[CERT-daily] Tageszusammenfassung - 22.06.2023

Daily end-of-shift report team at cert.at
Thu Jun 22 20:20:45 CEST 2023


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 21-06-2023 18:00 − Donnerstag 22-06-2023 18:00
Handler:     Michael Schlagenhaufer
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits ∗∗∗
---------------------------------------------
Mirai is a still-active botnet with new variants. We highlight observed exploitation of IoT vulnerabilities — due to low complexity and high impact.
---------------------------------------------
https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/


∗∗∗ Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack ∗∗∗
---------------------------------------------
Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several others, Massachusetts-based cloud-native security firm Aqua said in a Wednesday report.
---------------------------------------------
https://thehackernews.com/2023/06/alert-million-of-github-repositories.html


∗∗∗ LibreOffice Arbitrary File Write (CVE-2023-1883) ∗∗∗
---------------------------------------------
While performing a cursory inspection of the LibreOffice Base desktop database, we stumbled across an (arbitrary) file write issue. The fine folks at LibreOffice immediately addressed the vulnerability.
---------------------------------------------
https://secfault-security.com/blog/libreoffice.html


∗∗∗ Virenschutz: Avast dreht alten Scannern Signaturnachschub ab ∗∗∗
---------------------------------------------
Avast beendet die Unterstützung älterer Virenscanner. Die Versionen Avast 9, 10 und 11 erhalten ab Sommerende keine Updates mehr, auch keine neuen Signaturen.
---------------------------------------------
https://heise.de/-9194464


∗∗∗ PoC-Exploit für Cisco AnyConnect-Schwachstelle CVE-2023-20178 ermöglicht SYSTEM-Privilegien ∗∗∗
---------------------------------------------
In der Cisco AnyConnect Secure Mobility Client Software gibt es eine Schwachstelle, über die Angreifer sich SYSTEM-Privilegien unter Windows verschaffen können. Nun ist ein Proof of Concept für einen Exploit zum Ausnutzen dieser Schwachstelle (CVE-2023-20178) verfügbar.
---------------------------------------------
https://www.borncity.com/blog/2023/06/22/poc-exploit-fr-cisco-anyconnect-schwachstelle-cve-2023-20178-ermglicht-system-privilegien/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ iOS 16.5.1 & Co: Apple beseitigt Zero-Day-Lücken in allen Systemen ∗∗∗
---------------------------------------------
Die gravierenden Schwachstellen wurden offenbar ausgenutzt, um Überwachungs-Tools auf Apple-Hardware einzuschleusen. Patches gibt es auch für ältere Hardware.
---------------------------------------------
https://heise.de/-9194404


∗∗∗ VMSA-2023-0014 ∗∗∗
---------------------------------------------
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2023-0014.html


∗∗∗ Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites ∗∗∗
---------------------------------------------
A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin thats installed on more than 30,000 websites.
---------------------------------------------
https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (avahi, hsqldb, hsqldb1.8.0, minidlna, trafficserver, and xmltooling), Oracle (.NET 6.0, .NET 7.0, 18, c-ares, firefox, kernel, less, libtiff, libvirt, python, python3.11, texlive, and thunderbird), Red Hat (c-ares, kernel, kernel-rt, kpatch-patch, less, libtiff, libvirt, openssl, and postgresql), Slackware (bind and kernel), SUSE (bluez, curl, geoipupdate, kernel, netty, netty-tcnative, ntp, open-vm-tools, php8, python-reportlab, rustup, Salt, salt, terraform-provider-aws, terraform-provider-null, and webkit2gtk3), and Ubuntu (bind9, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-kvm, linux-oracle, linux-raspi, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-oracle, and linux-ibm).
---------------------------------------------
https://lwn.net/Articles/935872/


∗∗∗ CISA Adds Six Known Exploited Vulnerabilities to Catalog ∗∗∗
---------------------------------------------
CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability 
CVE-2020-35730 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability 
CVE-2020-12641 Roundcube Webmail Remote Code Execution Vulnerability 
CVE-2021-44026 Roundcube Webmail SQL Injection Vulnerability 
CVE-2016-9079 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability 
CVE-2016-0165 Microsoft Win32k Privilege Escalation Vulnerability 
---------------------------------------------
https://www.cisa.gov/news-events/alerts/2023/06/22/cisa-adds-six-known-exploited-vulnerabilities-catalog


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM App Connect Enterprise, IBM Security Directory Integrator, IBM Security QRadar SIEM, CICS TX, IBM InfoSphere Information Server, IBM MQ, IBM Integration Bus for z/OS, IBM Spectrum Protect, IBM Robotic Process Automation.
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/


∗∗∗ ZDI-23-891: (0Day) ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-23-891/


∗∗∗ Drupal: Album Photos - Critical - Access bypass - SA-CONTRIB-2023-022 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-022


∗∗∗ Drupal: Civic Cookie Control - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-021 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2023-021


∗∗∗ Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-mac-bypass-OyZpVPnx


∗∗∗ Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities ∗∗∗
---------------------------------------------
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-xss-cP9DuEmq


∗∗∗ BIND 9: CVE-2023-2828: nameds configured cache size limit can be significantly exceeded ∗∗∗
---------------------------------------------
https://kb.isc.org/docs/cve-2023-2828


∗∗∗ BIND 9: CVE-2023-2829: Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled ∗∗∗
---------------------------------------------
https://kb.isc.org/docs/cve-2023-2829


∗∗∗ BIND 9: CVE-2023-2911: Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 ∗∗∗
---------------------------------------------
https://kb.isc.org/docs/cve-2023-2911


∗∗∗ F5: K000134942 : Intel CPU vulnerability CVE-2022-33972 ∗∗∗
---------------------------------------------
https://my.f5.com/manage/s/article/K000134942


∗∗∗ SpiderControl SCADAWebServer ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03


∗∗∗ Advantech R-SeeNet ∗∗∗
---------------------------------------------
https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-02


∗∗∗ Nextcloud: End-to-End encrypted file-drops can be made inaccessible ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37


∗∗∗ Nextcloud: Password reset endpoint is not brute force protected ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mjf5-p765-qmr6


∗∗∗ Nextcloud: Open redirect on "Unsupported browser" warning ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h353-vvwv-j2r4


∗∗∗ Nextcloud: Brute force protection allows to send more requests than intended ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg


∗∗∗ Nextcloud: User scoped external storage can be used to gather credentials of other users ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-637g-xp2c-qh5h


∗∗∗ Nextcloud: System addressbooks can be modified by malicious trusted server ∗∗∗
---------------------------------------------
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list