End-of-Day report
Timeframe: Dienstag 25-02-2020 18:00 - Mittwoch 26-02-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Multiple WordPress Plugin Vulnerabilities Actively Being Attacked
One adversary security researchers call 'tonyredball' gets backdoor access to websites that run a vulnerable version of the following two plugins:
* ThemeGrill Demo Importer (below 1.6.3)
* Profile Builder free and Pro (below 3.1.1)
https://www.bleepingcomputer.com/news/security/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked/
Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping
Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.
Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.
https://mobile.slashdot.org/story/20/02/26/165207/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdropping
Silver & Golden Tickets Explained
This article clarifies the concepts of PAC, Silver Ticket, Golden Ticket, as well as the different encryption methods used in authentication. These notions are essential to understand Kerberos attacks in Active Directory.
https://en.hackndo.com/kerberos-silver-golden-tickets/
PayPal über Google Pay: Lücke noch immer nicht behoben - und wohl schlimmer als befürchtet
Eine Sicherheitslücke, die unautorisierte PayPal-Abbuchungen via Google Pay ermöglicht, ist laut ihrem Entdecker noch leichter ausnutzbar als zuvor angenommen.
https://heise.de/-4668350
HTTP Request Smuggling. A how-to
HTTP Request Smuggling is not a new issue, a 2005 white paper from Watchfire discusses it in detail and there are other resources too. What I found missing was practical, actionable, how-to references.
This post covers my findings and, hopefully, sheds some light on the intricacies of HTTP Request Smuggling.
https://www.pentestpartners.com/security-blog/http-request-smuggling-a-how-to/
Ist diese Webseite seriös? - Checken Sie unsere Listen!
Es ist nicht unwahrscheinlich, dass Sie als InternetnutzerIn ab und an auf eine betrügerische oder unseriöse Internetseite stoßen. Haben Sie beispielsweise bei einem Online-Shop, einer Streaming-Plattform, einem Speditionsunternehmen oder einer Reiseplattform ein ungutes Gefühl, schauen Sie am besten in unseren Listen nach. Dort finden Sie unzählige Internetseiten, die Sie besser meiden sollten!
https://www.watchlist-internet.at/news/ist-diese-webseite-serioes-checken-sie-unsere-listen/
Vulnerabilities
Privilege escalation vulnerability in multiple RICOH printer drivers
If a user who can login to the computer where the affected printer driver is installed uses the specially crafted printer driver, that may result in administrative privileges being taken by privilege escalation.
https://jvn.jp/en/jp/JVN15697526/
Multiple vulnerabilities in RICOH printers
* A user who can access the device may access the debugging Web page and obtain sensitive information - CVE-2019-14301
* A user who can physically access the device may execute arbitrary code, alter settings, and/or disable the function - CVE-2019-14302
* If a user accesses a specially crafted page, unintended operations such as changing settings of the device may be performed - CVE-2019-14304
* A user who can access the device may the device settings information - CVE-2019-14306
https://jvn.jp/en/jp/JVN52962201/
Security updates for Wednesday
Security updates have been issued by Debian (python-pysaml2), Mageia (clamav, graphicsmagick, opencontainers-runc, squid, and xmlsec1), Oracle (kernel, ksh, python-pillow, systemd, and thunderbird), Red Hat (rh-nodejs12-nodejs), Scientific Linux (ksh, python-pillow, and thunderbird), and SUSE (nodejs6, openssl, ppp, and squid).
https://lwn.net/Articles/813349/
Moxa MB3xxx Series Protocol Gateways
https://www.us-cert.gov/ics/advisories/icsa-20-056-01
Moxa ioLogik 2542-HSPA Series Controllers and IOs, and IOxpress Configuration Utility
https://www.us-cert.gov/ics/advisories/icsa-20-056-02
Moxa PT-7528 and PT-7828 Series Ethernet Switches
https://www.us-cert.gov/ics/advisories/icsa-20-056-03
Moxa EDS-G516E and EDS-510E Series Ethernet Switches
https://www.us-cert.gov/ics/advisories/icsa-20-056-04
Honeywell WIN-PAK
https://www.us-cert.gov/ics/advisories/icsa-20-056-05
Cisco FXOS Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fpwr-cmdinj
Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-bgpmd5
Cisco NX-OS Software Anycast Gateway Invalid ARP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-arp
Cisco NX-OS Software NX-API Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nxos-api-dos
Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos
Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos
Cisco FXOS and UCS Manager Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cmdinj
Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-nxos-cdp
Cisco FXOS Software CLI Arbitrary File Read and Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-cli-file
Cisco UCS Manager Software Local Management CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-ucs-cli-cmdinj
Cisco Nexus 1000V Switch for VMware vSphere Secure Login Enhancements Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-nexus-1000v-dos
Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-mds-ovrld-dos
Cisco FXOS and UCS Manager Software Local Management CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-fxos-ucs-cli-cmdinj
Security Advisory - Out of Bounds Write Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200226-01-smartphone-en
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-itcam-for-soa/
Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator EBICS (CVE-2019-4597)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ibm-sterling-b2b-integrator-ebics-cve-2019-4597/
Security Bulletin: SQL Injection Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4598)
https://www.ibm.com/blogs/psirt/security-bulletin-sql-injection-vulnerability-affects-ibm-sterling-b2b-integrator-dashboard-user-interface-cve-2019-4598/
Security Bulletin: Cross-Site Request Forgery Affects IBM Sterling B2B Integrator (CVE-2019-4726)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-request-forgery-affects-ibm-sterling-b2b-integrator-cve-2019-4726/
Security Bulletin: Information disclosure vulnerability in IBM WebSphere Service Registry and Repository (CVE-2019-4537)
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-vulnerability-in-ibm-websphere-service-registry-and-repository-cve-2019-4537/
Security Bulletin: Java Update
https://www.ibm.com/blogs/psirt/security-bulletin-java-update/
Security Bulletin: Cross-Site Scripting Vulnerability Affects IBM Sterling B2B Integrator Dashboard User Interface (CVE-2019-4596)
https://www.ibm.com/blogs/psirt/security-bulletin-cross-site-scripting-vulnerability-affects-ibm-sterling-b2b-integrator-dashboard-user-interface-cve-2019-4596/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-tpf-toolkit/
HPESBST03983 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple Vulnerabilities
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03983en_us