Preface: It was because of new version 4.0 introduced on Jan 2018. Cisco urge customers upgrade to 4.0 to do the remediation. The Elastic Services Controller Service Portal Authentication Bypass Vulnerability finally fixed on Feb 2019.

Product background: Cisco ESC provides a single point of control to manage all aspects of VNF lifecycle for generic Virtual Network Functions (VNFs) in a dynamic environment. ESC brings advanced capabilities like VM and Service monitoring, auto-recovery and dynamic scaling.

Speculate the technical weakness on similar design function: Perhaps the problem given by Vulnerabilities of using a REST API token based authentication! So the official announcement state that vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software.

Official announcements: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc

Preface: GD is extensively used with PHP. As of PHP 5.3, a system version of GD may be used as well, to get the additional features that were previously available only to the bundled version of GD.

Technical background: The LibGD 2.2.5 allow to written C code to load an entire image file into a buffer in memory, then ask gd to read the image from that buffer. But the programmer must responsible for allocating the buffer, apart from that a customized function must responsible for freeing the buffer with your normal memory management functions.

Vulnerability found: A vulnerability in GD Graphics Library (libgd) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Doubt: Similar vulnerability was found on 2017 (Double-free in gdImagePngPtr(). (CVE-2017-6362)).
LibGD 2.2.5 release announced that Double-free in gdImagePngPtr(). (CVE-2017-6362) has been fixed!

Vendor announcements: https://github.com/libgd/libgd/issues/492

Preface: Apple found memory vulnerability, since no additional information will be provided by vendor.
Does it relate to DUI (Dereference Under the Influence)?

What is DUI?
Attackers use the DUI vulnerability as a memory access service to mount attacks. Their aim to influence memory operations of isolated components through inputs to their public interface.

Apple Releases Multiple Security Updates:
Original release date: February 07, 2019

About the security content of iOS 12.1.4 – https://support.apple.com/en-us/HT209520

About the security content of macOS Mojave 10.14.3 Supplemental – Update – https://support.apple.com/en-us/HT209521

Preface: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Background: A WAF is deployed to protect a specific web application or set of web applications. Generally, the common attacks such as cross-site scripting (XSS) and SQL injection will be under WAF protection. But in reality, XSS is hard to avoid.

New vulnerability found: Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The following PAN-OS versions are affected:

PAN-OS 7.1.21 and prior
PAN-OS 8.0.14 and prior
PAN-OS 8.1.5 and prior

Official announcement shown as below: https://securityadvisories.paloaltonetworks.com/Home/Detail/140

Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.

Technical background:
Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.

Vulnerability found in Avahi:
The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.

Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!

Remedy released finally: 22 Dec 2018
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

Remark: Happy Lunar New Year. Kung Hei Fat Choi!

Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.

Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.

Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass

My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!

Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.

Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/

Preface: Programmer just spend 10 minutes write a python script then can listen UDP traffic. Even though we performing Google Search , the function is using Python code.

Information background:
Python has now become the most taught programming languages in Universities and Academica. Machine learning or artificial intelligence is learning Python because it is the primary language that makes tasks easier.

Vulnerability:
The security expert from Cisco Talos found that a vulnerability will be occured when python parser handling x509 certificate. A handshake failures result in skipping the call to getpeercert(). Under above circumstances, attacker can craft a x.509 certificate with both a blank distributionPoint and cRLIssuer causes a NULL pointer dereference. As a result a denial-of-service occur.

Official details: https://bugs.python.org/issue35746

Preface: IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. Relion products have been designed to implement IEC 61850 standard.

Vulnerability has been recorded to National Vulnerability Database – 15th Jan 2019:
ABB Relion 630 series allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
Ref: SP command is used to setup the SPA-bus interface, UN command is used to program the unit list, ..

Vendor reference:

http://search.abb.com/library/Download.aspx?DocumentID=1MRS758909&LanguageCode=en&DocumentPartId=&Action=Launch

Remark: The atmosphere shown that in industrial world especially energy, gas, water supply facilities will be the attacked target by APT group once political issue occurs in between different countries. The Natural-gas processing plant and Oil refining facility relies on SCADA system. The cyber security alert awaken the business owner and management group last year. They are now have better understanding of patch management and cyber security awareness.