[CERT-daily] Tageszusammenfassung - 01.02.2022

Tue Feb 1 18:42:12 CET 2022

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 31-01-2022 18:00 − Dienstag 01-02-2022 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ BSI-Grundschutz-Kompendium 2022: Neue Bausteine, schlankere Struktur ∗∗∗
---------------------------------------------
Das IT-Grundschutzkompendium in der Edition 2022 wartet mit einigen neuen Bausteinen, aber auch mit strukturellen Änderungen auf.
---------------------------------------------
https://heise.de/-6344956


∗∗∗ SMS der „Bawag“ mit „Ihr Konto wurde gesperrt!“ ist Fake ∗∗∗
---------------------------------------------
Vorsicht: Momentan kursiert ein betrügerisches SMS – angeblich von der Bawag. In der Nachricht werden Sie darüber informiert, dass Ihr Konto gesperrt wurde. Sie werden aufgefordert, auf einen Link zu klicken. Tun Sie das keinesfalls. Der Link führt auf eine gefälschte BAWAG-Login-Seite.
---------------------------------------------
https://www.watchlist-internet.at/news/sms-der-bawag-mit-ihr-konto-wurde-gesperrt-ist-fake/


∗∗∗ Domain Escalation – Machine Accounts ∗∗∗
---------------------------------------------
The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password hash could not be cracked due to complexity or assessment time constraints. However, performing pass the hash with machine accounts instead of local administrators accounts is not very common even though it has been described in an article by Adam Chester years ago and could be used in scenarios where the host is part of an elevated group such as the domain admins.
---------------------------------------------
https://pentestlab.blog/2022/02/01/machine-accounts/


∗∗∗ Updates released for multiple vulnerabilities found in 42 Gears SureMDM products ∗∗∗
---------------------------------------------
42 Gears released an initial set of updates in November and more earlier this month.
---------------------------------------------
https://www.zdnet.com/article/multiple-vulnerabilities-found-in-42-gears-suremdm-products/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-22-146: Esri ArcReader PMF File Parsing Use-After-Free Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Esri ArcReader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-146/


∗∗∗ ZDI-22-148: ESET Endpoint Antivirus Unnecessary Privileges Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of ESET Endpoint Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-22-148/


∗∗∗ Rate - Critical - Unsupported - SA-CONTRIB-2022-010 ∗∗∗
---------------------------------------------
2022-01-31 a new maintainer has step forward and this module has been updated. The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: [...]
---------------------------------------------
https://www.drupal.org/sa-contrib-2022-010


∗∗∗ WordPress-Plug-in Essential Addons for Elementor als Schadcode-Schleuder ∗∗∗
---------------------------------------------
In der aktuellen Version von Essential Addons for Elementor haben die Entwickler eine Sicherheitslücke geschlossen.
---------------------------------------------
https://heise.de/-6344583


∗∗∗ VMSA-2022-0003 ∗∗∗
---------------------------------------------
VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2022-0003.html


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (ipython), Fedora (kernel and usbview), Gentoo (webkit-gtk), Oracle (java-1.8.0-openjdk), Red Hat (kpatch-patch and samba), Scientific Linux (samba), Slackware (kernel), SUSE (kernel and samba), and Ubuntu (samba).
---------------------------------------------
https://lwn.net/Articles/883423/


∗∗∗ Ricon Mobile Industrial Cellular Router ∗∗∗
---------------------------------------------
This advisory contains mitigations for an OS Command Injection vulnerability in the Ricon Mobile Industrial Cellular Router mobile network router.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-032-01


∗∗∗ Advantech ADAM-3600 ∗∗∗
---------------------------------------------
This advisory contains mitigations for a Use of Hard-coded Cryptographic Key vulnerability in Advantech ADAM-3600 remote terminal units.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-032-02


∗∗∗ January 31, 2022   TNS-2022-04   [R1] Nessus 10.1.0 Fixes One Third-Party Vulnerability ∗∗∗
---------------------------------------------
http://www.tenable.com/security/tns-2022-04


∗∗∗ K59563964: Apache Log4j Remote Code Execution vulnerability CVE-2022-23302 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K59563964


∗∗∗ K97120268: Apache Log4j SQL injection vulnerability CVE-2022-23305 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K97120268


∗∗∗ K00322972: Apache Log4j Chainsaw vulnerability CVE-2022-23307 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K00322972


∗∗∗ An update on the Apache Log4j 2.x vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/


∗∗∗ Security Bulletin: Publicly disclosed vulnerability (CVE-2021-4034) in Polkit affects IBM Netezza PDA OS Security ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-cve-2021-4034-in-polkit-affects-ibm-netezza-pda-os-security/


∗∗∗ Security Bulletin: Vulnerabilities in PostgreSQL, Node.js, and Data Tables from Spry Media may affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-postgresql-node-js-and-data-tables-from-spry-media-may-affect-ibm-spectrum-protect-plus/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift-cve-2021-44832/


∗∗∗ Security Bulletin: Vulnerabilities in Golang Go, MinIO, and Python may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and OpenShift ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-golang-go-minio-and-python-may-affect-ibm-spectrum-protect-plus-container-backup-and-restore-for-kubernetes-and-openshift/


∗∗∗ Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerablity-in-apache-log4j-may-affect-ibm-tivoli-monitoring-cve-2021-4104/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j affects some features of IBM® Db2® (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-affects-some-features-of-ibm-db2-cve-2021-4104-9/


∗∗∗ Security Bulletin: Vulnerability in Apache Log4j may impact IBM Spectrum Protect Plus (CVE-2021-44832) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-may-impact-ibm-spectrum-protect-plus-cve-2021-44832/


∗∗∗ Security Bulletin: IBM App Connect for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-for-healthcare-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-4104/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container Designer Authoring operands and Integration Server operands that use the JDBC connector may be vulnerable to remote code execution due to CVE-2021-44228 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-designer-authoring-operands-and-integration-server-operands-that-use-the-jdbc-connector-may-be-vulnerable-to-remote-code-execution-du-2/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-45046) and denial of service due to Apache Log4j (CVE-2021-45105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-cve-2021-45046-and-denial-of-service-due-to-apache-log4j-cve-2021-451-2/


∗∗∗ Security Bulletin: IBM Security Verify Access fixed a security vulnerability in the product. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-verify-access-fixed-a-security-vulnerability-in-the-product/


∗∗∗ Security Bulletin: IBM TRIRIGA Indoor Maps, a component of IBM TRIRIGA Portfolio Data Manager is vulnerable to arbitrary code execution due to Apache Log4j library vulnerability (CVE-2021-44228) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tririga-indoor-maps-a-component-of-ibm-tririga-portfolio-data-manager-is-vulnerable-to-arbitrary-code-execution-due-to-apache-log4j-library-vulnerability-cve-2021-44228/


∗∗∗ Security Bulletin: Cross-site scripting and session fixation vulnerability in IBM Financial Transaction Manager for SWIFT Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-and-session-fixation-vulnerability-in-ibm-financial-transaction-manager-for-swift-services-2/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily