[CERT-daily] Tageszusammenfassung - 02.02.2022

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 01-02-2022 18:00 − Mittwoch 02-02-2022 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM ∗∗∗
---------------------------------------------
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM). UEFI software provides an extensible interface between an operating system and platform firmware. UEFI software uses a highly privileged processor execution mode called System Management Mode (SMM) for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code.
---------------------------------------------
https://kb.cert.org/vuls/id/796611


∗∗∗ CISA Releases Securing Industrial Control Systems: A Unified Initiative ∗∗∗
---------------------------------------------
The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA's plan to improve, unify, and focus the effort to secure ICS and protect critical infrastructure.
---------------------------------------------
https://us-cert.cisa.gov/ics/cisa-releases-securing-industrial-control-systems-unified-initiative


∗∗∗ Kasper: a tool for finding speculative-execution vulnerabilities ∗∗∗
---------------------------------------------
The Systems and Network Security Group at Vrije Universiteit Amsterdam hasannounced a tool calledKasper that is able to scan the kernel source and locatespeculative-execution vulnerabilities: Namely, it models an attacker capable of controlling data (e.g., via memory massaging or value injection a la LVI), accessing secrets (e.g., via out-of-bounds or use-after-free accesses), and leaking these secrets (e.g., via cache-based, MDS-based, or port contention-based covert channels).
---------------------------------------------
https://lwn.net/Articles/883448/


∗∗∗ Post E-Mail „Dein Paket wartet !“ ist fake! ∗∗∗
---------------------------------------------
Kriminelle versenden gehäuft E-Mails im Namen der Post mit dem Betreff „Dein Paket wartet !“. Eine Liefergebühr über 1,69 Euro sei ausständig. Achtung: Die E-Mails sind frei erfunden. Die Kriminellen wenden Spoofing an, um die Mail-Adresse echt aussehen zu lassen und verlinken auf eine nachgebaute Post-Website.
---------------------------------------------
https://www.watchlist-internet.at/news/post-e-mail-dein-paket-wartet-ist-fake/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (samba), Debian (apache2 and python-django), Fedora (kernel and phpMyAdmin), Mageia (kernel and kernel-linus), openSUSE (samba), Oracle (nginx:1.20 and samba), Red Hat (cryptsetup, java-1.8.0-ibm, kernel, nodejs:14, rpm, and vim), SUSE (kernel, python-Django, python-Django1, and samba), and Ubuntu (cron).
---------------------------------------------
https://lwn.net/Articles/883541/


∗∗∗ Google Releases Security Updates for Chrome ∗∗∗
---------------------------------------------
Google has released Chrome versions 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux. These versions address vulnerabilities that an attacker could exploit to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2022/02/02/google-releases-security-updates-chrome


∗∗∗ Vulnerability Spotlight: Multiple vulnerabilities in Sealevel SeaConnect ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several vulnerabilities in Sealevel Systems Inc.’s SeaConnect internet-of-things edge device — many of which could allow an attacker to conduct a man-in-the-middle attack or execute remote code on the targeted device. 
The SeaConnect 370W is a WiFi-connected edge device commonly used in industrial control system (ICS) environments that allow users to remotely monitor and control the status of real-world I/O processes. This device offers remote control via MQTT, Modbus TCP and a manufacturer-specific interface referred to as the "SeaMAX API." 
---------------------------------------------
http://blog.talosintelligence.com/2022/02/vuln-spotlight-sea-level-connect.html


∗∗∗ Cisco Prime Service Catalog Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpsc-info-disc-zkJBDJ9F


∗∗∗ Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swg-fbyps-3z4qT7p


∗∗∗ Cisco Small Business RV Series Routers Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D


∗∗∗ Cisco DNA Center Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj


∗∗∗ FortiAuthenticator - Improper access control in HA service ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-20-217


∗∗∗ FortiMail - reflected cross-site scripting vulnerability in FortiGuard URI protection ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-185


∗∗∗ FortiExtender - Arbitrary command execution because of missing CLI input sanitization ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-148


∗∗∗ FortiWeb - OS command injection due to unsafe input validation function ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-166


∗∗∗ FortiWeb - Stack-based buffer overflow in command line interpreter ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-132


∗∗∗ FortiWeb - OS command injection due to direct input interpolation in API controllers ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-180


∗∗∗ FortiWeb - arbitrary file/directory deletion ∗∗∗
---------------------------------------------
https://fortiguard.fortinet.com/psirt/FG-IR-21-158


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to leaking sensitive information due to CVE-2021-3712 in OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-leaking-sensitive-information-due-to-cve-2021-3712-in-openssl/


∗∗∗ K74013101: Binutils vulnerability CVE-2021-42574 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K74013101?utm_source=f5support&utm_medium=RSS


∗∗∗ K28622040: Python vulnerability CVE-2019-9948 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K28622040?utm_source=f5support&utm_medium=RSS


∗∗∗ Advantech ADAM-3600 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-032-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily