End-of-Day report
Timeframe: Dienstag 01-02-2022 18:00 - Mittwoch 02-02-2022 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM). UEFI software provides an extensible interface between an operating system and platform firmware. UEFI software uses a highly privileged processor execution mode called System Management Mode (SMM) for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code.
https://kb.cert.org/vuls/id/796611
CISA Releases Securing Industrial Control Systems: A Unified Initiative
The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy-developed in collaboration with industry and government partners-lays out CISA's plan to improve, unify, and focus the effort to secure ICS and protect critical infrastructure.
https://us-cert.cisa.gov/ics/cisa-releases-securing-industrial-control-systems-unified-initiative
Kasper: a tool for finding speculative-execution vulnerabilities
The Systems and Network Security Group at Vrije Universiteit Amsterdam hasannounced a tool calledKasper that is able to scan the kernel source and locatespeculative-execution vulnerabilities: Namely, it models an attacker capable of controlling data (e.g., via memory massaging or value injection a la LVI), accessing secrets (e.g., via out-of-bounds or use-after-free accesses), and leaking these secrets (e.g., via cache-based, MDS-based, or port contention-based covert channels).
https://lwn.net/Articles/883448/
Post E-Mail -Dein Paket wartet !- ist fake!
Kriminelle versenden gehäuft E-Mails im Namen der Post mit dem Betreff -Dein Paket wartet !-. Eine Liefergebühr über 1,69 Euro sei ausständig. Achtung: Die E-Mails sind frei erfunden. Die Kriminellen wenden Spoofing an, um die Mail-Adresse echt aussehen zu lassen und verlinken auf eine nachgebaute Post-Website.
https://www.watchlist-internet.at/news/post-e-mail-dein-paket-wartet-ist-fake/
Vulnerabilities
Security updates for Wednesday
Security updates have been issued by CentOS (samba), Debian (apache2 and python-django), Fedora (kernel and phpMyAdmin), Mageia (kernel and kernel-linus), openSUSE (samba), Oracle (nginx:1.20 and samba), Red Hat (cryptsetup, java-1.8.0-ibm, kernel, nodejs:14, rpm, and vim), SUSE (kernel, python-Django, python-Django1, and samba), and Ubuntu (cron).
https://lwn.net/Articles/883541/
Google Releases Security Updates for Chrome
Google has released Chrome versions 98.0.4758.80/81/82 for Windows and 98.0.4758.80 for Mac and Linux. These versions address vulnerabilities that an attacker could exploit to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2022/02/02/google-releases-security-updates-chrome
Vulnerability Spotlight: Multiple vulnerabilities in Sealevel SeaConnect
Cisco Talos recently discovered several vulnerabilities in Sealevel Systems Inc.-s SeaConnect internet-of-things edge device - many of which could allow an attacker to conduct a man-in-the-middle attack or execute remote code on the targeted device.
The SeaConnect 370W is a WiFi-connected edge device commonly used in industrial control system (ICS) environments that allow users to remotely monitor and control the status of real-world I/O processes. This device offers remote control via MQTT, Modbus TCP and a manufacturer-specific interface referred to as the "SeaMAX API."
http://blog.talosintelligence.com/2022/02/vuln-spotlight-sea-level-connect.html
Cisco Prime Service Catalog Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpsc-info-disc-zkJBDJ9F
Cisco Umbrella Secure Web Gateway File Inspection Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swg-fbyps-3z4qT7p
Cisco Small Business RV Series Routers Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
Cisco DNA Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj
FortiAuthenticator - Improper access control in HA service
https://fortiguard.fortinet.com/psirt/FG-IR-20-217
FortiMail - reflected cross-site scripting vulnerability in FortiGuard URI protection
https://fortiguard.fortinet.com/psirt/FG-IR-21-185
FortiExtender - Arbitrary command execution because of missing CLI input sanitization
https://fortiguard.fortinet.com/psirt/FG-IR-21-148
FortiWeb - OS command injection due to unsafe input validation function
https://fortiguard.fortinet.com/psirt/FG-IR-21-166
FortiWeb - Stack-based buffer overflow in command line interpreter
https://fortiguard.fortinet.com/psirt/FG-IR-21-132
FortiWeb - OS command injection due to direct input interpolation in API controllers
https://fortiguard.fortinet.com/psirt/FG-IR-21-180
FortiWeb - arbitrary file/directory deletion
https://fortiguard.fortinet.com/psirt/FG-IR-21-158
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to leaking sensitive information due to CVE-2021-3712 in OpenSSL
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-leaking-sensitive-information-due-to-cve-2021-3712-in-openssl/
K74013101: Binutils vulnerability CVE-2021-42574
https://support.f5.com/csp/article/K74013101?utm_source=f5support&utm_medium=RSS
K28622040: Python vulnerability CVE-2019-9948
https://support.f5.com/csp/article/K28622040?utm_source=f5support&utm_medium=RSS
Advantech ADAM-3600
https://us-cert.cisa.gov/ics/advisories/icsa-22-032-02