[CERT-daily] Tageszusammenfassung - 13.06.2023

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 12-06-2023 18:00 − Dienstag 13-06-2023 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away ∗∗∗
---------------------------------------------
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
---------------------------------------------
https://arstechnica.com/?p=1947319


∗∗∗ Passwort-Manager Bitwarden: Master-Schlüssel war für alle lesbar ∗∗∗
---------------------------------------------
Der Passwort-Manager Bitwarden unterstützt die Authentifizierung mit Windows Hello. Bis vor Kurzem war darüber der Master-Schlüssel für alle auslesbar.
---------------------------------------------
https://heise.de/-9184586


∗∗∗ BSI veröffentlicht Version 1.0.1 des TLS-Testtools TaSK ∗∗∗
---------------------------------------------
Nach der Veröffentlichung einer Beta-Version im Januar hat das BSI in der neuen Version weitere Funktionalitäten eingefügt. Die Version ist funktionsfähig für TLS-Server, TLS-Clients sowie für weitere Fachanwendungen wie beispielsweise eID-Clients, eID-Server oder auch E-Mail-Server.
---------------------------------------------
https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/TLS-Testtool-TaSK_230613.html


∗∗∗ Vorsicht vor zu günstigen „La Sportiva“-Produkten ∗∗∗
---------------------------------------------
Der Berg und die Fake-Angebote im Internet rufen. Aktuell werden uns vermehrt Fake-Shops der Outdoor-Marke „La Sportiva“ gemeldet. Aufmerksam auf die Schnäppchen werden Kund:innen vor allem durch Werbung auf Facebook, Instagram und Co. Ist der Preis zu schön, um wahr zu sein, handelt es sich um Fake.
---------------------------------------------
https://www.watchlist-internet.at/news/vorsicht-vor-zu-guenstigen-la-sportiva-produkten/


∗∗∗ Inside Win32k Exploitation: Background on Implementations of Win32k and Exploitation Methodologies ∗∗∗
---------------------------------------------
This is part one of a series that will cover Win32k internals and exploitation in general using these two vulnerabilities (CVE-2022-21882, CVE-2021-1732) and their related proof-of-concept (PoC) exploits as examples.
---------------------------------------------
https://unit42.paloaltonetworks.com/win32k-analysis-part-1/


∗∗∗ Are smartphone thermal cameras sensitive enough to uncover PIN codes? ∗∗∗
---------------------------------------------
I started out thinking that these cameras were gimmicks, but theyve become an important tool in the toolbox. Heres why - and a little test.
---------------------------------------------
https://www.zdnet.com/home-and-office/are-smartphone-thermal-cameras-sensitive-enough-to-uncover-pin-codes/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571) ∗∗∗
---------------------------------------------
Product Name: System.Linq.Dynamic.Core
Affected versions 1.0.7.10 to 1.2.25
CVE: CVE-2023-32571
CVSSv3.1 base score 9.1
Users can execute arbitrary code and commands where user input is passed to Dynmic Linq methods such as .Where(...), .All(...), .Any(...) and .OrderBy(...).
---------------------------------------------
https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/


∗∗∗ TYPO3 Security Advisories ∗∗∗
---------------------------------------------
several vulnerabilities have been found in the following third party TYPO3
extensions:
"Faceted Search" (ke_search)
"ipandlanguageredirect" (ipandlanguageredirect)
"Canto Extension" (canto_extension)
For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2023-004, TYPO3-EXT-SA-2023-005 and TYPO3-EXT-SA-2023-006
---------------------------------------------
https://typo3.org/help/security-advisories


∗∗∗ New Siemens Security Advisories ∗∗∗
---------------------------------------------
TIA Portal, SIMOTION, SIMATIC WinCC, Teamcenter Visualization and JT2Go, CPCI85 Firmware of SICAM A8000 Devices, SIMATIC S7-1500 TM MFP V1.0, SICAM Q200 Devices, SIMATIC WinCC V7, Integrated SCALANCE S615 of SINAMICS Medium Voltage Products, in SIMATIC STEP 7 V5.x and Derived Products, Solid Edge	
---------------------------------------------
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (vim), Fedora (kernel), Oracle (emacs, firefox, python3, and qemu), SUSE (firefox, java-1_8_0-ibm, and libwebp), and Ubuntu (firefox, glusterfs, and sniproxy).
---------------------------------------------
https://lwn.net/Articles/934492/


∗∗∗ Synology-SA-23:08 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_08


∗∗∗ Synology-SA-23:07 DSM ∗∗∗
---------------------------------------------
A vulnerability allows remote attackers to obtain user credential via a susceptible version of Synology DiskStation Manager (DSM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_07


∗∗∗ Synology-SA-23:06 SRM ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_06


∗∗∗ Synology-SA-23:05 DSM ∗∗∗
---------------------------------------------
A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of Synology DiskStation Manager (DSM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_23_05


∗∗∗ ShareFile StorageZones Controller Security Update for CVE-2023-24489 ∗∗∗
---------------------------------------------
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. [..] All customer-managed ShareFile storage zones controllers versions prior to the latest version 5.11.24 have been blocked to protect our customers. Customers will be able to reinstate the storage zones controller once the update to 5.11.24 is applied.
---------------------------------------------
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489


∗∗∗ Kritische Sicherheitslücke in Fortinet FortiOS und FortiProxy SSL-VPN Produkten - aktiv ausgenutzt, Updates verfügbar ∗∗∗
---------------------------------------------
13. Juni 2023 Beschreibung Fortinet hat eine Warnung herausgegeben, dass in den SSL-VPN - Komponenten der Produkte FortiOS und FortiProxy eine kritische Sicherheitslücke besteht, die auch bereits aktiv ausgenutzt wird, und stellt erste entsprechende Updates bereit. CVE-Nummer(n): CVE-2023-27997 CVSSv3 Score: 9.2 Auswirkungen Unauthentisierte Angreifer:innen können durch Ausnutzen der Lücke beliebigen Code auf betroffenen Geräten ausführen. Da diese Geräte
---------------------------------------------
https://cert.at/de/warnungen/2023/6/kritische-sicherheitslucke-in-fortinet-fortios-und-fortiproxy-ssl-vpn-produkten-updates-verfugbar


∗∗∗ CISA Releases Four Industrial Control Systems Advisories ∗∗∗
---------------------------------------------
- ICSA-23-164-01 Datalogics Library Third-Party
- ICSA-23-164-02 Rockwell Automation FactoryTalk Services Platform
- ICSA-23-164-03 Rockwell Automation FactoryTalk Edge Gateway
- ICSA-23-164-04 Rockwell Automation FactoryTalk Transaction Manager
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-releases-four-industrial-control-systems-advisories


∗∗∗ Chatwork Desktop Application (Mac) vulnerable to code injection ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN96828492/


∗∗∗ PHOENIX CONTACT: FL MGUARD affected by two vulnerabilities ∗∗∗
---------------------------------------------
https://cert.vde.com/de/advisories/VDE-2023-010/


∗∗∗ 2023-06-12: Cyber Security Advisory - ABB Relion REX640 Cyber Security Improvements ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ VMSA-2023-0013 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0013.html


∗∗∗ System Management Module (SMM) v1 and v2 / Fan Power Controller (FPC) Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500565-SYSTEM-MANAGEMENT-MODULE-SMM-V1-AND-V2-FAN-POWER-CONTROLLER-FPC-VULNERABILITIES


∗∗∗ Lenovo XClarity Administrator (LXCA) Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500564-LENOVO-XCLARITY-ADMINISTRATOR-LXCA-VULNERABILITIES


∗∗∗ IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7002807


∗∗∗ Multiple vulnerabilities in IBM Semeru Runtime affect z\/Transaction Processing Facility ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003337


∗∗∗ Vulnerability of Apache Thrift (libthrift-0.12.0.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003479


∗∗∗ Vulnerability of Google Gson (gson-2.8.2.jar ) have affected APM WebSphere Application Server Agent and APM SAP NetWeaver Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003477


∗∗∗ A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2023-26283) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003495


∗∗∗ Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003497


∗∗∗ IBM Workload Scheduler is potentially affected by multiple vulnerabilities in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003501


∗∗∗ IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL causing system crash (CVE-2022-4450) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003511


∗∗∗ IBM Workload Scheduler potentially affected by a vulnerability in SnakeYaml (CVE-2022-1471) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003513


∗∗∗ OpenPages with Watson has addressed Node.js vulnerability (CVE-2022-32213) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/node/7003313

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily