SysAdmin 24x7

Cisco Releases Security Update for Cisco Identity Services Engine Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates. https://www.cisa.gov/uscert/ncas/current-activity/2022/10/21/cisco-releases-security-update-cisco-identity-services-engine

Múltiples vulnerabilidades en Adobe iota All-In-One Security Kit Fecha de publicación: 21/10/2022 Identificador: INCIBE-2022-0983 Importancia: 5 - Crítica Recursos afectados: Abode iota All-In-One Security Kit, versiones 6.9X y 6.9Z. Descripción: Matt Wiseman, investigador de Cisco Talos, ha reportado varias vulnerabilidades, algunas de ellas críticas, en Abode iota All-In-One Security Kit, cuya explotación podría permitir a un atacante cambiar credenciales, inyectar código, modificar información sensible de configuración, apagar el sistema, divulgar información o causar una condición de denegación de servicio (DoS), entre otras acciones. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-adobe-iota-all-one-security-kit

Ejecución de código remoto en productos de F5 Fecha de publicación: 20/10/2022 Identificador: INCIBE-2022-0980 Importancia: 5 - Crítica Recursos afectados: El componente iControl REST en BIG-IP (WAF avanzado, ASM) en las versiones: desde la 16.1.0 hasta 16.1.3; desde la 15.1.0 hasta 15.1.6; desde la 14.1.0 hasta 14.1.5; desde la 13.1.0 hasta 13.1.5. Descripción: Existe una vulnerabilidad de ejecución de código remota en la interfaz de BIG-IP iControl REST cuando se suministra el módulo 5 BIG-IP Advanced WAF o BIG-IP ASM. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/ejecucion-codigo-remoto-productos-f5

Credenciales LDAP expuestas en Liferay Fecha de publicación: 20/10/2022 Identificador: INCIBA-2022-0979 Importancia: 5 - Crítica Recursos afectados: La funcionalidad Test LDAP Users en Liferay Portal 7.0.0 a 7.4.3.4. Descripción: Se ha identificado una vulnerabilidad crítica que incluye credenciales del protocolo LDAP en la URL al paginar la lista de usuarios. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/credenciales-ldap-expuestas-liferay

Microsoft data breach exposes customers’ contact info, emails. Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. The company secured the server after being notified of the leak on September 24, 2022 by security researchers at threat intelligence firm SOCRadar. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed. https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/

Zoom for Mac patches sneaky “spy-on-me” bug – update now! https://nakedsecurity.sophos.com/2022/10/18/zoom-for-mac-patches-sneaky-spy-on-me-bug-update-now/

Microsoft fixes Windows TLS handshake failures in out-of-band updates. Microsoft has issued an out-of-band (OOB) non-security update to address an issue triggering SSL/TLS handshake failures on client and server platforms. On affected devices, users will see SEC_E_ILLEGAL_MESSAGE errors in applications when connections to servers experience issues. "We address an issue that might affect some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections. These connections might have handshake failures," Microsoft explains. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-tls-handshake-failures-in-out-of-band-updates/

Dangerous hole in Apache Commons Text – like Log4Shell all over again. https://nakedsecurity.sophos.com/2022/10/18/dangerous-hole-in-apache-commons-text-like-log4shell-all-over-again/

CVE-2022-28762: Zoom for macOS contains a debugging port misconfiguration. Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. Zoom Client for Meetings for macOS (Standard and for IT Admin) is affected by a debugging port misconfiguration. The issue, tracked as CVE-2022-28762, received a CVSS severity score of 7.3. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running specific Zoom Apps, a local debugging port is opened by the client. A local malicious user can exploit the debugging port to connect to and control the Apps running in the Zoom client. https://securityaffairs.co/wordpress/137266/security/zoom-macos-cve-2022-28762.html

Actualizaciones críticas en Oracle (octubre 2022) Fecha de publicación: 19/10/2022 Identificador: INCIBE-2022-0977 Importancia: 5 - Crítica Descripción: Oracle ha publicado una actualización crítica con parches para corregir vulnerabilidades, que afectan a múltiples productos. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizaciones-criticas-oracle-octubre-2022

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/

Actualización de seguridad 6.0.3 para WordPress Fecha de publicación: 18/10/2022 Identificador: INCIBE-2022-0974 Importancia: 4 - Alta Recursos afectados: WordPress, versiones anteriores a 6.0.3. Descripción: Se ha publicado la última versión de WordPress que contiene correciones de seguridad. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/actualizacion-seguridad-603-wordpress

RCE en la librería Apache Commons Text Fecha de publicación: 18/10/2022 Identificador: INCIBE-2022-0975 Importancia: 5 - Crítica Recursos afectados: Apache Commons Text, desde la versión 1.5 hasta la 1.9, ambas incluidas. Descripción: Apache ha publicado una vulnerabilidad en su librería Apache Commons Text que podría permitir a un atacante remoto ejecutar código. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/rce-libreria-apache-commons-text

ICS Advisory (ICSA-22-291-01) EXECUTIVE SUMMARY CVSS v3: 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution. https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01

Active Directory Certificate Services Elevation of Privilege Vulnerability CVE-2022-37976 CVSS: 8.8 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976

Aruba fixes critical vulnerabilities in EdgeConnect Enterprise Orchestrator. https://securityaffairs.co/wordpress/137000/security/aruba-edgeconnect-flaws.html

Adobe Releases Security Updates for Multiple Products Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates. • Adobe Cold Fusion APSB22-44 • Adobe Acrobat and Reader APSB22-46 • Adobe Commerce and Magneto Open Source APSB22-48 • Adobe Dimension APSB22-57 https://www.cisa.gov/uscert/ncas/current-activity/2022/10/11/adobe-releases-security-updates-multiple-products

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability CVE-2022-37968 CVSS:3.1 10.0 / 8.7 Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37968

October 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct

VMSA-2021-0025.4 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 Updated On: 2022-10-11 CVE(s):CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2021-0025.html