Preface:

NVIDIA GeForce graphics cards are built for the ultimate PC gaming experience, delivering amazing performance, immersive VR gaming, and high-res graphics.

Technical background:
GeForce Experience is the companion application to your GeForce GTX graphics card. It keeps your drivers up to date and automatically optimizes your game settings.

Vulnerability details announced on Nov 2018:
https://nvidia.custhelp.com/app/answers/detail/a_id/4740

CVE‑2018‑6263 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.

CVE‑2018‑6265 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.

For more details, please refer to attached diagram.

Preface:

Who use Node JS?
Node.js build various applications such as social media apps, video and text chat engines, real-time tracking apps, online games and collaboration tools. CiscoDevNet has sample to guide the developer how to integrate integrate Webex with node.js.

Technology background:
Node.js is an open-source, cross-platform JavaScript run-time environment that executes JavaScript code outside of a browser.

Severity of impact:

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default. A debug menu or debug mode is a user interface implemented in a computer program that allows the user to view and/or manipulate the program’s internal state for the purpose of debugging.

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers

Severity – High severity

Node.js Official announcement for reference:

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Preface: Cisco Prime License Manager provides simplified, enterprise-wide management of user-based licensing, including license fulfillment. Cisco Prime License Manager handles licensing fulfillment, supports allocation and reconciliation of licenses across supported products, and provides enterprise-level reporting of usage and entitlement.

Vulnerability synopsis:
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.

Official announcement:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

Preface: Samba is an implementation of the Server Message Block (SMB)/Common Internet File System (CIFS) protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix.

Vulnerabilities highlights:
Double free error is caused by freeing same memory location twice by calling free() on the same allocated memory. A NULL pointer dereference is a sub type of an error causing a segmentation fault. It occurs when a program attempts to read or write to memory with a NULL pointer. This design limitation was happen in a lot of software application. Found above vulnerabilities occurs in Samba server. For more details, please refer below:

Unprivileged adding of CNAME record causing loop in AD Internal DNS server : https://www.samba.org/samba/security/CVE-2018-14629.html

Double-free in Samba AD DC KDC with PKINIT

https://www.samba.org/samba/security/CVE-2018-16841.html

NULL pointer de-reference in Samba AD DC LDAP server

https://www.samba.org/samba/security/CVE-2018-16851.html

NULL pointer de-reference in Samba AD DC DNS servers

https://www.samba.org/samba/security/CVE-2018-16852.html

Samba AD DC S4U2Self Crash in experimental MIT Kerberos configuration (unsupported)

https://www.samba.org/samba/security/CVE-2018-16853.html

Bad password count in AD DC not always effective

https://www.samba.org/samba/security/CVE-2018-16857.html

Preface: Linux makes very efficient use of the system’s resources.You can give new life to your old and slow Windows system by installing a lightweight Linux system. Variants of Linux are most widely used in the Internet of things and smart devices.

Vulnerability synopsis:
Namespaced mapping – when the two sorted arrays are used, the new code omits the ID transformation for the kernel . Found design flaw in kernel that DAC security controls on files whose IDs aren’t mapped in namespace.
So, user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace.

Official details: https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd

Comment: The Linux operating system is heavily used in modern computer equipment. Will it have an impact soon?

Preface:
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems[4] (an x86 version of earlier releases was available);[3] it enables users to set up virtual machines (VMs) on a single physical machine, and use them simultaneously along with the actual machine.

Findings:
VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

Official announcement and Remedy:
https://www.vmware.com/security/advisories/VMSA-2018-0030.html

Comment:
Since the public announcement did not provide the technical details. However I suspected that a design weakness on True type font parser (embedded in the TPView.dll) not been remediated. The similar vulnerability found last year. The CVE reference number is CVE-2017-4913.

Remark: Be a happy black Friday but not for this vulnerability. Yes, this is the shopping on AWS,..etc. Happy hunting.

Preface:
PAYFORT Online Payment Gateway is the most Trusted in the Middle East. PAYFORT is here to help you accept online payments, reduce fraud & max your transaction amount.
Remark: On Mar 2018, official announce that PayFort International Inc. and its subsidiaries will be acquired by Amazon.

Vulnerabilities synopsis:
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS vulnerabilities occurs!

What is Cross-site Scripting (XSS)?
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.

Impact:
One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies. This allows attackers to impersonate victims and access any sensitive information or functionality on their behalf.

The vulnerability details can be found in the following URL:

https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk/

Preface:

Baidu Spark Browser is based on Chromium, the same engine which runs Google Chrome.

Vulnerability findings:
Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

Impact:
Arbitrary code may be executed with the privilege of the user invoking the installer.

Observation:
The threat actor can placing a malicious version of the dll file in the “C:\Program Files (x86)\baidu\spark\” folder. When the victim starts the browser, the browser execute file will load the malicious version of dll library file. How does the malicious dll file implant? It looks that a reserve engineering was happened in the original installer.

Reference URL:

http://jvn.jp/en/jp/JVN77885134/index.html

Preface:
vSphere Data Protection is a backup and recovery solution designed for vSphere environments.It provides agentless, image-level virtual-machine backups to disk.
VMware vSphere 6.5 is the last release which includes the VDP product. All existing vSphere Data Protection installations with active Support and Subscription (SnS) will continue to be supported until their End of General Support (EOGS) date.

Vulnerability findings:
An attacker could exploit some of these vulnerabilities in VDP and thus to take control of an affected system.

Official remedy solution (see below URL):
https://www.vmware.com/security/advisories/VMSA-2018-0029.html

Appendix: VMware vSphere 6.5 is the last release which includes the VDP product. Meanwhile VMware announced the End of Availability (EOA) of the VMware vSphere Data Protection (VDP) product on April 5th, 2017. (See below URL)

https://kb.vmware.com/s/article/2149614

Preface: GPON stands for Gigabit Passive Optical Networks. GPON is defined by ITU-T recommendation series G.984.1 through G.984.6.

ZTE model F670 is a GPON Optical Network Terminal designed for Fiber to the home (FTTH) scenario. Therefore, it is very popular in today’s Internet home use.

Vulnerability findings:
Some ZTE CPE terminal products encountered below vulnerability. For more detail please refer to official announcement.
1. Heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
2. May allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
3. May allows an attacker to cause a denial of service via appviahttp service.
4. May allows an unauthorized user to perform unauthorized operations on the router.
5. An attacker can be allowed to brute force account credentials.

Vulnerabilities and remedy details:
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383

Comments: We aware that there are plenty of IoT devices expose their vulnerabilities on internet. It such a way to let the cyber criminals form their cyber attack army (Botnet). So staying alert and following the vendor recommendation to execute the remedy.