[CERT-daily] Tageszusammenfassung - 16.07.2021

Fri Jul 16 18:19:12 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-07-2021 18:00 − Freitag 16-07-2021 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Warten auf Patches: Neue Drucker-Lücke in Windows entdeckt ∗∗∗
---------------------------------------------
Abermals könnten Angreifer Windows über eine Drucker-Schwachstelle attackieren und Schadcode ausführen. Bislang gibt es nur einen Workaround zur Absicherung.
---------------------------------------------
https://heise.de/-6140346


∗∗∗ Vulnerabilities in Etherpad Collaboration Tool Allow Data Theft ∗∗∗
---------------------------------------------
XSS and Argument Injection Flaws Found in Popular Etherpad Collaboration Tool
---------------------------------------------
https://www.securityweek.com/vulnerabilities-etherpad-collaboration-tool-allow-data-theft


∗∗∗ Introduction to ICS Security Part 2 ∗∗∗
---------------------------------------------
An introduction to the Purdue Enterprise Reference Architecture (PERA), additional reference models, and best practices for secure ICS architectures.
---------------------------------------------
https://www.sans.org/blog/introduction-to-ics-security-part-2?msc=rss


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Intelligent Proximity SSL Certificate Validation Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device (Version: 1.1  Description: Added fixed releases.)
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB


∗∗∗ Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of [...]
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC


∗∗∗ Schadcode-Lücken im Netzwerkbetriebssystem Junos OS geschlossen ∗∗∗
---------------------------------------------
Angreifer könnten unter anderem Router und Switches von Juniper attackieren. Sicherheitsupdates schaffen Abhilfe.
---------------------------------------------
https://heise.de/-6140423


∗∗∗ WordPress-Plugin: WooCommerce schließt kritische Sicherheitslücke ∗∗∗
---------------------------------------------
WordPress hat nach dem Veröffentlichen des Patches ein automatisiertes Zwangsupdate veranlasst. Trotzdem könnten noch nicht alle Shops versorgt sein.
---------------------------------------------
https://heise.de/-6140221


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040 ∗∗∗
---------------------------------------------
Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code.
---------------------------------------------
https://blog.talosintelligence.com/2021/07/vuln-spotlight-d-link.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox), Debian (firefox-esr), Fedora (linuxptp), Gentoo (commons-collections), Mageia (aom, firefox, python-django, thunderbird, and tpm2-tools), openSUSE (claws-mail, kernel, nodejs10, and nodejs14), Red Hat (nettle), Scientific Linux (firefox), SUSE (firefox, kernel, nodejs10, and nodejs14), and Ubuntu (libslirp and qemu).
---------------------------------------------
https://lwn.net/Articles/863180/


∗∗∗ Ypsomed mylife ∗∗∗
---------------------------------------------
This advisory contains mitigations for Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, and Use of Hard-coded Credentials vulnerabilities in the Ypsomed mylife diabetes management platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-196-01


∗∗∗ Icinga: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0758


∗∗∗ [webapps] Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/50132


∗∗∗ Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-is-affected-by-multiple-db2-vulnerabilities/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM DB2 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-db2/


∗∗∗ Security Bulletin: IBM QRadar SIEM uses less secure methods for securing data at rest and in transit between hosts (CVE-2020-4980) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-less-secure-methods-for-securing-data-at-rest-and-in-transit-between-hosts-cve-2020-4980/


∗∗∗ Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud TierCVE-(2021-21295) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tiercve-2021-21295/


∗∗∗ Security Bulletin: 3RD PARTY IBM InfoSphere MDM Inspector – Cross Site Request Forgery ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-ibm-infosphere-mdm-inspector-cross-site-request-forgery/


∗∗∗ Security Bulletin: IBM Data Replication Support Tool Information Collection on Sybase Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-support-tool-information-collection-on-sybase-platform/


∗∗∗ Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk-2/


∗∗∗ Security Bulletin: IBM Data Replication Affected by IBM Java SDK Vulnerability (CVE-2019-4732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-ibm-java-sdk-vulnerability-cve-2019-4732/


∗∗∗ Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-collaboration-and-deployment-services-cve-2020-5258/


∗∗∗ Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk/


∗∗∗ Security Bulletin: IBM Data Replication Affected by Vulnerabilities in IBM Java SDK (CVE-2020-2654) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-vulnerabilities-in-ibm-java-sdk-cve-2020-2654/


∗∗∗ Security Bulletin: IBM Data Replication Management Console Authentication Affected by Annonymous Binding (CVE-2020-4821) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-management-console-authentication-affected-by-annonymous-binding-cve-2020-4821/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily