[CERT-daily] Tageszusammenfassung - 13.05.2022

Daily end-of-shift report team at cert.at
Fri May 13 19:28:01 CEST 2022


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 12-05-2022 18:00 − Freitag 13-05-2022 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Jetzt patchen! Zyxel Firewalls als Schlupfloch in Firmen-Netzwerke ∗∗∗
---------------------------------------------
Ein wichtiges Sicherheitsupdate schließt eine kritische Lücke in mehreren Firewall-Modellen von Zyxel.
---------------------------------------------
https://heise.de/-7090269


∗∗∗ Desktop-Firewall ZoneAlarm: Kritische Lücke ermöglicht Rechteausweitung ∗∗∗
---------------------------------------------
Eine Sicherheitslücke in der Desktop-Firewall ZoneAlarm könnte Angreifern ermöglichen, ihre Rechte im System auszuweiten und somit die Kontrolle zu übernehmen.
---------------------------------------------
https://heise.de/-7090411


∗∗∗ Crypto-Betrug: Vorsicht vor Yuan Pay Group ∗∗∗
---------------------------------------------
Investitionsplattformen für Crypto-Währungen gibt es wie Sand am Meer. Sie locken mit dem großen Geld bei nur 250€ Investment. Der Haken: Haben Sie einmal investiert, sehen Sie ihr Geld oft nie wieder. Hier finden Sie eine Anleitung wie Sie Crypto-Scams erkennen.
---------------------------------------------
https://www.watchlist-internet.at/news/crypto-betrug-vorsicht-vor-yuan-pay-group/


∗∗∗ BIOS-Updates fixen kritische Schwachstellen in HPs Business- und Consumer-Modellen sowie in Intel-CPUs (Mai 2022) ∗∗∗
---------------------------------------------
Der Hersteller Hewlett Packard (HP) hat die Tage einen Sicherheitshinweis (Security Advisory) veröffentlicht. Diese Warnung adressiert zwei Schwachstellen in der Firmware von über 200 HP-Modellen (Business- und Consumer-Varianten), die ein Überschreiben der Firmware ermöglichen. Die Schwachstellen wurden mit einem Sicherheits-Score von 8.8 eingestuft – Updates stehen zur Verfügung. Weiterhin hat Intel einen Sicherheitshinweis auf eine Schwachstelle im BIOS von Intel-Systemen hingewiesen, die ebenfalls mit dem Score von 8.2 versehen sind und eine Privilegien-Ausweitung ermöglichen.
---------------------------------------------
https://www.borncity.com/blog/2022/05/13/bios-updates-fixen-kritische-schwachstellen-in-hps-business-und-consumer-modellen-sowie-in-intel-cpus-mai-2022/


∗∗∗ Eternity malware kit offers stealer, miner, worm, ransomware tools ∗∗∗
---------------------------------------------
Threat actors have launched the Eternity Project, a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/


∗∗∗ Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla ∗∗∗
---------------------------------------------
We analyze a malicious compiled HTML help file delivering Agent Tesla, following the chain of attack through JavaScript and multiple stages of PowerShell.
---------------------------------------------
https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability ∗∗∗
---------------------------------------------
Dell iDRAC9 versions 5.00.00.00 and later but before 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
---------------------------------------------
https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability


∗∗∗ CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox ∗∗∗
---------------------------------------------
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another users objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.
---------------------------------------------
https://www.postgresql.org/support/security/CVE-2022-1552/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (chromium, postgresql-11, postgresql-13, and waitress), Fedora (curl, java-1.8.0-openjdk-aarch32, keylime, and pcre2), Oracle (gzip and zlib), Red Hat (subversion:1.10), SUSE (clamav, documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification, e2fsprogs, gzip, and kernel), and Ubuntu (libvorbis and rsyslog).
---------------------------------------------
https://lwn.net/Articles/895202/


∗∗∗ Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access ∗∗∗
---------------------------------------------
Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a non-privileged user to a privileged one. There are also multiple vulnerabilities that could allow an adversary to reach unconstrained root privileges. The router has one privileged user and several non-privileged ones.
---------------------------------------------
https://blog.talosintelligence.com/2022/05/blog-post-.html


∗∗∗ Delta Electronics CNCSoft ∗∗∗
---------------------------------------------
This advisory contains mitigations for Stack-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in the Delta Electronics CNCSoft software management platform.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-01


∗∗∗ Mitsubishi Electric MELSOFT iQ AppPortal ∗∗∗
---------------------------------------------
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02


∗∗∗ Cambium Networks cnMaestro ∗∗∗
---------------------------------------------
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04


∗∗∗ SonicWall SSLVPN SMA1000 series affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
SonicWall SSLVPN SMA1000 series appliances are affected by the below listed multiple vulnerabilities, organizations running previous versions of SSLVPN SMA1000 series firmware should upgrade to new firmware release versions.
---------------------------------------------
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009


∗∗∗ ZDI-CAN-15739 Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability ∗∗∗
---------------------------------------------
https://helpcenter.trendmicro.com/en-us/article/TMKA-11017


∗∗∗ K67090077: Apache HTTP Server vulnerability CVE-2022-22720 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K67090077


∗∗∗ HP Computer: Schwachstelle ermöglicht Privilegieneskalation ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K22-0606


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2022-22316/


∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-4160/


∗∗∗ Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2021and Jan 2022 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2021and-jan-2022-3/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2021-4160) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-ibm-integration-bus-cve-2021-4160/


∗∗∗ Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2022-0778/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-openssl-denial-of-service-vulnerabilities-cve-2021-23840-cve-2021-23841-2/


∗∗∗ Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go CVE-2021-43565 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-cve-2021-43565/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-2/


∗∗∗ Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2021-44142/


∗∗∗ Security Bulletin: Multiple Security vulnerabilities may affect IBM Robotic Process Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation/


∗∗∗ Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to stack exhaustion by Go CVE-2022-24921 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-stack-exhaustion-by-go-cve-2022-24921/


∗∗∗ Security Bulletin: IBM Robotic Process Automation is vulnerable to SQL Injection (CVE-2022-22413) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-sql-injection-cve-2022-22413/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-policykit-vulnerability-cve-2021-4034-2/


∗∗∗ Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2022-0155 & CVE-2022-0536) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-ibm-integration-bus-cve-2022-0155-cve-2022-0536/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-19/


∗∗∗ Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2022-22325/


∗∗∗ Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-an-information-disclosure-cve-2022-22393/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-18/


∗∗∗ Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2022-22950-cve-2021-22096-cve-2022-22968-cve-2021-22060/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-17/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list