[CERT-daily] Tageszusammenfassung - 26.05.2021

Daily end-of-shift report team at cert.at
Wed May 26 18:42:17 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 25-05-2021 18:00 − Mittwoch 26-05-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Kaspersky Security Bulletin 2020-2021. EU statistics ∗∗∗
---------------------------------------------
The statistics in this report cover the period from May 2020 to April 2021, inclusive.
---------------------------------------------
https://securelist.com/kaspersky-security-bulletin-2020-2021-eu-statistics/102335/


∗∗∗ Smart lighting security ∗∗∗
---------------------------------------------
RJ45 connections delivering Power over Ethernet are becoming prevalent in light fittings, a result of the lower power demands from LED fittings. This creates potential for uninformed installers to inadvertently bridge network security controls through connecting the light fittings to existing networking equipment. ... Radio protocols can also lead to compromise if not done securely; Bluetooth Classic, BLE, Z-Wave and many other protocols can be exploited if not configured correctly.
---------------------------------------------
https://www.pentestpartners.com/security-blog/smart-lighting-security/


∗∗∗ The Attack Path Management Manifesto ∗∗∗
---------------------------------------------
The primary goal of Attack Path Management (APM) is to directly solve the problem of Attack Paths. Today, the problem of Attack Paths is felt most acutely in the world of Microsoft Active Directory and Azure Active Directory. These platforms provide the greatest payoff for attackers, since taking control of the fundamental identity platform for an enterprise grants full control of all users, systems, and data in that enterprise
---------------------------------------------
https://posts.specterops.io/the-attack-path-management-manifesto-3a3b117f5e5


∗∗∗ CVE-2021-22909- Digging into a Ubiquiti Firmware Update bug ∗∗∗
---------------------------------------------
Back In February, Ubiquiti released a new firmware update for the Ubiquiti EdgeRouter, fixing CVE-2021-22909/ZDI-21-601. The vulnerability lies in the firmware update procedure and allows a man-in-the-middle (MiTM) attacker to execute code as root on the device by serving a malicious firmware image when the system performs an automatic firmware update. ... The impact of this vulnerability is quite nuanced and worthy of further discussion. 
---------------------------------------------
https://www.thezdi.com/blog/2021/5/24/cve-2021-22909-digging-into-a-ubiquiti-firmware-update-bug



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure ∗∗∗
---------------------------------------------
Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing.
---------------------------------------------
https://kb.cert.org/vuls/id/799380


∗∗∗ CVE-2020-14145 ∗∗∗
---------------------------------------------
A vulnerability in OpenSSH <= 8.6 allows a man in the middle attack to determine, if a client already has prior knowledge of the remote hosts fingerprint. Using this information leak it is possible to ignore clients, which will show an error message during an man in the middle attack, while new clients can be intercepted without alerting them of the man in the middle attack. [...] At the moment, the only option to mitigate this vulnerability is to set HostKeyAlgorithms in your config file.
---------------------------------------------
https://docs.ssh-mitm.at/CVE-2020-14145.html


∗∗∗ Sicherheitsupdates: Kritische Schadcode-Lücke bedroht VMware vCenter Server ∗∗∗
---------------------------------------------
Die Servermanagementsoftware vCenter Server ist verwundbar. Angreifer könnten Schadcode ausführen.
---------------------------------------------
https://heise.de/-6054003


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (djvulibre, dotnet-runtime, dotnet-runtime-3.1, dotnet-sdk, dotnet-sdk-3.1, gupnp, hivex, lz4, matrix-synapse, prometheus, python-pydantic, runc, thunderbird, and websvn), Fedora (composer, moodle, and wordpress), Gentoo (bash, boost, busybox, containerd, curl, dnsmasq, ffmpeg, firejail, gnome-autoar, gptfdisk, icu, lcms, libX11, mariadb, mumble, mupdf, mutt, mysql, nettle, nextcloud-client, opensmtpd, openssh, openvpn, php, postgresql, prosody, rxvt-unicode, samba, screen, smarty, spamassassin, squid, stunnel, tar, tcpreplay, telegram-desktop), openSUSE (Botan), Red Hat (kernel), Slackware (gnutls), SUSE (hivex, libu2f-host, rubygem-actionpack-5_1), Ubuntu (apport, exiv2, libx11).
---------------------------------------------
https://lwn.net/Articles/857352/


∗∗∗ Cisco ADE-OS Local File Inclusion Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ


∗∗∗ Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-Mp9FSdG


∗∗∗ Cisco Finesse Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-strd-xss-bUKqffFW


∗∗∗ Cisco Finesse Open Redirect Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-opn-rdrct-epDeh7R


∗∗∗ Cisco DNA Spaces Connector Privilege Escalation Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-prvesc-q6T6BzW


∗∗∗ Cisco DNA Spaces Connector Command Injection Vulnerabilities ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n


∗∗∗ SSA-119468: Luxion KeyShot Vulnerabilities in Solid Edge ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-119468.txt


∗∗∗ Security Advisory - Out-of-Bounds Read Vulnerability On Several Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210526-03-dos-en


∗∗∗ Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210526-02-outbounds-en


∗∗∗ Security Advisory - Improper Licenses Management Vulnerability in Some Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2021/huawei-sa-20210407-01-resourcemanagement-en


∗∗∗ Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-mitigations-are-being-announced-to-address-cve-2020-4839-and-cve-2021-29695/


∗∗∗ Security Bulletin: WebSphere Application Server Java Batch is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-application-server-java-batch-is-vulnerable-to-an-xml-external-entity-injection-xxe-vulnerability-cve-2021-20492/


∗∗∗ Security Bulletin: IBM® Db2® 'Check for Updates' process is vulnerable to DLL hijacking (CVE-2019-4588) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-check-for-updates-process-is-vulnerable-to-dll-hijacking-cve-2019-4588/


∗∗∗ Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-mitigations-are-being-announced-to-address-cve-2020-4839-and-cve-2021-29695-2/


∗∗∗ Security Bulletin: Data protection rules and policies are not enforced on virtualized objects ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-data-protection-rules-and-policies-are-not-enforced-on-virtualized-objects/


∗∗∗ Security Bulletin: This Power System update is being released to address CVE-2021-20487 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-this-power-system-update-is-being-released-to-address-cve-2021-20487/


∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-3/


∗∗∗ Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-websphere-application-server-liberty-2/


∗∗∗ Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-license-key-server-administration-and-reporting-tool-is-impacted-by-multiple-vulnerabilities-in-jquery-bootstrap-and-angularjs/


∗∗∗ Overview of NGINX vulnerabilities (May 2021) ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K52559937?utm_source=f5support&utm_medium=RSS


∗∗∗ NGINX Plus and Open Source vulnerability CVE-2021-23017 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K12331123?utm_source=f5support&utm_medium=RSS


∗∗∗ Datakit Libraries bundled in Luxion KeyShot ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-01


∗∗∗ Rockwell Automation Micro800 and MicroLogix 1400 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list