Category Archives: Potential Risk of CVE

Potential Risk of CVE

Security Focus (Microsoft Edge) – Critical vulnerabilities fixed in November 2018 Patch Tuesday

Preface:
Chakra is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. It is a fork of the JScript engine used in Internet Explorer.

Description:
The technical details issued by patch Tuesday not describe explicitly (see below).

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..

Speculation:
Remote attacker to execute arbitrary code on the system caused by a ballout error in the JavaScript JIT compiler when inling ‘Array.prototype.push’ with multiple arguments.
Remark: The push() method adds oneor more elements to the end of an array and returns the new length of the array.

Remedy:

CVE-2018-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541
CVE-2018-8542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8542
CVE-2018-8543
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543
CVE-2018-8551
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8551
CVE-2018-8555
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555
CVE-2018-8556
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556
CVE-2018-8557
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8557
CVE-2018-8588
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588

Potential Risk of CVE

Adobe Releases Security Updates – 13th Nov 2018

Preface:
Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. This is the standard authentication algorithm for Microsoft products.

Design weakness:
Hacker steal the NTLM Credentials via PDF Files. They exploit NTLM hash leaks stealing a Windows user’s NTLM hashes.

Official announcement:
Updates for Photoshop CC for Windows and macOS
https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Security updates for Adobe Acrobat and Reader for Windows
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html

Security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Potential Risk of CVE

Node.js third-party modules vulnerability – Nov 2018

Preface:
Node.js is an open source, cross-platform built on Chrome’s JavaScript runtime for fast and scalable server-side and networking applications.

Known technical concerns:
Node.js has a set of built-in modules which you can use without any further installation.
In order to enhance the function and effectiveness, the 3rd party modules are available to operate with node.js framework. Since node.js is a runtime environment for the JavaScript-based applications. JavaScript is built into your browser software (IE, Chrome, Firefox, and Safari). JavaScript is used by HTML code to provide two-way communication between your browser and the web server without you needing to refresh the web page.
So, in certain circumstances, it is bring out the security concerns.

Known vulnerability modules:

Prototype Pollution Vulnerability in cached-path-relative Package
https://hackerone.com/reports/390847

[tianma-static] Stored xss on filename
https://hackerone.com/reports/403692

[takeapeek] Path traversal allow to expose directory and files
https://hackerone.com/reports/403736

Potential Risk of CVE, Under our observation

Security Updates for SIPROTEC and SICAM Products (Oct 2018)

Preface:

SIPROTEC and SICAM – Siemens products and solutions for protection engineering, station automation, power quality, and measurement – can be connected directly and easily to MindSphere and other cloud-based platforms.

What is MindSphere?
MindSphere is an open cloud platform or “IoT operating system” developed by Siemens for applications in the context of the Internet of Things. MindSphere stores operational data and makes it accessible through digital applications to allow industrial customers to make decisions based on valuable factual information.

Product Updates:
SICAM Q200 V2.40 firmware released with security-relevant updates
SICAM Q100 V1.30 firmware released with security-relevant updates

Question?
OpenSSL sources modified by Siemens issued on 11th Sep 2018.
However OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack (use variations in the signing algorithm recover the private key).
Above vulnerability with reference number CVE-2018-0734 announced on 30th Oct 2018.
It looks that there is a gap in between version. But it cannot confirm whether there is an impact?
Regarding to above technical details. Do you have any doubt?

Potential Risk of CVE

VMware Releases Security Updates – November 09, 2018

Subject: VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage

Technical background:
VMXNET3 (VMXNET Generation 3) is a virtual network adapter designed to deliver high performance in virtual machines (VMs) running on the VMware vSphere platform.
How to enable it?
1. Power off your Virtual Appliance in the VMWare Console.
2. Right click the Virtual Appliance, go to Settings.
3. Select Network Adapter 1 and click Remove.
4. Click Add and choose Network Adapter.
5. Choose VMXNET3 under type.

Design weakness:
The uninitialized stack memory vulnerability will be present if vmxnet3 is enabled.
In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software.

Remedy:

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

IoT, Potential Risk of CVE

Does CUJO IoT firewall will be affected by U-Boot vulnerabilities? Nov 2018

Preface:
CUJO is the most adorable home firewall on the Market. Meanwhile if a threat is detected, CUJO smart firewall will tell the cloud what it has blocked so you can receive a notification on your mobile app to confirm it.

Technical background:
Cujo product working with U-boot.
U-Boot is the bootloader. Meanwhile, it provides the basic infrastructure to bring up a board to a point where it can load a linux kernel and start booting the operating system.

Synopsis:
Vulnerabilities found on U-Boot (CVE-2018-18439, CVE-2018-18440)
CVE-2018-18439: U-Boot filesystem image load buffer overflow
CVE-2018-18440: U-Boot insufficient boundary checks in filesystem image load

Observation: No technical information provided by Vendor (CUJO AI) in the moment. We keep our eye open whether a remedy will be issued by vendor soon.

 

Potential Risk of CVE

Cisco Releases Security Updates – November 07, 2018

Cisco Releases Security Updates – November 07, 2018

Cisco Stealthwatch Management Console Authentication Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-smc-auth-bypass

Cisco Small Business Switches Privileged Access Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sbsw-privacc

Cisco Unity Express Arbitrary Command Execution Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue

Cisco Meraki Local Status Page Privilege Escalation Vulnerability – 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Meraki%20Local%20Status%20Page%20Privilege%20Escalation%20Vulnerability&vs_k=1

Potential Risk of CVE

Linux (systemd) current status update – 7th Nov 2018

Linux (systemd) current status update – 7th Nov 2018

If you are the old folk. Perhaps you will familiar with (init)?
The trend is going to replace the old mechanism (init) with new one (systemd). From techincal point of view, people satisfy the techincal features of “systemd”. However they are concern that such design are all in one place (package). Even though text book mentioned in theory so called trusted kernel kernel. The overall infrastructure will be build by several components. The realistic told the world that no safe place in cyber world. If you would like to make yourself secure, it is better to get rid your electronic belongings. We all know it was not possible!

Background – What is “systemd”?
The parent of all other processes (directly or indirectly)

Which Linux brand now fully deployed with “systemd” instead of “init”?
Fedora, OpenSuSE, Arch, RHEL, CentOS, etc.

Vulnerability status:
Refer attached diagram and below URL for references.

https://access.redhat.com/security/cve/cve-2018-15686

https://access.redhat.com/security/cve/cve-2018-15687

https://access.redhat.com/security/cve/cve-2018-15686

Conclusion: POSIX defined set of standards for an operating system or a program. But “systemd” not a POSIX standard. The computing system life cycle is really short today. It cannot compare with our home old day appliances.

Potential Risk of CVE

5th Nov 2018 – Apache Releases Security Advisory for Apache Struts. Is there any concern by Cisco?

US-CERT urge that stay alert for the former Apache Struts design weakness (CVE-2016-1000031 – Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution)

See whether does it effect cisco products?
Since this vulnerability just happened yesterday. And therefore no response from Vendor (Cisco) in the moment.

For details about this vulnerability. Please refer below URL for reference.

http://mail-archives.us.apache.org/mod_mbox/www-announce/201811.mbox/%3CCAMopvkMo8WiP%3DfqVQuZ1Fyx%3D6CGz0Epzfe0gG5XAqP1wdJCoBQ%40mail.gmail.com%3E

Status update – Cisco 7th Nov 2018 Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-struts-commons-fileupload

Potential Risk of CVE

Schneider Electric Security Notification – Nov 2018

A reminder to Schneider customer – official security alert!

Preface:
DLL file is in SysWOW64 folder and someone places a counterfeit dll in a folder that has higher priority compared to SysWOW64 folder, the operating system will use the counterfeit dll file, as it has the same name as the DLL requested by the application. Once in memory, it can execute the malicious code contained in the file and may compromise your computer or networks.

Vulnerability:
A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when placing a specific DLL file.

Remedy:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-298-01+Schneider+Electric+Software+Update+%28SESU%29V1.1.pdf&p_Doc_Ref=SEVD-2018-298-01

Additional – Modicon M221:
https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-270-01+Modicon+M221.pdf&p_Doc_Ref=SEVD-2018-270-01