Category Archives: Potential Risk of CVE

Blockchain, Potential Risk of CVE

Ethereum – CVE-2018-10468

As far as I remember, the goal of bitcoin technology aim to replace the traditional payment. In additional, the slogan of bitcoin is that it can provides a more secure way to send the money and it is hard to counterfeit.  We heard cyber security incidents happened in bitcoin industry frequently last year.  Ethereum , a most relieable and popular crypto currency in the bitcoin industy.  A vulnerability found in Ethereum that it give a way to hacker do the re-engineering. Hacker is able to transform the transfer function ( transferFrom()). Detail shown as below:

The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims’ balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the “transferFlaw” issue.

For more details, please refer below url for reference.

https://peckshield.com/2018/04/28/transferFlaw/

Potential Risk of CVE, Under our observation

6 vulnerabilities in some Huawei products – The culprit,SOAP!

1 Comment

The Simple Object Access Protocol (SOAP) invoking objects on remote machine.
It is XML-based messaging thus run on top of HTTP/HTTPS.
That is the reason why firewall cannot significant block them.

An announcement issued by HUAWEI. For more details, please refer below url for reference.

Security Advisory – Six Vulnerabilities in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en

Potential Risk of CVE

Attention: PeopleSoft Enterprise PeopleTools (Rich Text Editor) vulnerability – Apr 2018

CVE# Product Component Protocol Remote
Exploit
without
Auth.?		 CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base
Score		 Attack
Vector		 Attack
Complex		 Privs
Req’d		 User
Interact		 Scope Confid-
entiality		 Inte-
grity		 Avail-
ability
CVE-2018-2772 PeopleSoft Enterprise PeopleTools Rich Text Editor HTTP No 8.8 Network Low Low None Un-
changed		 High High High 8.54, 8.55, 8.56

Attention: CVE-2018-2772

Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

Official announcement shown below url for reference.

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Potential Risk of CVE, Under our observation

CVE-2018-0229: See whether is there any attack make use of this vulnerability transform another type of attack in future?

Seems firewall administrator do not take the single sign-on authentication method in firewall. Perhaps it can’t fulfill audit requirement.  Cisco found SAML Authentication Session Fixation Vulnerability. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company’s Identity Provider (IdP).  My concerns is that see whether is there any attack make use of this vulnerability transform another type of attack in future?

Cisco Official announcement is shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect

Potential Risk of CVE, Under our observation

Be alert! Vulnerability in the Java SE, Java SE Embedded and JRockit component of Oracle Java SE (subcomponent: Serialization). 

3 Comments

The security concerns on CVE-2018-2815, please staying alert. For more details, please see below:

  1. The Java Security Architecture (JSA) defines ways for unprivileged code to perform privileged operations using

AccessController.doPrivileged().

2. The method includes create a new PrivilegedIntrospectHelper.

3. The new PrivilegedIntrospectHelper will be executed on a privileged block. This block will all internalIntrospecthelper(bean,prop,value,request,param,ignoreMethodNF) which will allow to invoke encapsulation (setter).

4. Result:

With encapsulation we pretend that nothing is revealed about the internal representation of an object, and we interact with our components only through their public interfaces; a desirable attribute that we usually exploit later when we want to change the internal representation of data in a component without breaking any code from its users.

Official security update show as below url:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

 

 

Potential Risk of CVE

Apple security updates (Apr 2018)

My speculation on iOS 11.3.1 show on picture.This is the moment when silence is more expressive than all words ever spoken. For more details about official announcement. Please see below url for references:

About the security content of iOS 11.3.1

https://support.apple.com/en-us/HT208743

About the security content of Safari 11.1

https://support.apple.com/en-us/HT208741

About the security content of Security Update 2018-001

https://support.apple.com/en-us/HT208742

Potential Risk of CVE, Under our observation

Schneider Electric Important Security Notification – Mar & Apr 2018

 

A flaws found in Schneider Electric’s Modicon M340 PLC Station P34 Module human machine interface (HMI) software since 2015. An official announcement by vendor since last month till now. From techincal point of view, Modicon product series programmable logic controller has large usage in electric, gas and oil supply industry. So related party must stay alert!

CVE-2018-7758: https://download.schneider-electric.com/files?p_enDocType=User+guide&p_File_Name=SEVD-2018-074-04+MiCOM+Px4x+Rejuvenated.pdf&p_Doc_Ref=SEVD-2018-074-04

CVE-2018-7762: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7759: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7242: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

CVE-2018-7760 & CVE-2018-7761: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9601432352&p_File_Name=SEVD-2018-081-02+Modicon.pdf&p_Doc_Ref=SEVD-2018-081-02

CVE-2018-7240 & CVE-2018-7241: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-081-01+Modicon+V1.2.pdf&p_Doc_Ref=SEVD-2018-081-01

Potential Risk of CVE

Cisco Firepower vulnerabilities – Apr 2018

The content filter features enhance the firewall defense function. At the same time it is hard to avoid the design limitation occurs in this place. And therefore vulnerabilities occurs!

Vulnerabilities  details shown as below:

CVE-2018-0233: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fpsnort

CVE-2018-0272: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-firepower

CVE-2018-0254: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss2

CVE-2018-0244: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss1

CVE-2018-0243: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fss

CVE-2018-0230: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-fp2100

Cyber War, Potential Risk of CVE, Under our observation

The next page of cyber attack – After European allies did the justice action (bombard Syria chemical facilities).

10 Comments

Preface

I can’t hold the tears back!

Rest in peace to victims who were killed in a suspected chemical attack on the rebel-held town of Khan Sheikhoun in north-western Syria on 4 April, 2018.

 International Law

About Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on their Destruction

Reference :

  • Australia Group of countries and the European Commission that helps member nations identify exports which need to be controlled so as not to contribute to the spread of chemical and biological weapons
  • 1990 US-Soviet Arms Control Agreement
  • General-purpose criterion, a concept in international law that broadly governs international agreements with respect to chemical weapons
  • Geneva Protocol, a treaty prohibiting the first use of chemical and biological weapons

Prelude

United state of America is the leader keen to fight against of the evils. As a result their country possibly will be receive high volume of cyber attack after completed the justice military action.

UK a member of the alliance. As a result the situation will be similar.

Forecast target (health care and clinic)

Per observation so far, the wreak havoc ransomware activities in between 2017 to present. Retrospective that the UK healthcare and clinical areas suffered such attack last  year.  Below table of chart showing the (Ransomware) attack vector to specific industry.

In additional of UK joined the military action. The terrorist will spend the efford to find out the weakness of the healthcare system infrastructure. In logic point of view the healthcare and clinic will become the attack target because the terrorist will buy the details from the criminal group. As a result a complete understanding of the design weakness on those area. Whereby it have high possibilities to engage the 2nd round of attack similar a revenge action.

Earlier last week an article issued by US-CERT with subject. Protecting Your Networks from Ransomware. Their aim is going to provide a guidance to fight against ransomware. Before you read the articles. There are few slogans are able to enhance your data protection framework. For instance:

1. Ransomware and Phishing Work Together

2. For whom who visiting online Gaming zone and Pornography web site in frequent are easy for encounter ransomware attack.

In order to avoid similar of cyber attack, enhance your awareness is the first priority. For more details, please refer below url for reference.

Protecting Your Networks from Ransomware

Predict the target – Pathway (router and network switch)

Since the market share of Cisco in both network switch and router are in big portion (see below diagram)

From technical point of view,  it is not easy to identify the product design in perfect way in modern technology business market. And therefore the threat actors will be make use of vulnerabilities to engage the cyber attack. In regards to the view point of security expert , hacker now keen to compromise the network switch nowadays. As a matter of fact hacker will prefer to compromise a hardware switch or router because he can control the traffic and retrieve the information. So the Cisco end users must be stay alert of security update announce by Cisco in this period of time. Below informative diagram will provides hints to you in this regards.

Cisco IOS is a monolithic operating system running directly on the hardware while IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. Attacker executing code remotely using system vulnerabilities. It is common type of attack and hard to avoid.

Perhaps a medium vulnerability found on IT product not a shock. However the medium vulnerability co-exists with known critical vulnerabilities created multiple vulnerabilities are unable to foreseen what is the level of damage. Cisco IOS XE fundamental design integrate to open system. The severity of vulnerability CVE-2018-0196 is medium level. End user is allow to disable the http services to avoid the vulnerability. But the default state of the HTTP Server feature is version-dependent. A significant signal alert Cisco customer that corrective control is not enough. The efficient way is enhance your preventive and detective control. That is the implementation of managed security services.

The design objective of the Command Line Parser is used to parse the command line arguments. The parser parsing a string and returns an object representing the values extracted. This is the the regular expression design objective. The Cisco IOS XE is a train of Cisco Systems’ widely deployed Internetworking Operating System (IOS), introduced with the ASR 1000 series. IOS XE is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel. The goal of IOS SE aim to integrate the IOS feature set for routing and switching cope with modern business critical applications. The CLI command injection vulnerability has been found on CISCO IOS XE. Stay alert.

US-cert encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. For more details, please see below:

Predict the target – Electricity power facility, water supply and Gas supply facilities

SCADA system are popular and pay a major role in modern industrial automation including manufacturing production control, building facilities electricity devices control, etc. I believe that these areas do not lure the hacker interest. As usual, threat actors will remain unchanged focusing in the following critical public faciliteis.

Electricity power facility, water supply and Gas supply facilities.

In regards to vendor announcement last few month. The popular brand name of SCADA major supplier has vulnerabilities occured. Perhaps the SCADA owner applied the patch and completed the remediation. However the SCADA kernel more relies on Microsoft product based operating system. So we must consider is there any new security announcement by vendor. Below details are the vulnerabilities encountered last few months.

Allen Bradley – The design flaw of the programmable logic controller – system vulnerability

Oil refinery industry security alert! CVE-2018-4841

SCADA manufacturer security awareness awaken – ABB

Vulnerability in SCADA CODESYS Web Server CVE-2018-5440

Predict the target – logistic delivery (marine)

Hacker might interrupt the maritime bandwidth management system relies on vulnerabilities if it did not complete the patch. The specify vulnerability causes shipping traffic jam or suspend the logistic delivery. Whereby the marine industry especially container shipping company must stayed alert.

Navarino Infinity web interface is affected by multiple vulnerabilities

About situation of France

France under terrorist attack in frequent. The terrorist attack on 2017 are happened 8 times. The most recent of attack causes 5 people dead. Perhaps there is less hit rate of cyber attack shown on top of newspaper. Even though the overall situation is unkown. However the similar cirtical level of cyber attack will be happened in that place.

At the end, I wishing that justice will be win the battle. “In God We Trust“.

— End —