Security Flaws & Fixes - W/E - 1/17/20
"Cable Haunt" RCE Bug in Broadcom Chip Impacts Hundreds of Millions of Modems (01/14/2020)
Researchers in Denmark uncovered a vulnerability in the firmware of Broadcom's modem firmware that can potentially impact millions of devices. The bug, called "Cable Haunt," is located in a component of the Broadcom chip - the spectrum analyzer - and causes a remote code execution. The researchers said, "The cable modems are vulnerable to remote code execution through a Web-socket connection, bypassing normal CORS and SOC rules, and then subsequently by overflowing the registers and executing malicious functionality. The exploit is possible due to lack of protection proper authorization of the Web-socket client, default credentials and a programming error in the spectrum analyzer." There are approximately 200 million cable modems in Europe that could be potentially affected by this bug and multiple vendors, including Netgear and Arris are impacted.
Researchers in Denmark uncovered a vulnerability in the firmware of Broadcom's modem firmware that can potentially impact millions of devices. The bug, called "Cable Haunt," is located in a component of the Broadcom chip - the spectrum analyzer - and causes a remote code execution. The researchers said, "The cable modems are vulnerable to remote code execution through a Web-socket connection, bypassing normal CORS and SOC rules, and then subsequently by overflowing the registers and executing malicious functionality. The exploit is possible due to lack of protection proper authorization of the Web-socket client, default credentials and a programming error in the spectrum analyzer." There are approximately 200 million cable modems in Europe that could be potentially affected by this bug and multiple vendors, including Netgear and Arris are impacted.
Adobe Boots Bugs in Illustrator CC, Experience Manager (01/14/2020)
Adobe released security bulletins for Illustrator CC and Experience Manager. The Illustrator CC update resolves a memory corruption issue that can lead to an arbitrary code execution. The update for Experience Manager remedies multiple issues, including two reflected cross-site scripting flaws.
Adobe released security bulletins for Illustrator CC and Experience Manager. The Illustrator CC update resolves a memory corruption issue that can lead to an arbitrary code execution. The update for Experience Manager remedies multiple issues, including two reflected cross-site scripting flaws.
Attackers Target Unpatched Pulse Secure VPN Servers to Install Ransomware (01/13/2020)
The Cybersecurity and Infrastructure Security Agency (CISA) has observed wide exploitation of Pulse Secure's VPN servers due to a remote code execution vulnerability. This bug was addressed by the vendor in April 2019 but many servers worldwide remain unpatched and vulnerable. Cybercriminals are targeting the bug to unleash the REvil (Sodinokibi) ransomware. CISA strongly recommends that users and administrators apply the patches immediately.
The Cybersecurity and Infrastructure Security Agency (CISA) has observed wide exploitation of Pulse Secure's VPN servers due to a remote code execution vulnerability. This bug was addressed by the vendor in April 2019 but many servers worldwide remain unpatched and vulnerable. Cybercriminals are targeting the bug to unleash the REvil (Sodinokibi) ransomware. CISA strongly recommends that users and administrators apply the patches immediately.
Citrix to Release Patches for Zero-Day Bug in ADC, Gateway (01/14/2020)
Citrix is planning to release fixes for a zero-day hole in its Application Delivery Controller and Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. The vendor warned of the flaw on December 17 but exploits have since been released. Updates for versions 11.1 and 12 are expected on January 20 while versions 12.1 and 13 will be made available on January 27, and version 10.5 will receive an update on January 31.
Citrix is planning to release fixes for a zero-day hole in its Application Delivery Controller and Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. The vendor warned of the flaw on December 17 but exploits have since been released. Updates for versions 11.1 and 12 are expected on January 20 while versions 12.1 and 13 will be made available on January 27, and version 10.5 will receive an update on January 31.
GE/Emerson GE PACSystems RX3i Affected by Security Issue (01/14/2020)
The ICS-CERT has warned that PACSystems RX3i (previously owned by GE and acquired by Emerson) are vulnerable to an improper input validation flaw. Multiple products and versions are impacted. Details about contacting Emerson are available from the ICS-CERT advisory.
The ICS-CERT has warned that PACSystems RX3i (previously owned by GE and acquired by Emerson) are vulnerable to an improper input validation flaw. Multiple products and versions are impacted. Details about contacting Emerson are available from the ICS-CERT advisory.
HTTP Cache Poisoning Renders AWS, Akamai, Cloudflare Vulnerable (01/15/2020)
Multiple caching service providers are vulnerable to HTTP cache poisoning, according to an advisory from the (CISA). Once an attacker has successfully injected malicious content, future visitors accessing the compromised site will collect and execute the attacker's injected scripts. The advisory offers suggestions to content delivery network providers to implement to prevent HTTP cache poisoning. Akamai, Amazon Web Services (AWS), and Cloudflare are all affected by this issue.
Multiple caching service providers are vulnerable to HTTP cache poisoning, according to an advisory from the (CISA). Once an attacker has successfully injected malicious content, future visitors accessing the compromised site will collect and execute the attacker's injected scripts. The advisory offers suggestions to content delivery network providers to implement to prevent HTTP cache poisoning. Akamai, Amazon Web Services (AWS), and Cloudflare are all affected by this issue.
Multiple Intel Products Receive Security Updates (01/14/2020)
Intel released six security advisories on January 14 to address vulnerabilities in various product lines. Among the issues is an information disclosure bug in the Data Analytics Acceleration Library that has been patched in version 2020 Gold.
Intel released six security advisories on January 14 to address vulnerabilities in various product lines. Among the issues is an information disclosure bug in the Data Analytics Acceleration Library that has been patched in version 2020 Gold.
Multiple Security Bulletins Posted by Juniper Networks (01/13/2020)
Juniper Networks issued multiple security bulletins to address vulnerabilities across the vendor's product lines. At least eight of the bulletins pertain to security issues within Junos OS. Juniper product users should review the advisories and apply all updates immediately.
Juniper Networks issued multiple security bulletins to address vulnerabilities across the vendor's product lines. At least eight of the bulletins pertain to security issues within Junos OS. Juniper product users should review the advisories and apply all updates immediately.
Oracle Shoots Down 334 Vulnerabilities in Massive Batch of Fixes (01/15/2020)
Over 330 vulnerabilities have been eliminated following the release of Oracle's Critical Patch Update for January. Flaws have been patched across multiple Oracle families, including MySQL, Fusion Middleware, E-Business Suite, Java SE, and more. In total, 334 bugs have been patched and Oracle recommends that users immediately apply the updates.
Over 330 vulnerabilities have been eliminated following the release of Oracle's Critical Patch Update for January. Flaws have been patched across multiple Oracle families, including MySQL, Fusion Middleware, E-Business Suite, Java SE, and more. In total, 334 bugs have been patched and Oracle recommends that users immediately apply the updates.
Over 300K WordPress Sites Exposed to Attacks Thanks to Authentication Bypass (01/15/2020)
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, contain logical flaws in their code that can enable anyone to log into an administrator account without a password. This discovery was made by the research team at WebArx who noted that a combined 320,000 Web sites are vulnerable as a result.
Two WordPress plugins, InfiniteWP Client and WP Time Capsule, contain logical flaws in their code that can enable anyone to log into an administrator account without a password. This discovery was made by the research team at WebArx who noted that a combined 320,000 Web sites are vulnerable as a result.
SAP Delivers Security Fixes on Monthly Patch Day (01/15/2020)
SAP published six security notes and one advisory to cap its January batch of vulnerability patches. Among the most significant remediations is a fix for a cross-site scripting flaw in Rest Adapter of SAP Process Integration and a patch for a denial-of-service condition in NetWeaver Internet Communication Manager.
SAP published six security notes and one advisory to cap its January batch of vulnerability patches. Among the most significant remediations is a fix for a cross-site scripting flaw in Rest Adapter of SAP Process Integration and a patch for a denial-of-service condition in NetWeaver Internet Communication Manager.
Scientists Warn of Possible Collisions, Security Failures in SHA-1 (01/13/2020)
Two researchers have demonstrated a collision attack on the SHA-1 hash function which can enable criminals to create fraudulent digital certificates. This is similar to attacks that have been previously conducted on MD5. The scientists, Gaëtan Leurent and Thomas Peyrin, created their fake digital certificates using GNU Privacy Guard and a cluster of GPUs. They said, "This work shows once and for all that SHA-1 should not be used in any security protocol where some kind of collision resistance is to be expected from the hash function."
Two researchers have demonstrated a collision attack on the SHA-1 hash function which can enable criminals to create fraudulent digital certificates. This is similar to attacks that have been previously conducted on MD5. The scientists, Gaëtan Leurent and Thomas Peyrin, created their fake digital certificates using GNU Privacy Guard and a cluster of GPUs. They said, "This work shows once and for all that SHA-1 should not be used in any security protocol where some kind of collision resistance is to be expected from the hash function."
Siemens Issues Multiple Advisories for Product Lines (01/14/2020)
Multiple Siemens products have received updates to mitigate vulnerabilities. Among the flaws discussed in its batch of advisories are authentication bypass, cross-site scripting, and mirror port isolation bugs in the SCALANCE X switches.
Multiple Siemens products have received updates to mitigate vulnerabilities. Among the flaws discussed in its batch of advisories are authentication bypass, cross-site scripting, and mirror port isolation bugs in the SCALANCE X switches.
Upgrade Mitigates Security Holes in OSIsoft PI Vision (01/14/2020)
OSIsoft's PI Vision, a visualization tool, is vulnerable to several security issues, including improper access control, cross-site scripting, and cross-site request forgery. The vendor recommends users upgrade to PI Vision 2019 to resolve these issues. Further details are available from an ICS-CERT advisory.
OSIsoft's PI Vision, a visualization tool, is vulnerable to several security issues, including improper access control, cross-site scripting, and cross-site request forgery. The vendor recommends users upgrade to PI Vision 2019 to resolve these issues. Further details are available from an ICS-CERT advisory.
VMware Releases Security Update (01/14/2020)
VMware has released a security update to fix a bug in VMware Tools. The vulnerability affects VMware Tools for Windows version 10.x.y. Users are instructed to update to version 11.0 or later.
VMware has released a security update to fix a bug in VMware Tools. The vulnerability affects VMware Tools for Windows version 10.x.y. Users are instructed to update to version 11.0 or later.