SysAdmin 24x7

Critical Samba bug could let anyone become Domain Admin – patch now! https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/

Múltiples vulnerabilidades en Dell Embedded NAS Fecha de publicación: 28/07/2022 Identificador: INCIBE-2022-0852 Importancia: 5 - Crítica Recursos afectados: Dell PowerMax Embedded NAS, versiones anteriores a la 8.1.15.401. Solución:  Actualizar a Dell PowerMax Embedded NAS versión 8.1.15.401. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-dell-embedded-nas

Printing to USB-connected printers might fail OS Build 19044.1806 KB5014666 2022-06-28 https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#printing-to-usb-connected-printers-might-fail

WITH MANAGEMENT COMES RISK: FINDING FLAWS IN FILEWAVE MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/

Zero Day attacks target online stores using PrestaShop Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. https://securityaffairs.co/wordpress/133669/hacking/prestashop-zero-day.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36408

UNAUTHENTICATED SQL INJECTION IN SONICWALL GMS AND ANALYTICS Advisory ID: SNWLID-2022-0007 First Published: 2022-07-21 Workaround: true Status: Applicable CVE: CVE-2022-22280 CVSS v3: 9.4 SUMMARY Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007

Zyxel firewall vulnerabilities left business networks open to abuse. Severity of code execution bug mitigated by ‘high uptake’ of previous patch Zyxel has released patches for several of its firewall products following the discovery of two security vulnerabilities that left business networks open to exploitation. CVE-2022-2030 CVE-2022-30526 https://portswigger.net/daily-swig/zyxel-firewall-vulnerabilities-left-business-networks-open-to-abuse

VMSA-2021-0025.3 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 CVE(s): CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) Introduction A privilege escalation vulnerability in VMware Center Server was privately reported to VMware. Workarounds are available to remediate this vulnerability in the affected VMware products. https://www.vmware.com/security/advisories/VMSA-2021-0025.html

Cisco Nexus Dashboard Unauthorized Access Vulnerabilities Advisory ID: cisco-sa-ndb-mhcvuln-vpsBPJ9y First Published: 2022 July 20 16:00 GMT Cisco Bug IDs: CSCwa75451 CSCwa93560 CSCwb24518 CVE-2022-20857 CVE-2022-20858 CVE-2022-20861 CWE-306 CWE-352 CVSS Score: Base 9.8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndb-mhcvuln-vpsBPJ9y

July 2022: Atlassian Security Advisories Overview Hardcoded password (CVE-2022-26138) Multiple Servlet Filter Vulnerabilities (CVE-2022-26136, CVE-2022-26137) https://confluence.atlassian.com/security/july-2022-atlassian-security-advisories-overview-1142446703.html

Oracle Critical Patch Update Advisory - July 2022. https://www.oracle.com/security-alerts/cpujul2022.html

‘Password extraction risk’ in identity provider Okta disputed. Researchers go public after vendor disputes impersonation threat https://portswigger.net/daily-swig/password-extraction-risk-in-identity-provider-okta-disputed

Múltiples vulnerabilidades en productos Dell Fecha de publicación: 19/07/2022 Identificador: INCIBE-2022-0839 Importancia: 5 - Crítica Recursos afectados: Dell Avamar Server Hardware Appliance, Gen4S y Gen4T, Dell Avamar Virtual Edition, Dell Avamar NDMP Accelerator, Dell Avamar VMware Image Proxy, Dell NetWorker Virtual Edition (NVE), Dell PowerProtect DP Series Appliance, Dell Integrated Data Protection Appliance (IDPA). Descripción: Se han publicado múltiples vulnerabilidades en productos Dell que podrían permitir a un atacante comprometer el sistema afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-dell

Software Vendors Start Patching Retbleed CPU Vulnerabilities. Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors. https://www.securityweek.com/software-vendors-start-patching-retbleed-cpu-vulnerabilities

Múltiples vulnerabilidades en Moodle Fecha de publicación: 18/07/2022 Identificador: INCIBE-2022-0837 Importancia: 5 - Crítica Recursos afectados: Versiones: de la 4.0 a la 4.0.1; de la 3.11 a la 3.11.7; de la 3.9 a la 3.9.14; versiones anteriores no soportadas. Descripción: Diversas investigaciones han reportado 6 vulnerabilidades en Moodle, 3 de severidad crítica y 3 bajas, por las que un atacante podría realizar ejecución remota de código, lectura arbitraria de archivos, XSS, SSRF y redirección abierta. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-moodle-20

Inyección XXE en OpenKM Fecha de publicación: 15/07/2022 Identificador: INCIBE-2022-0831 Importancia: 4 - Alta Recursos afectados: OpenKM Document Management Community, versión 6.3.10 y anteriores. Descripción: INCIBE ha coordinado la publicación de una vulnerabilidad en OpenKM, con el código interno INCIBE-2022-0831, que ha sido descubierta por Keval Shah. A esta vulnerabilidad se le ha asignado el código CVE-2022-2131. Se ha calculado una puntuación base CVSS v3.1 de 8,5, siendo el cálculo del CVSS el siguiente: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. Solución: Esta vulnerabilidad ha sido resuelta por el equipo de OpenKM en la versión 6.3.11, publicada el 20/05/2021. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/inyeccion-xxe-openkm

Múltiples vulnerabilidades en productos Juniper Fecha de publicación: 14/07/2022 Identificador: INCIBE-2022-0835 Importancia: 5 - Crítica Recursos afectados: Juniper Networks NorthStar Controller: versiones anteriores a 5.1.0 Service Pack 6; versiones 6 anteriores a 6.2.2. Juniper Networks Junos Space Policy Enforcer, versiones anteriores a 22.1R1. Juniper Networks Contrail Networking, versiones anteriores a 21.4.0. Juniper Networks Junos Space, versiones anteriores a 22.1R1. Descripción: Juniper ha publicado 4 avisos de severidad crítica que recogen múltiples vulnerabilidades. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-juniper-12

July 2022 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul

Citrix Hypervisor Security Bulletin for CVE-2022-23816 and CVE-2022-23825 https://support.citrix.com/article/CTX461397/citrix-hypervisor-security-bulletin-for-cve202223816-and-cve202223825