SysAdmin 24x7

SAP Security Patch Day –July2022 https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Microsoft July 2022 Patch Tuesday fixes exploited zero-day, 84 flaws The number of bugs in each vulnerability category is listed below: 52 Elevation of Privilege Vulnerabilities 4 Security Feature Bypass Vulnerabilities 12 Remote Code Execution Vulnerabilities 11 Information Disclosure Vulnerabilities 5 Denial of Service Vulnerabilities https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2022-patch-tuesday-fixes-exploited-zero-day-84-flaws/

VMSA-2022-0020 CVSSv3 Range: 5.6 Issue Date: 2022-07-12 CVE(s): CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825 Synopsis: VMware ESXi addresses Return-Stack-Buffer-Underflow and Branch Type Confusion vulnerabilities https://www.vmware.com/security/advisories/VMSA-2022-0020.html

VMSA-2022-0018 CVSSv3 Range: 5.3 Issue Date: 2022-07-12 CVE(s):CVE-2022-22982 Synopsis: VMware vCenter Server updates address a server-side request forgery vulnerability (CVE-2022-22982) https://www.vmware.com/security/advisories/VMSA-2022-0018.html

VMSA-2021-0025.2 CVSSv3 Range: 7.1 Issue Date: 2021-11-10 CVE(s): CVE-2021-22048 Synopsis: VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048) https://www.vmware.com/security/advisories/VMSA-2021-0025.html

VMSA-2022-0019 CVSSv3 Range: 3.9 Issue Date: 2022-07-12 CVE(s): CVE-2022-31654, CVE-2022-31655 Synopsis: VMware vRealize Log Insight contains multiple stored cross-site scripting vulnerabilities https://www.vmware.com/security/advisories/VMSA-2022-0019.html

Vulnerabilidad 0day de credenciales en texto claro en Vinchin Backup and Recovery Fecha de publicación: 11/07/2022 Identificador: INCIBE-2022-0827 Importancia: 5 - Crítica Recursos afectados: Vinchin Backup and Recovery. Descripción: Esjay ha descubierto una vulnerabilidad 0day crítica, publicada por ZDI de Trend Micro, en Backup and Recovery de Vinchin, que podría permitir a un atacante remoto omitir la autenticación del producto afectado. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-0day-credenciales-texto-claro-vinchin-backup-and

Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability CVE-2022-29149 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-29149

Cisco Releases Security Updates for Multiple Products Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. https://www.cisa.gov/uscert/ncas/current-activity/2022/07/07/cisco-releases-security-updates-multiple-products

OpenSSL Releases Security Update Original release date: July 06, 2022 OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. https://www.cisa.gov/uscert/ncas/current-activity/2022/07/06/openssl-releases-security-update https://www.openssl.org/news/secadv/20220705.txt

Vulnerabilidad de inyección SQL a través de Django Fecha de publicación: 05/07/2022 Identificador: INCIBE-2022-0821 Importancia: 4 - Alta Recursos afectados: Rama principal de Django, Django 4.1 (actualmente en estado beta), Django 4.0, Django 3.2. Descripción: El investigador Takuto Yoshikai, de Aeye Security Lab, ha informado de una posible vulnerabilidad de inyección SQL en Django, un conocido framework de desarrollo web basado en Python. Un atacante podría aprovechar esta vulnerabilidad para efectuar ataques de inyección SQL en páginas web desarrolladas con este framework. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/vulnerabilidad-inyeccion-sql-traves-django

Tens of Jenkins plugins are affected by zero-day vulnerabilities. Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. https://securityaffairs.co/wordpress/132836/security/jenkins-plugins-zero-day-flaws.html

Routers de diversos fabricantes objetivos del nuevo malware ZuoRAT https://unaaldia.hispasec.com/2022/07/routers-de-diversos-fabricantes-objetivos-del-nuevo-malware-zuorat.html

Patch Now: Linux Container-Escape Flaw in Azure Service Fabric. Microsoft is urging organizations that don't have automatic updates enabled to update to the latest version of Linux Server Fabric to thwart the "FabricScape" cloud bug. Microsoft this week disclosed a serious container-escape vulnerability in its widely used Azure Service Fabric technology, which gives attackers a way to gain root privileges on the host node and take over all other nodes in the cluster. The privilege-escalation bug is only exploitable on Linux containers, though it is present in Windows container environments as well, Microsoft said in an advisory Tuesday. https://www.darkreading.com/remote-workforce/patch-now-linux-container-escape-flaw-azure-service-fabric https://www.theregister.com/2022/06/29/azure_service_fabric_cve_2022_30137/ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137

Múltiples vulnerabilidades en productos Netgear Fecha de publicación: 30/06/2022 Identificador: INCIBE-2022-0816 Importancia: 5 - Crítica Descripción: Las investigaciones de wtbw han reportado 2 vulnerabilidades críticas en varios productos de Netgear. Solución: Descargar la última versión del firmware disponible para cada producto desde la página web de soporte de Netgear. Detalle: Las vulnerabilidades son del tipo: omisión de autenticación, inyección de comandos previa a la autenticación. https://www.incibe-cert.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-productos-netgear-20 https://www.netgear.com/support/?_ga=2.103705091.246084655.1656482490-551952353.1601964157

Dozens of cryptography libraries vulnerable to private key theft. Signing mechanism security shortcomings exposed A poor implementation of Ed25519, a popular digital signature algorithm, has left dozens of cryptography libraries vulnerable to attacks. According to Konstantinos Chalkias, a cryptographer at MystenLabs who discovered and reported the vulnerability, attackers could exploit the bug to steal private keys from cryptocurrency wallets. Some but not yet all of the vulnerable technologies have been patched. https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft https://github.com/MystenLabs/ed25519-unsafe-libs

Mitel VoIP Bug Exploited in Ransomware Attacks. Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments. https://threatpost.com/mitel-voip-bug-exploited/180079/

Múltiples vulnerabilidades en SRM de Synology Fecha de publicación: 27/06/2022 Importancia: 4 - Alta Recursos afectados: Synology Router Manager (SRM), versiones 1.2 y 1.3. Descripción: Synology ha publicado varias vulnerabilidades de severidad alta que afectan al software SRM, las cuales podrían permitir a un ciberatacante inyectar comandos SQL o leer y escribir archivos arbitrarios. https://www.incibe.es/protege-tu-empresa/avisos-seguridad/multiples-vulnerabilidades-srm-synology

Citrix Releases Security Updates for Hypervisor Description of Problem A security issue has been identified in Citrix Hypervisor 7.1 LTSR CU2 that may allow privileged code in a PV guest VM to compromise the host. Citrix believes that there would be significant complexity in performing this attack in Citrix Hypervisor. The issue has the following CVE identifier: CVE-2022-26362 In addition Intel has disclosed several issues that affect CPU hardware and may allow code inside a guest VM to access very small sections of memory data that are actively being used elsewhere on the system. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include product changes to mitigate these CPU issues. These issues have the following CVE identifiers: CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 Customers who are not running PV guest VMs are not affected by the Citrix Hypervisor issue. Customers who are not using Intel CPUs are not affected by the Intel CPU issues. https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability CVE-2022-30131 Released: Jun 14, 2022 Last updated: Jun 22, 2022 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30131