Category Archives: Potential Risk of CVE

Potential Risk of CVE

29th May 2018 – VMware security update – CVE-2018-6964

Found VMware Horizon Client (Linux) contains design weakness causes privilege escalation vulnerability. I speculate that the vulnerability only happened on Horizon client for Linux. And therefore it can’t bring the IT guy attention. But do not ignore this vulnerability. As we know, ESXi 6.5 could allow an autenticated VNC session to cause a heap overflow via specific set of VNC packes resulting in heap corruption. But hacker would exploit this deisgn bug. Meanwhile the environment must fulfill the requirement. VNC must be enabled. Apart from that ESXi must configured to allow VNC traffic through the build in firewall. As a matter of fact, IT operations would like to increase their fexibility. And sometimes enable this function in data center. If this is the way or you require to use VNC for remote access. Then you must stay alert.
If this is not a require function, it is recommend to disable it.

For the vulnerability details found on 29th May 2018. Techncial detials is shown as below:

VMSA-2018-0014: VMware Horizon Client update addresses a privilege escalation vulnerability – https://www.vmware.com/security/advisories/VMSA-2018-0014.html

Potential Risk of CVE

June 2018 – Google Releases Security Update for Chrome

Content Security Policy (CSP) provides a standard HTTP header that allows website owners to declare approved sources of content that browsers should be allowed to load on that page.

Browser based XXS protection mechanism. Least privilege approach that whitelists content you trust. Nothing else will execute. Assumes that inline scripts are bad.

But………….

High CVE-2018-6148: Incorrect handling of CSP header

https://chromereleases.googleblog.com/search/label/Stable%20updates

Potential Risk of CVE

May 2018 – Moodle security announcements

LMS (Learning Management System) become popular because it wasn’t limit learning area and time zone. Learner or student can start the tution when computer connect to internet. Such learning atomosphere are popular in the world. LMS not restricted to high school and university educations. It also covered internal training in business environment. Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License. Education authority can download the software onto your own web server. Moodle does not generate SCORM content. Moodle presents the content in SCORM packages to learners, and saves data from learner interactions with the SCORM package.

SCORM content can be delivered to learners via any SCORM-compliant Learning Management System (LMS) using the same version of SCORM.

The market share shown that Moodle open source growth in significant recently. However there are vulnerabilites occurs in Moodle. Now please download version 3.5 because it fixed the design bug. Bug details shown as below :

Portfolio script allows instantiation of class chosen by user – https://moodle.org/mod/forum/discuss.php?d=371204

User can shift a block from Dashboard to any page – https://moodle.org/mod/forum/discuss.php?d=371202

Users can download any file via portfolio assignment caller class – https://moodle.org/mod/forum/discuss.php?d=371200

Portfolio forum caller class allows a user to download any file – https://moodle.org/mod/forum/discuss.php?d=371201

Calculated question type allows remote code execution by Question authors – https://moodle.org/mod/forum/discuss.php?d=371199

Potential Risk of CVE

June 06, 2018 – Cisco Releases Security Updates for Multiple Products

CVE-2018-0321 – Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi

CVE-2018-0315 – Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa

CVE-2018-0353 – Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa

CVE-2018-0320 – Cisco Prime Collaboration Provisioning SQL Injection Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql

CVE-2018-0318 – Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset

CVE-2018-0319 – Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery

CVE-2018-0317 – Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass

CVE-2018-0322 – Cisco Prime Collaboration Provisioning Access Control Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access

CVE-2018-0274 – Cisco Network Services Orchestrator Arbitrary Command Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso

CVE-2018-0316 – Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Session Initiation Protocol Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip

CVE-2017-6779 – Multiple Cisco Products Disk Utilization Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos

CVE-2018-0263 – Cisco Meeting Server Information Disclosure Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id

CVE-2018-0296 – Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

Potential Risk of CVE, Under our observation

The influence of CVE-2018-11235 more than expected. Even the Hyperledger project is included.

1 Comment

Git community disclosed a high serverity of vulnerabilies (CVE-2018-11235). Since the impact of this vulnerabilities might influence many software application.

The major design weakness of this vulnerability is that when you git clone a repository, there is some important configuration that you don’t get from the server includes .git/config file, and things like hooks, which are scripts that will be run at certain points within the git workflow. For instance, the post-checkout hook will be run anytime git checks files out into the working directory. As a result hacker can appended to $GIT_DIR/modules, leading to directory traversal with “../” in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. As a result, hacker has way to implant malware to the library.

This vulnerability also jeopardizing hyperledger project. Please refer to above diagram for reference.

For details of vulnerability. Please refer below:

https://nvd.nist.gov/vuln/detail/CVE-2018-11235

Solution

  • Examine submodule’s folder names closely.
  • No longer contain .. as a path segment, and they cannot be symbolic links.

The programming parameter must be within the .git repository folder.

Potential Risk of CVE

4th June 2018 – SAML Authentication Bypass ((Symantec) CVE-2018-5241)

SAML for single sign-on (SSO) makes it possible for your users to authenticate through your company’s identity provider when they log in to Cloud computing platform. SSO allows a user to authenticate once and then access multiple products during their session, without needing to authenticate with each of those. Please be remind that SSO will only apply to normal user accounts instead of privilieges level user account.

Symantec Security Advisory (4th June 2018). So called SAML Authentication Bypass (CVE-2018-5241).

A remote attacker can modify a valid SAML response without invalidating its cryptographic signature. This may allow the attacker to bypass user authentication security controls in ASG and ProxySG.  For more details about this issue, please refer below url for reference.

https://support.symantec.com/en_US/article.SYMSA1450.html

 

Blockchain, Potential Risk of CVE

Hyperledger Iroha v1.0 beta-2 version to remediate CVE-2018-3756 (May 2018)

The earlier generation of blockchain technology empower encryption power let the world know his capability. As times goes by people found the design weakness of blockchain technology is the performance of synchoization of the peer nodes. Such design weakness cause double spending vulnerability. The next generation of technology so called HYPERLEDGER. It enhance the design weakness of blockchain. As a result cryptocurrency especially Ethereum relies on Hyperledger Fabric in demand. A blockchain project developed by several Japanese firms including by startup Soramitsu and IT giant Hitachu has been accepted into the Hyperledger blockchain initiative. A fix has been released by Hyperledger IROHA project two weeks ago. Hyperledger Iroha v1.0 beta-2 version is avaliable for download. The reason is that a critical vulnerabilities discovered during the security audit.

On 2017, Cambodia central bank taps Hyperledger Iroha for blockchain settlement. Perhaps they update to beta 2 already.

Should you have interest to know the detail, please refer below:

Cambodia central bank taps Hyperledger Iroha for blockchain settlement – https://www.cryptoninjas.net/2017/04/20/cambodia-central-bank-taps-hyperledger-iroha-blockchain-settlement/

Beta 2 (download): https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2

Potential Risk of CVE

A vulnerability found in becton dickinson DB Manager (CVE-2018-10593 and CVE-2018-10595)

2 Comments

On May 2017, Ransomware attack suspended UK healthcare system services. It shown the security weakness in hospital and clinic IT system infrastructure. BD is a global medical technology company that is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. A vulnerabilitiy found on Becton Dickinson causes a series of products being effected. It includes BD Kiestra TLA, BD Kiestra WCA and BD InoqulA+ specimen processor. The vendor state that this vulnerability cannot be exploited remotely. You must have physical access to the sub-network shared by the BD Kiestra system.According to the vendor solution , their product allow both thick client and thin client (web base) access. And therefore the vendor requires to remind the client who engaged the web base function to staying alert. Should you have interested to find out the details. Please refer below url for reference.

https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula

Potential Risk of CVE, Under our observation

22nd May 2018: Security Advisory – Privilege escalation vulnerability found in some Dahua IP products

1 Comment

Based in Hangzhou, China, Dahua Technology is one of the world’s leading manufacturers of security and video surveillance equipment. According to its unaudited results for 2017, it had a turnover of $2.89bn representing a year-on-year increase of 41%, and a gross profit of $404m, growing by 31%.Based on above details, you can imagine that how the popularity of the Dahua IP devices market coverage.

Regarding to the CVE reference number, it indicate that vulnerability found on 2017. Acording to the official web site announcement, the historical status shown as below:

  • 2018-5-22 UPDATE Affected products and fix software
  • 2018-3-16 INITIAL

We notice that VPN filter malware infect estimate total of 500,000 units of device (router and Network access storage) jeopardizing the world. Whereby, the US court order enforce the justice and thus quarantine the specified C&C servers. It won this battle.

But is there any hiccups of this matter?

Should you have interest of this matter, please refer below url for reference.

Security Advisory : Privilege escalation vulnerability found in some Dahua IP products https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337

Potential Risk of CVE

21st May 2018 – Citrix XenMobile 10.x Multiple Security Updates

Applicable Products (XenMobile 10.7 & XenMobile 10.8)

Affecting XenMobile Server 10.7 and 10.8:

  • CVE-2018-10653 (High): XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server
  • CVE-2018-10650 (Medium): Insufficient Path Validation Vulnerability in Citrix XenMobile Server
  • CVE-2018-10654 (Medium): Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server
  • CVE-2018-10648 (Low): Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server
  • CVE-2018-10651 (Low): Open Redirect Vulnerabilities in Citrix XenMobile Server

Affecting XenMobile Server 10.7: ………..

Mitigating Factors: …………………………..

Should you have interest of this topic, refer below url for reference.

https://support.citrix.com/article/CTX234879