SysAdmin 24x7

ICS Medical Advisory (ICSMA-22-174-01) OFFIS DCMTK EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: OFFIS Equipment: DCMTK Vulnerabilities: Path Traversal, Relative Path Traversal, NULL Pointer Dereference RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition, write malformed DICOM files into arbitrary directories, and gain remote code execution. https://www.cisa.gov/uscert/ics/advisories/icsma-22-174-01

New DFSCoerce NTLM relay attack allows taking control over Windows domains. Experts discovered a new kind of Windows NTLM relay attack dubbed DFSCoerce that allows taking control over a Windows domain. Researchers warn of a new Windows NTLM relay attack dubbed DFSCoerce that can be exploited by threat actors to take control over a Windows domain. https://securityaffairs.co/wordpress/132473/hacking/dfscoerce-attacks-windows-domains.html

Ejecución arbitraria de código en IBM CICS TX Fecha de publicación: 23/06/2022 Identificador: INCIBE-2022-0810 Importancia: 5 - Crítica Recursos afectados: IBM CICS TX Standard, todas las versiones. IBM CICS TX Advanced, versión 11.1. Descripción: IBM ha publicado una vulnerabilidad que podría permitir a un atacante la ejecución arbitraria de código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-arbitraria-codigo-ibm-cics-tx

Divulgación de información sensible en HPE NonStop DSM/SCM Fecha de publicación: 22/06/2022 Identificador: INCIBE-2022-0807 Importancia: 5 - Crítica Recursos afectados: DSM/SCM SPR T6031H03^ADP. RVUs potencialmente afectados: L21.11.02; L21.11.01; L21.06.02; L21.06.01; L21.06.00; L20.10.00; L20.05.00; J06.23.01; J06.23.00. Descripción: HPE Product Security Response Team ha notificado una vulnerabilidad de severidad crítica que podría causar la divulgación de información sensible en el dispositivo afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/divulgacion-informacion-sensible-hpe-nonstop-dsmscm

Millions of Secrets Exposed via Web Application Frontend – An Internet-Wide Study. https://redhuntlabs.com/blog/millions-of-secrets-exposed-via-web-application-frontend.html

Critical Citrix ADM vulnerability creates means to reset admin passwords. https://portswigger.net/daily-swig/critical-citrix-adm-vulnerability-creates-means-to-reset-admin-passwords

Omisión de autenticación en productos HPE Fecha de publicación: 17/06/2022 Identificador: INCIBE-2022-0800 Importancia: 5 - Crítica Recursos afectados: Cray Legacy Shasta System Solutions y supercomputadores HPE Cray EX: todas las versiones del firmware del controlador de nodo asociadas a las palas de refrigeración líquida HPE Cray EX; todas las versiones del firmware del controlador de chasis asociadas a las cabinas de refrigeración líquida HPE Cray EX anteriores a 1.6.27/1.5.33/1.4.27. HPE Slingshot, versiones anteriores a 1.7.2. Descripción: HPE Product Security Response Team ha reportado una vulnerabilidad crítica de omisión de autenticación que podría ser explotada por un atacante remoto. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/omision-autenticacion-productos-hpe

Múltiples vulnerabilidades que afectan a productos Cisco Fecha de publicación: 16/06/2022 Importancia: 5 - Crítica Recursos afectados: Cisco Email Security Appliance si: Están ejecutando una versión vulnerable del software Cisco, AsyncOS. Están configurados para utilizar autenticación externa, Utilizan LDAP como protocolo de autenticación. Cisco Secure Email and Web Manager si: Están ejecutando una versión vulnerable del software Cisco AsyncOS, Están configurados para utilizar autenticación externa, Utilizan LDAP como protocolo de autenticación. Cisco Small Business RV Series Routers: RV110W Wireless-N VPN Firewall, RV130 VPN Router, o RV130W Wireless-N Multifunction VPN Router, RV215W Wireless-N VPN Router. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-afectan-productos-cisco

Microsoft June 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

VMSA-2022-0016 CVSSv3 Range: 3.8 Issue Date: 2022-06-14 CVE(s): CVE-2022-21123, CVE-2022-21125, CVE-2022-21166 Synopsis: VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166) Impacted Products VMware ESXi VMware Cloud Foundation https://www.vmware.com/security/advisories/VMSA-2022-0016.html

Vulnerabilidad crítica en el gestor de arranque U-Boot de dispositivos embebidos. https://unaaldia.hispasec.com/2022/06/vulnerabilidad-critica-en-el-gestor-de-arranque-u-boot-de-dispositivos-embebidos.html

Autenticación inadecuada en Dell iDRAC9 Fecha de publicación: 07/06/2022 Identificador: INCIBE-2022-0783 Importancia: 5 - Crítica Recursos afectados: En el producto Dell Precision Workstation 7920 Rack, la tecnología Dell iDRAC9, versiones 5.00.00.00 y posteriores, pero anteriores a 5.10.10.00. Descripción: Se ha identificado una vulnerabilidad crítica en Dell Precision Workstation 7920 Rack que podría ser explotada por un atacante para comprometer el sistema afectado. Solución: Actualizar iDRAC9 a la versión 5.10.10.00. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/autenticacion-inadecuada-dell-idrac9

[Actualización 06/06/2022] Se ha confirmado que las versiones posteriores a la 1.3.0 tambien están afectadas

Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability Summary CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center Advisory Release Date 02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) Affected Products Confluence Confluence Server Confluence Data Center https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

ICS Advisory (ICSA-22-153-01) Carrier LenelS2 HID Mercury access panels Original release date: June 02, 2022 EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier LenelS2 Equipment: HID Mercury access panels sold by LenelS2 Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker access to the device, allowing monitoring of all communications sent to and from the device, modification of onboard relays, changing of configuration files, device instability, and a denial-of-service condition. AFFECTED PRODUCTS Carrier reports these vulnerabilities affect the following HID Mercury access panels sold by LenelS2: LNL-X2210 LNL-X2220 LNL-X3300 LNL-X4420 LNL-4420 S2-LP-1501 S2-LP-4502 S2-LP-2500 S2-LP-1502 https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01

ICS Advisory (ICSA-22-153-02) Illumina Local Run Manager EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Local Run Manager (LRM) Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information RISK EVALUATION Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.. AFFECTED PRODUCTS The following devices and instruments using LRM software are affected: Illumina In Vitro Diagnostic (IVD) devices: NextSeq 550Dx: LRM Versions 1.3 to 3.1 MiSeq Dx: LRM Versions 1.3 to 3.1 Researcher Use Only (ROU) instruments: NextSeq 500 Instrument: LRM Versions 1.3 to 3.1 NextSeq 550 Instrument: LRM Versions 1.3 to 3.1 MiSeq Instrument: LRM Versions 1.3 to 3.1 iSeq 100 Instrument: LRM Versions 1.3 to 3.1 MiniSeq Instrument: LRM Versions 1.3 to 3.1 https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-02

[Actualización 02/06/2022] Múltiples vulnerabilidades en productos Aruba Fecha de publicación: 18/05/2022 Importancia: 5 - Crítica Recursos afectados: AirWave Management Platform, versión 8.2.14.0 y anteriores; Aruba Fabric Composer (AFC) y Plexxi Composable Fabric Manager (CFM), versión 6.2.0 y anteriores; Aruba EdgeConnect Enterprise, versiones ECOS 9.1.1.3, ECOS 9.0.6.0, ECOS 8.3.6.0 y anteriores; Aruba EdgeConnect Enterprise Orchestrator (on-premises). [Actualización 02/06/2022] Aruba ClearPass Policy Manager, versiones: 6.10.4 y anteriores; 6.9.10 y anteriores; 6.8.9 sin hotfix para fallos de Q1 2022 Security. Descripción: Múltiples vulnerabilidades en la biblioteca de procesamiento XML Expat afectan a productos de Aruba. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-aruba

Múltiples vulnerabilidades en GitLab Fecha de publicación: 02/06/2022 Identificador: INCIBE-2022-0776 Importancia: 5 - Crítica Recursos afectados: Versiones anteriores a la 15.0.1, 14.10.4, y 14.9.5, de los productos: GitLab Community Edition (CE), GitLab Enterprise Edition (EE). Descripción: GitLab ha publicado nuevas versiones que solucionan 8 vulnerabilidades, siendo 1 crítica, 2 altas, 4 medias y 1 baja. Solución: Actualizar a la última versión disponible (15.0.1, 14.10.4, 14.9.5 o posteriores). https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-gitlab-0

Multiple Microsoft Office versions impacted by an actively exploited zero-day A zero-day flaw in Microsoft Office that could be exploited by attackers to achieve arbitrary code execution on Windows systems. The cybersecurity researcher nao_sec discovered a malicious Word document (“05-2022-0438.doc”) that was uploaded to VirusTotal from Belarus. The document uses the remote template feature to fetch an HTML and then uses the “ms-msdt” scheme to execute PowerShell code. https://securityaffairs.co/wordpress/131800/hacking/multiple-microsoft-office-versions-zero-day.html https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784/detection https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/

VMSA-2022-0014.1 CVSSv3 Range: 7.8-9.8 Issue Date: 2022-05-18 Updated On: 2022-05-27 CVE(s): CVE-2022-22972, CVE-2022-22973 Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities. Impacted Products VMware Workspace ONE Access (Access) VMware Identity Manager (vIDM) VMware vRealize Automation (vRA) VMware Cloud Foundation vRealize Suite Lifecycle Manager Introduction Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2022-0014.html