Tageszusammenfassung - 01.12.2017

End-of-Day report

Timeframe: Donnerstag 30-11-2017 18:00 − Freitag 01-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Petr Sikuta

News

∗∗∗ Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords ∗∗∗ A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them. [...]

https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ethernet-devices-leak-telnet-passwords/

Vulnerabilities

∗∗∗ Geovap Reliance SCADA ∗∗∗ This advisory contains mitigation details for a cross-site scripting vulnerability in Geovap's Reliance SCADA.

https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 ∗∗∗ DFN-CERT-2017-2180 - Apache Software Foundation Struts: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-2180/ ∗∗∗ DFN-CERT-2017-2181 - Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-2181/ ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-intel-en ∗∗∗ Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-smartphone-en ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-pse-en ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-xml-en ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-router-en ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-sip-en ∗∗∗ Security Notice - Statement About the Vulnerabilities in Huawei SmartCare Products Disclosed by Bhaskar Borman ∗∗∗

http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171201-01-smartcare-en ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by a Nginx vulnerability ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011149 ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22010618 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22010689 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011143 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011146 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011145 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011148 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011150 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22011151 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22009408 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22010019 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22010227 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22006185 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=swg22006184