[CERT-daily] Tageszusammenfassung - 26.02.2020

Daily end-of-shift report team at cert.at
Wed Feb 26 18:14:36 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 25-02-2020 18:00 − Mittwoch 26-02-2020 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Multiple WordPress Plugin Vulnerabilities Actively Being Attacked ∗∗∗
---------------------------------------------
One adversary security researchers call 'tonyredball' gets backdoor access to websites that run a vulnerable version of the following two plugins:
* ThemeGrill Demo Importer (below 1.6.3)
* Profile Builder free and Pro (below 3.1.1)
---------------------------------------------
https://www.bleepingcomputer.com/news/security/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked/


∗∗∗ Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping ∗∗∗
---------------------------------------------
Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.
Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. 
---------------------------------------------
https://mobile.slashdot.org/story/20/02/26/165207/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdropping


∗∗∗ Silver & Golden Tickets Explained ∗∗∗
---------------------------------------------
This article clarifies the concepts of PAC, Silver Ticket, Golden Ticket, as well as the different encryption methods used in authentication. These notions are essential to understand Kerberos attacks in Active Directory.
---------------------------------------------
https://en.hackndo.com/kerberos-silver-golden-tickets/


∗∗∗ PayPal über Google Pay: Lücke noch immer nicht behoben – und wohl schlimmer als befürchtet ∗∗∗
---------------------------------------------
Eine Sicherheitslücke, die unautorisierte PayPal-Abbuchungen via Google Pay ermöglicht, ist laut ihrem Entdecker noch leichter ausnutzbar als zuvor angenommen.
---------------------------------------------
https://heise.de/-4668350


∗∗∗ HTTP Request Smuggling. A how-to ∗∗∗
---------------------------------------------
HTTP Request Smuggling is not a new issue, a 2005 white paper from Watchfire discusses it in detail and there are other resources too. What I found missing was practical, actionable, how-to references.
This post covers my findings and, hopefully, sheds some light on the intricacies of HTTP Request Smuggling.
---------------------------------------------
https://www.pentestpartners.com/security-blog/http-request-smuggling-a-how-to/


∗∗∗ Ist diese Webseite seriös? – Checken Sie unsere Listen! ∗∗∗
---------------------------------------------
Es ist nicht unwahrscheinlich, dass Sie als InternetnutzerIn ab und an auf eine betrügerische oder unseriöse Internetseite stoßen. Haben Sie beispielsweise bei einem Online-Shop, einer Streaming-Plattform, einem Speditionsunternehmen oder einer Reiseplattform ein ungutes Gefühl, schauen Sie am besten in unseren Listen nach. Dort finden Sie unzählige Internetseiten, die Sie besser meiden sollten!
---------------------------------------------
https://www.watchlist-internet.at/news/ist-diese-webseite-serioes-checken-sie-unsere-listen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Privilege escalation vulnerability in multiple RICOH printer drivers ∗∗∗
---------------------------------------------
If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation.
---------------------------------------------
https://jvn.jp/en/jp/JVN15697526/


∗∗∗ Multiple vulnerabilities in RICOH printers ∗∗∗
---------------------------------------------
* A user who can access the device may access the debugging Web page and obtain sensitive information - CVE-2019-14301
* A user who can physically access the device may execute arbitrary code, alter settings, and/or disable the function - CVE-2019-14302
* If a user accesses a specially crafted page, unintended operations such as changing settings of the device may be performed - CVE-2019-14304
* A user who can access the device may the device settings information - CVE-2019-14306
---------------------------------------------
https://jvn.jp/en/jp/JVN52962201/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).
---------------------------------------------
https://lwn.net/Articles/813349/


∗∗∗ Moxa MB3xxx Series Protocol Gateways ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-056-01


∗∗∗ Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-056-02


∗∗∗ Moxa PT-7528 and PT-7828 Series Ethernet Switches ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-056-03


∗∗∗ Moxa EDS-G516E and EDS-510E Series Ethernet Switches ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-056-04


∗∗∗ Honeywell WIN-PAK ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-056-05


∗∗∗ Cisco FXOS Software CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj


∗∗∗ Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj


∗∗∗ Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5


∗∗∗ Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp


∗∗∗ Cisco NX-OS Software NX-API Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos


∗∗∗ Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos


∗∗∗ Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos


∗∗∗ Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj


∗∗∗ Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj


∗∗∗ Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp


∗∗∗ Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file


∗∗∗ Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj


∗∗∗ Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos


∗∗∗ Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos


∗∗∗ Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj


∗∗∗ Security Advisory - Out of Bounds Write Vulnerability in Several Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200226-01-smartphone-en


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa/


∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator EBICS (CVE-2019-4597) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ibm-sterling-b2b-integrator-ebics-cve-2019-4597/


∗∗∗ Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4598) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ibm-sterling-b2b-integrator-dashboard-user-interface-cve-2019-4598/


∗∗∗ Security Bulletin: Cross-Site Request Forgery Affects IBM Sterling B2B Integrator (CVE-2019-4726) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-affects-ibm-sterling-b2b-integrator-cve-2019-4726/


∗∗∗ Security Bulletin: Information disclosure vulnerability in IBM WebSphere Service Registry and Repository (CVE-2019-4537) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-websphere-service-registry-and-repository-cve-2019-4537/


∗∗∗ Security Bulletin: Java Update ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-java-update/


∗∗∗ Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4596) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-b2b-integrator-dashboard-user-interface-cve-2019-4596/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-tpf-toolkit/


∗∗∗ HPESBST03983 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03983en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list