End-of-Day report
Timeframe: Donnerstag 15-07-2021 18:00 - Freitag 16-07-2021 18:00
Handler: Robert Waldner
Co-Handler: Stephan Richter
News
Warten auf Patches: Neue Drucker-Lücke in Windows entdeckt
Abermals könnten Angreifer Windows über eine Drucker-Schwachstelle attackieren und Schadcode ausführen. Bislang gibt es nur einen Workaround zur Absicherung.
https://heise.de/-6140346
Vulnerabilities in Etherpad Collaboration Tool Allow Data Theft
XSS and Argument Injection Flaws Found in Popular Etherpad Collaboration Tool
https://www.securityweek.com/vulnerabilities-etherpad-collaboration-tool-allow-data-theft
Introduction to ICS Security Part 2
An introduction to the Purdue Enterprise Reference Architecture (PERA), additional reference models, and best practices for secure ICS architectures.
https://www.sans.org/blog/introduction-to-ics-security-part-2?msc=rss
Vulnerabilities
Cisco Intelligent Proximity SSL Certificate Validation Vulnerability
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device (Version: 1.1 Description: Added fixed releases.)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB
Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability
A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error in how the software cryptography module handles specific types of [...]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC
Schadcode-Lücken im Netzwerkbetriebssystem Junos OS geschlossen
Angreifer könnten unter anderem Router und Switches von Juniper attackieren. Sicherheitsupdates schaffen Abhilfe.
https://heise.de/-6140423
WordPress-Plugin: WooCommerce schließt kritische Sicherheitslücke
WordPress hat nach dem Veröffentlichen des Patches ein automatisiertes Zwangsupdate veranlasst. Trotzdem könnten noch nicht alle Shops versorgt sein.
https://heise.de/-6140221
Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040
Cisco Talos recently discovered multiple vulnerabilities in the D-LINK DIR-3040 wireless router. The DIR-3040 is an AC3000-based wireless internet router. These vulnerabilities could allow an attacker to carry out a variety of malicious actions, including exposing sensitive information, causing a denial of service and gaining the ability to execute arbitrary code.
https://blog.talosintelligence.com/2021/07/vuln-spotlight-d-link.html
Security updates for Friday
Security updates have been issued by CentOS (firefox), Debian (firefox-esr), Fedora (linuxptp), Gentoo (commons-collections), Mageia (aom, firefox, python-django, thunderbird, and tpm2-tools), openSUSE (claws-mail, kernel, nodejs10, and nodejs14), Red Hat (nettle), Scientific Linux (firefox), SUSE (firefox, kernel, nodejs10, and nodejs14), and Ubuntu (libslirp and qemu).
https://lwn.net/Articles/863180/
Ypsomed mylife
This advisory contains mitigations for Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, and Use of Hard-coded Credentials vulnerabilities in the Ypsomed mylife diabetes management platform.
https://us-cert.cisa.gov/ics/advisories/icsma-21-196-01
Icinga: Mehrere Schwachstellen
https://www.cert-bund.de/advisoryshort/CB-K21-0758
[webapps] Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection
https://www.exploit-db.com/exploits/50132
Security Bulletin: IBM i2 Analyze is affected by multiple DB2 vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-i2-analyze-is-affected-by-multiple-db2-vulnerabilities/
Security Bulletin: Multiple vulnerabilities in IBM DB2
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-db2/
Security Bulletin: IBM QRadar SIEM uses less secure methods for securing data at rest and in transit between hosts (CVE-2020-4980)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-uses-less-secure-methods-for-securing-data-at-rest-and-in-transit-between-hosts-cve-2020-4980/
Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud TierCVE-(2021-21295)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tiercve-2021-21295/
Security Bulletin: 3RD PARTY IBM InfoSphere MDM Inspector - Cross Site Request Forgery
https://www.ibm.com/blogs/psirt/security-bulletin-3rd-party-ibm-infosphere-mdm-inspector-cross-site-request-forgery/
Security Bulletin: IBM Data Replication Support Tool Information Collection on Sybase Platform
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-support-tool-information-collection-on-sybase-platform/
Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk-2/
Security Bulletin: IBM Data Replication Affected by IBM Java SDK Vulnerability (CVE-2019-4732)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-ibm-java-sdk-vulnerability-cve-2019-4732/
Security Bulletin: Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258)
https://www.ibm.com/blogs/psirt/security-bulletin-dojo-vulnerability-in-websphere-liberty-affects-collaboration-and-deployment-services-cve-2020-5258/
Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-multiple-vulnerabilities-in-ibm-java-sdk/
Security Bulletin: IBM Data Replication Affected by Vulnerabilities in IBM Java SDK (CVE-2020-2654)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-affected-by-vulnerabilities-in-ibm-java-sdk-cve-2020-2654/
Security Bulletin: IBM Data Replication Management Console Authentication Affected by Annonymous Binding (CVE-2020-4821)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-replication-management-console-authentication-affected-by-annonymous-binding-cve-2020-4821/