End-of-Day report
Timeframe: Donnerstag 12-05-2022 18:00 - Freitag 13-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Jetzt patchen! Zyxel Firewalls als Schlupfloch in Firmen-Netzwerke
Ein wichtiges Sicherheitsupdate schließt eine kritische Lücke in mehreren Firewall-Modellen von Zyxel.
https://heise.de/-7090269
Desktop-Firewall ZoneAlarm: Kritische Lücke ermöglicht Rechteausweitung
Eine Sicherheitslücke in der Desktop-Firewall ZoneAlarm könnte Angreifern ermöglichen, ihre Rechte im System auszuweiten und somit die Kontrolle zu übernehmen.
https://heise.de/-7090411
Crypto-Betrug: Vorsicht vor Yuan Pay Group
Investitionsplattformen für Crypto-Währungen gibt es wie Sand am Meer. Sie locken mit dem großen Geld bei nur 250- Investment. Der Haken: Haben Sie einmal investiert, sehen Sie ihr Geld oft nie wieder. Hier finden Sie eine Anleitung wie Sie Crypto-Scams erkennen.
https://www.watchlist-internet.at/news/crypto-betrug-vorsicht-vor-yuan-pay-group/
BIOS-Updates fixen kritische Schwachstellen in HPs Business- und Consumer-Modellen sowie in Intel-CPUs (Mai 2022)
Der Hersteller Hewlett Packard (HP) hat die Tage einen Sicherheitshinweis (Security Advisory) veröffentlicht. Diese Warnung adressiert zwei Schwachstellen in der Firmware von über 200 HP-Modellen (Business- und Consumer-Varianten), die ein Überschreiben der Firmware ermöglichen. Die Schwachstellen wurden mit einem Sicherheits-Score von 8.8 eingestuft - Updates stehen zur Verfügung. Weiterhin hat Intel einen Sicherheitshinweis auf eine Schwachstelle im BIOS von Intel-Systemen hingewiesen, die ebenfalls mit dem Score von 8.2 versehen sind und eine Privilegien-Ausweitung ermöglichen.
https://www.borncity.com/blog/2022/05/13/bios-updates-fixen-kritische-schwachstellen-in-hps-business-und-consumer-modellen-sowie-in-intel-cpus-mai-2022/
Eternity malware kit offers stealer, miner, worm, ransomware tools
Threat actors have launched the Eternity Project, a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted.
https://www.bleepingcomputer.com/news/security/eternity-malware-kit-offers-stealer-miner-worm-ransomware-tools/
Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
We analyze a malicious compiled HTML help file delivering Agent Tesla, following the chain of attack through JavaScript and multiple stages of PowerShell.
https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/
Vulnerabilities
DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability
Dell iDRAC9 versions 5.00.00.00 and later but before 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability
CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck made incomplete efforts to operate safely when a privileged user is maintaining another users objects. Those commands activated relevant protections too late or not at all. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under a superuser identity.
https://www.postgresql.org/support/security/CVE-2022-1552/
Security updates for Friday
Security updates have been issued by Debian (chromium, postgresql-11, postgresql-13, and waitress), Fedora (curl, java-1.8.0-openjdk-aarch32, keylime, and pcre2), Oracle (gzip and zlib), Red Hat (subversion:1.10), SUSE (clamav, documentation-suse-openstack-cloud, kibana, openstack-keystone, openstack-monasca-notification, e2fsprogs, gzip, and kernel), and Ubuntu (libvorbis and rsyslog).
https://lwn.net/Articles/895202/
Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access
Cisco Talos recently discovered several vulnerabilities in InHand Networks- InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a non-privileged user to a privileged one. There are also multiple vulnerabilities that could allow an adversary to reach unconstrained root privileges. The router has one privileged user and several non-privileged ones.
https://blog.talosintelligence.com/2022/05/blog-post-.html
Delta Electronics CNCSoft
This advisory contains mitigations for Stack-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in the Delta Electronics CNCSoft software management platform.
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-01
Mitsubishi Electric MELSOFT iQ AppPortal
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02
Cambium Networks cnMaestro
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04
SonicWall SSLVPN SMA1000 series affected by multiple vulnerabilities
SonicWall SSLVPN SMA1000 series appliances are affected by the below listed multiple vulnerabilities, organizations running previous versions of SSLVPN SMA1000 series firmware should upgrade to new firmware release versions.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
ZDI-CAN-15739 Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
https://helpcenter.trendmicro.com/en-us/article/TMKA-11017
K67090077: Apache HTTP Server vulnerability CVE-2022-22720
https://support.f5.com/csp/article/K67090077
HP Computer: Schwachstelle ermöglicht Privilegieneskalation
https://www.cert-bund.de/advisoryshort/CB-K22-0606
Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22316
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2022-22316/
Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2021-4160
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2021-4160/
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021and Jan 2022
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-technology-edition-quarterly-cpu-oct-2021and-jan-2022-3/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2021-4160)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-ibm-integration-bus-cve-2021-4160/
Security Bulletin: WebSphere MQ for HP NonStop Server is affected by OpenSSL vulnerability CVE-2022-0778
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-mq-for-hp-nonstop-server-is-affected-by-openssl-vulnerability-cve-2022-0778/
Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-openssl-denial-of-service-vulnerabilities-cve-2021-23840-cve-2021-23841-2/
Security Bulletin: Operations Dashboard is vulnerable to denial of service by Go CVE-2021-43565
https://www.ibm.com/blogs/psirt/security-bulletin-operations-dashboard-is-vulnerable-to-denial-of-service-by-go-cve-2021-43565/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-in-apache-thrift-2/
Security Bulletin: A vulnerability in Samba affects IBM Spectrum Scale SMB protocol access method (CVE-2021-44142)
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-samba-affects-ibm-spectrum-scale-smb-protocol-access-method-cve-2021-44142/
Security Bulletin: Multiple Security vulnerabilities may affect IBM Robotic Process Automation
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-may-affect-ibm-robotic-process-automation/
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to stack exhaustion by Go CVE-2022-24921
https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-stack-exhaustion-by-go-cve-2022-24921/
Security Bulletin: IBM Robotic Process Automation is vulnerable to SQL Injection (CVE-2022-22413)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-robotic-process-automation-is-vulnerable-to-sql-injection-cve-2022-22413/
Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-policykit-vulnerability-cve-2021-4034-2/
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise & IBM Integration Bus (CVE-2022-0155 & CVE-2022-0536)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-app-connect-enterprise-ibm-integration-bus-cve-2022-0155-cve-2022-0536/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-19/
Security Bulletin: IBM MQ for HP NonStop Server is affected by vulnerability CVE-2022-22325
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hp-nonstop-server-is-affected-by-vulnerability-cve-2022-22325/
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-websphere-application-server-liberty-is-vulnerable-to-an-information-disclosure-cve-2022-22393/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-18/
Security Bulletin: A vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-22950, CVE-2021-22096, CVE-2022-22968, CVE-2021-22060).
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2022-22950-cve-2021-22096-cve-2022-22968-cve-2021-22060/
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-17/