual patching now.

Adobe offical announcement shown as below:

https://helpx.adobe.com/security/products/acrobat/apsb18-30.html

CVE-2018-17082 – PHP Apache2 Component Transfer-Encoding – chunked Request Cross-Site Scripting Vulnerability

XSS vulnerabilities looks common in application world. But do not contempt this issue. A vulnerability in the php_handler function of PHP could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.

XSS attack has different ways. For instance XSS callback,…etc

PHP has confirmed the vulnerability and released software updates.

http://php.net/ChangeLog-5.php

Cisco Releases Security Updates for Multiple Products – September 26 and Oct 17, 2018

 

IOS XE built on Linux and provides a distributed software architecture that moves many operating system responsibilities out of the IOS process and has a copy of IOS running as a separate process.

Since it runs a copy of IOS, all CLI commands are the same between Cisco IOS and IOS XE, in contrast to IOS XR which has a completely different code base and its developers implemented quite a different CLI command set.

IOS XE look like a docker container component.

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability(buffer overflow)

The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos

Cisco IOS and IOS XE Software SM-1T3/E3 Service Module Denial of Service Vulnerability
Cause the ISR G2 Router or the SM-1T3/E3 module on the ISR4451-X to reload, resulting in a denial of service (DoS) condition on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability
Improper processing of SIP packets in transit while NAT is performed on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg

Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh

Cisco IOS XE Software Command Injection Vulnerabilities
The vulnerabilities exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Cisco IOS XE Software Errdisable Denial of Service Vulnerability
The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp

Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability
The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak

Cisco Webex Meetings Client for Windows Privilege Escalation Vulnerability
The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-webex-pe

About vulnerabilities for NX-OS – status update 18th Oct 2018

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability – The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability – The vulnerability is due to a lack of protection against PTP frame flood attacks.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability – The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos

 

Open vSwitch 2.7.x vulnerabilities – Sep 2018

In the past, servers would physically connect to a hardware-based switch located in the data center. When VMware created server virtualization the access layer changed from having to be connected to a physical switch to being able to connect to a virtual switch. This virtual switch is a software layer that resides in a server that is hosting virtual machines (VMs). VMs, and now also containers, such as Docker, have logical or virtual Ethernet ports. These logical ports connect to a virtual switch.

There are total 3 items of vulnerabilities found few months ago (Jun 2018). From security point of view, I focus on CVE-2018-17206 since vulnerability can let attacker relies on maliciously exploited to access privileged information.

References:

CVE-2018-17206 – https://access.redhat.com/security/cve/cve-2018-17206

CVE-2018-17204 – https://access.redhat.com/security/cve/cve-2018-17204

CVE-2018-17205 – https://access.redhat.com/security/cve/cve-2018-17205

Rockwell Automation RSLinx Classic cyber security alert! 20th Sep 2018

Perhaps we believe that the vulnerability of industrial automation system or SCADA merely happens on Microsoft product. As a matter of fact, Linux OS base system do not have exception. They are also vulnerable!

Below vulnerabilties details was found on Rockwell RSLinx Classic. RSLinx Classic is an inclusive communication server which provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix 5/500/5000, RSView32, FactoryTalk View Site Edition & FactoryTalk Transaction Manager. RSLinx provides connectivity for client applications using OPC or DDE. OPC is the preferred interface for data acquisition applications because it is the Defacto standard for factory communications.

References:

STACK-BASED BUFFER OVERFLOW – https://www.cvedetails.com/cve/CVE-2018-14829/

HEAP-BASED BUFFER OVERFLOW –https://www.cvedetails.com/cve/CVE-2018-14821/

UNCONTROLLED RESOURCE CONSUMPTION (‘RESOURCE EXHAUSTION’) – https://www.cvedetails.com/cve/CVE-2018-14827/