SysAdmin 24x7

Múltiples vulnerabilidades en productos de Cisco Fecha de publicación: 04/11/2021 Importancia: 5 - Crítica Recursos afectados: Cisco Policy Suite, versiones: 20.2.0 y anteriores; 21.1.0. Catalyst PON Switch: CGP-ONT-1P, versión 1.1; CGP-ONT-4P, versión 1.1; CGP-ONT-4PV, versión 1.1; CGP-ONT-4PVC, versión 1.1; CGP-ONT-4TVCW, versión 1.1. Descripción: Cisco ha reportado tres vulnerabilidades de severidad crítica y otra de severidad alta que podrían permitir a un atacante, remoto y no autenticado, realizar una escalada de privilegios, ejecutar comandos arbitrarios, tomar el control del dispositivo o modificar parámetros de configuración. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-cisco-79

Trojan Source: vulnerabilidades en Unicode que afectan a compiladores Fecha de publicación: 04/11/2021 Importancia: 5 - Crítica Recursos afectados: Prácticamente todos los compiladores de código; estándar de codificación Unicode, hasta la versión 14.0; Rust, versiones desde 1.0.0 hasta 1.56.0. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/trojan-source-vulnerabilidades-unicode-afectan-compiladores

Ausencia de cifrado de información sensible en Meross MSS550X Fecha de publicación: 04/11/2021 Importancia: 5 - Crítica Recursos afectados: Smart Wi-Fi 2 Way Wall Switch (MSS550X), versión 3.1.3 y anteriores. Descripción: INCIBE ha coordinado la publicación de una vulnerabilidad en Meross MSS550X, con el código interno INCIBE-2021-0450, que ha sido descubierta por Gerard Fuguet Morales. A esta vulnerabilidad se le ha asignado el código CVE-2021-3774. Se ha calculado una puntuación base CVSS v3.1 de 9,3; siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. Solución: El problema ha sido solucionado por Meross en MSS550X, versión 3.2.3 https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ausencia-cifrado-informacion-sensible-meross-mss550x

Remote code execution flaw patched in Linux Kernel TIPC module. The bug was spotted within a year of introduction to the codebase. A code execution vulnerability has been patched in the TIPC module of the Linux Kernel. https://www.zdnet.com/article/remote-code-execution-flaw-patched-in-linux-kernel-tipc-module/

DCOM abuse and lateral movement with Cobalt Strike. https://www.pentestpartners.com/security-blog/dcom-abuse-and-lateral-movement-with-cobalt-strike/

Phishing advisory issued on November 1, 2021 Phishing emails seemingly coming from a Kaspersky email address. https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing

Android Patches Actively Exploited Zero-Day Kernel Bug. https://threatpost.com/android-patches-exploited-kernel-bug/175931/ https://source.android.com/security/bulletin/2021-11-01

Critical Flaws Uncovered in Pentaho Business Analytics Software. https://thehackernews.com/2021/11/critical-flaws-uncovered-in-pentaho.html

Mozilla Releases Security Updates for Firefox and Firefox ESR Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Mozilla security advisories for Firefox 94 and Firefox ESR 91.3. https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/mozilla-releases-security-updates-firefox-and-firefox-esr

FBI Releases PIN on Attacks Using Significant Financial Events for Extortion The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies. CISA encourages users and administrators to review Ransomware Actors Use Significant Financial Events and Stock Valuation to Facilitate Targeting and Extortion of Victims and apply the recommended mitigations. https://us-cert.cisa.gov/ncas/current-activity/2021/11/03/fbi-releases-pin-attacks-using-significant-financial-events

CVE-2021-39238 Detail Description Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. https://nvd.nist.gov/vuln/detail/CVE-2021-39238 https://support.hp.com/us-en/document/ish_5000383-5000409-16

Office 365 Phishing Campaign Uses Kaspersky’s Amazon SES Token. https://threatpost.com/office-365-phishing-campaign-kasperskys-amazon-ses-token/175915/

Vulnerabilidad en la autenticación en GoCD Fecha de publicación: 02/11/2021 Importancia: 5 - Crítica Recursos afectados: GoCD, versiones de la 20.6.0 a la 21.2.0. Descripción: Una vulnerabilidad relativa a la autenticación en GoCD podría permitir a un atacante no autenticado extraer los tokens y otra información sensible, como archivos arbitrarios, de instancias del servidor GoCD. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-autenticacion-gocd

Ejecución remota de código en Log360 de ManageEngine Fecha de publicación: 02/11/2021 Importancia: 5 - Crítica Recursos afectados: ManageEngine Log360, versiones anteriores a la 5235. Descripción: Tenable ha reportado a ManageEngine una vulnerabilidad de severidad crítica que podría permitir a un atacante la ejecución remota de código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-remota-codigo-log360-manageengine

Microsoft warns of rise in password sprays targeting cloud accounts. https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/

Synology-SA-21:27 ISC BIND A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology DNS Server. https://www.synology.com/en-global/security/advisory/Synology_SA_21_27

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability Advisory ID: cisco-sa-asa-ftd-dos-Unk689XY First Published: 2021 October 27 16:00 GMT Cisco Bug IDs: CSCvx79526 CVSS Score: Base 8.6 Summary A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dos-Unk689XY

Multiple Cisco Products Snort Rule Denial of Service Vulnerability Advisory ID: cisco-sa-snort-dos-RywH7ezM First Published: 2021 October 27 16:00 GMT Cisco Bug IDs: CSCvy66065 CVSS Score: Base 8.6 Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-RywH7ezM

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability Advisory ID: cisco-sa-asaftd-dos-4ygzLKU9 First Published: 2021 October 27 16:00 GMT Cisco Bug IDs: CSCvy43187 CVSS Score: Base 8.6 Summary A vulnerability in SSL/TLS message handler for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incoming SSL/TLS packets are not properly processed. An attacker could exploit this vulnerability by sending a crafted SSL/TLS packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-4ygzLKU9

Cisco Firepower Threat Defense Software Command Injection Vulnerabilities Advisory ID:cisco-sa-ftd-cmdinject-FmzsLN8 First Published: 2021 October 27 16:00 GMT Cisco Bug IDs: CSCvx86283 CSCvy16559 CSCvy16573 CVSS Score:Base 7.8 Summary Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-cmdinject-FmzsLN8