[CERT-daily] Tageszusammenfassung - 08.08.2023

Daily end-of-shift report team at cert.at
Tue Aug 8 18:19:10 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Montag 07-08-2023 18:00 − Dienstag 08-08-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Microsoft GitHub Dev-Containers Improper Privilege Management Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability. [..] The vendor states this is by-design, and they do not consider it to be a security risk.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1044/


∗∗∗ Understanding Active Directory Attack Paths to Improve Security ∗∗∗
---------------------------------------------
Active Directory, Actively Problematic. But as central as it is, Active Directory security posture is often woefully lacking. Lets take a quick peek at how Active Directory assigns users, which will shed some light on why this tool has some shall we say, issues, associated with it.
---------------------------------------------
https://thehackernews.com/2023/08/understanding-active-directory-attack.html


∗∗∗ Fake-Shop presssi.shop kopiert österreichisches Unternehmen ∗∗∗
---------------------------------------------
Der Online-Shop presssi.shop ist besonders schwer als Fake-Shop zu erkennen, da er ein echtes Unternehmen kopiert. Die Kriminellen stehlen Firmendaten und das Logo der „niceshops GmbH“, einer E-Commerce-Dienstleistung aus Österreich. Außerdem sind herkömmliche Tipps zum Erkennen von Fake-Shops in diesem Fall nicht anwendbar. Wir zeigen Ihnen, wie wir den Shop als Fake entlarvt haben.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shop-presssishop-kopiert-oesterreichisches-unternehmen/


∗∗∗ Abmahnung im Namen von Dr. Matthias Losert ist betrügerisch ∗∗∗
---------------------------------------------
Kriminelle versenden im Namen vom Berliner Anwalt Dr. Matthias Losert Abmahnungen wegen einer Urheberrechtsverletzung. Sie werden beschuldigt, illegal einen Film heruntergeladen zu haben. Für diesen Verstoß fordert man von Ihnen nun 450 Euro. Ignorieren Sie dieses E-Mail und antworten Sie nicht, es handelt sich um Betrug.
---------------------------------------------
https://www.watchlist-internet.at/news/abmahnung-im-namen-von-dr-matthias-losert-ist-betruegerisch/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client ∗∗∗
---------------------------------------------
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption.
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-leak-Sew6g2kd


∗∗∗ Siemens: Multiple Vulnerabilities ∗∗∗
---------------------------------------------
JT Open, JT Utilities, Parasolid, Parasolid Installer, Solid Edge, JT2Go, Teamcenter Visualization, APOGEE/TALON Field Panels, Siemens Software Center, SIMATIC Products, RUGGEDCOM CROSSBOW, RUGGEDCOM ROS Devices, SICAM TOOLBOX II
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications


∗∗∗ Multiple Vulnerabilities in Inductive Automation Ignition ∗∗∗
---------------------------------------------
* Deserialization of Untrusted Data Remote Code Execution (CVE-2023-39473, CVE-2023-39476, CVE-2023-39475)
* XML External Entity Processing Information Disclosure (CVE-2023-39472)
* Remote Code Execution (CVE-2023-39477)
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/


∗∗∗ Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157) ∗∗∗
---------------------------------------------
CVSS:3.1 6.5 / 5.7
This vulnerability requires a user to open a Web Archive file with spoofed origin of the web content in the affected version of Microsoft Edge (Chromium-based).
---------------------------------------------
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libhtmlcleaner-java and thunderbird), Red Hat (dbus, kernel, kernel-rt, kpatch-patch, and thunderbird), Scientific Linux (thunderbird), SUSE (chromium, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly, kernel-firmware, libqt5-qtbase, libqt5-qtsvg, librsvg, pcre2, perl-Net-Netmask, qt6-base, and thunderbird), and Ubuntu (firefox).
---------------------------------------------
https://lwn.net/Articles/940755/


∗∗∗ Android: August-Patchday bringt Fixes für 53 Schwachstellen ∗∗∗
---------------------------------------------
Vier Lücken stuft Google als kritisch ein. Sie erlauben unter anderem das Ausführen von Schadcode ohne Interaktion mit einem Nutzer.
---------------------------------------------
https://www.zdnet.de/88411017/android-august-patchday-bringt-fixes-fuer-53-schwachstellen/


∗∗∗ PHOENIX CONTACT: PLCnext Engineer Vulnerabilities in LibGit2Sharp/LibGit2 ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-016/


∗∗∗ PHOENIX CONTACT: Multiple vulnerabilities in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-017/


∗∗∗ PHOENIX CONTACT: Multiple vulnerabilities in WP 6xxx Web panels ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-018/


∗∗∗ Vulnerability in IBM Java SDK affects IBM WebSphere Application Server due to CVE-2022-40609 ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7022475


∗∗∗ IBM Security Guardium is affected by multiple vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/6999317


∗∗∗ A remote code execution vulnerability in IBM Java SDK affects IBM InfoSphere Information Server (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7022836


∗∗∗ IBM Jazz Team Server is vulnerable to server-side request forgery. (CVE-2022-43879) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7023193


∗∗∗ OpenSSL publicly disclosed vulnerabilities affect IBM MobileFirst Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7023206


∗∗∗ Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7023204


∗∗∗ IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attack due to IBM SDK Java (CVE-2022-40609) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7023275


∗∗∗ ​Schneider Electric IGSS ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-01


∗∗∗ ​Hitachi Energy RTU500 series ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-02

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list