SysAdmin 24x7

Fortinet Releases Security Update for FortiOS and FortiProxy Release DateJuly 11, 2023 Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet security release FG-IR-23-183 and apply the necessary updates. https://www.cisa.gov/news-events/alerts/2023/07/11/fortinet-releases-security-update-fortios-and-fortiproxy

Adobe Releases Security Updates for ColdFusion and InDesign Release DateJuly 11, 2023 Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security releases APSB23-38 and APSB23-40 and apply the necessary updates. https://www.cisa.gov/news-events/alerts/2023/07/11/adobe-releases-security-updates-coldfusion-and-indesign

Microsoft Updates July 2023 Security Updates https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

0day de tipo ejecución de código arbitrario en WebKit de Apple Fecha 11/07/2023 Importancia 5 - Crítica Recursos Afectados Versiones anteriores a: iOS 16.5.1 y iPadOS 16.5.1; macOS Ventura 13.4.1; Safari 16.5.2. Descripción Un investigador anónimo ha informado a Apple de una vulnerabilidad, de tipo 0day, que podría permitir a un atacante ejecutar código arbitrario. http://www.incibe.es/incibe-cert/alerta-temprana/avisos/0day-de-tipo-ejecucion-de-codigo-arbitrario-en-webkit-de-apple

VMSA-2023-0007.1 CVSSv3 Range:7.2-9.8 Issue Date:2023-04-20 Updated On:2023-07-10 CVE(s): CVE-2023-20864, CVE-2023-20865 Synopsis: VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865) Impacted Products VMware Aria Operations for Logs (formerly vRealize Log Insight) Introduction Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2023-0007.html

VMSA-2023-0015 CVSSv3 Range:5.3 Issue Date:2023-07-06 CVE(s):CVE-2023-20899 Synopsis: VMware SD-WAN update addresses a bypass authentication vulnerability (CVE-2023-20899) Impacted Products VMware SD-WAN (Edge) Introduction An Authentication Bypass Vulnerability affecting VMware SD-WAN was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products. https://www.vmware.com/security/advisories/VMSA-2023-0015.html

Cisco Switch Flaw Let Attack Reads Encrypted Traffic https://gbhackers.com/cisco-switch-flaw-encryption/ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. Mozilla on Tuesday announced the release of Firefox 115 to the stable channel with patches for a dozen vulnerabilities, including two high-severity use-after-free bugs. Tracked as CVE-2023-37201, the first of the high-severity issues is described as a use-after-free flaw in WebRTC certificate generation. https://www.securityweek.com/firefox-115-patches-high-severity-use-after-free-vulnerabilities/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/

Ghostscript bug could allow rogue documents to run system commands. https://nakedsecurity.sophos.com/2023/07/04/ghostscript-bug-could-allow-rogue-documents-to-run-system-commands/

WordPress plugin lets users become admins – Patch early, patch often! If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest version. https://nakedsecurity.sophos.com/2023/07/03/wordpress-plugin-lets-users-become-admins-patch-early-patch-often/

Microsoft denies data breach, theft of 30 million customer accounts Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive. https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/

Sage soluciona una vulnerabilidad que afecta al uso de credenciales Fecha 04/07/2023 Importancia 4 - Alta Recursos Afectados Sage 200 versión 2023.38.001. Descripción INCIBE ha coordinado la publicación de una vulnerabilidad de tipo 0day que afecta a Sage 200, una solución ERP de gestión de negocio para pequeñas y medianas empresas. Solución Se recomienda actualizar a la versión 2023.75, que soluciona la vulnerabilidad descrita en este aviso. http://www.incibe.es/empresas/avisos/sage-soluciona-una-vulnerabilidad-que-afecta-al-uso-de-credenciales

CVE-2023-26258 – Remote Code Execution in ArcServe UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/

Microsoft Teams vulnerability discovered to bypass file sending restrictions A newly discovered vulnerability in Microsoft Teams allows attackers to push malware onto the devices of other Microsoft Teams users, even if they are considered external. IT security researchers at Jumpsec have discovered a new vulnerability in Microsoft Teams. The vulnerability may be exploited to bypass traditional security protections, e.g., against phishing or malware, to push malicious files to the devices of Microsoft Teams users. https://www.ghacks.net/2023/06/26/microsoft-teams-vulnerability-discovered-to-bypass-file-sending-restrictions/

Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability First Published: 2023 June 7 16:00 GMT Last Updated: 2023 June 22 17:26 GMT Cisco has confirmed that this vulnerability does not affect the following products: Cisco AnyConnect Secure Mobility Client for Linux Cisco AnyConnect Secure Mobility Client for MacOS Cisco Secure Client-AnyConnect for Android Cisco Secure Client AnyConnect VPN for iOS Cisco Secure Client for Linux Cisco Secure Client for MacOS https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

Múltiples vulnerabilidades en BIND Fecha 22/06/2023 Importancia 4 - Alta Recursos Afectados Versiones de BIND: desde 9.11.0 hasta 9.16.41; desde 9.16.33 hasta 9.16.41; desde 9.18.0 hasta 9.18.15; desde 9.19.0 hasta 9.19.13. Versiones de BIND Supported Preview Edition: desde 9.11.3-S1 hasta 9.16.41-S1; desde 9.16.8-S1 hasta 9.16.41-S1; desde 9.18.11-S1 hasta 9.18.15-S1. Las versiones anteriores a 9.11.37 y 9.11.37-S1 no han sido analizadas, pero el fabricante sospecha que todas las versiones 9.11 son vulnerables. Algunas ramas ( branches) principales, incluso más antiguas, también podrían ser vulnerables. Descripción Varios investigadores han reportado 3 vulnerabilidades de severidad alta que afectan a BIND, cuya explotación podría provocar una condición de denegación de servicio (DoS), un desbordamiento de búfer o forzar la finalización de la instancia name . https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-bind

Múltiples vulnerabilidades 0day en productos de Apple Fecha 22/06/2023 Importancia 5 - Crítica Recursos Afectados Versiones anteriores a: Safari 16.5.1 iOS 16.5.1 e iPadOS 16.5.1 iOS 15.7.7 e iPadOS 15.7.7 macOS Ventura 13.4.1 macOS Monterey 12.6.7 macOS Big Sur 11.7.8 watchOS 9.5.2 watchOS 8.8.1 Descripción Georgy Kucherin, Leonid Bezvershenko y Boris Larin, de Kaspersky, han informado a Apple 3 sobre vulnerabilidades 0day que podrían permitir a un atacante ejecutar código arbitrario. https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-0day-en-productos-de-apple

VMSA-2023-0014 CVSSv3 Range: 5.9 - 8.1 Issue Date: 2023-06-22 CVE(s): CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896 Synopsis: VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896) Impacted Products VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) https://www.vmware.com/security/advisories/VMSA-2023-0014.html

Vulnerabilidad TOCTOU en el firmware AMI UEFI de PC HP Fecha 21/06/2023 Importancia 4 - Alta Recursos Afectados Firmware AMI UEFI. Descripción Los investigadores de Intel iStare Jonathan Lusky y Benny Zeltser han reportado una vulnerabilidad de severidad alta que podría permitir la ejecución de código arbitrario. Solución AMI ha publicado actualizaciones para mitigar la posible vulnerabilidad. Revisa el aviso oficial para comprobar las versiones para las que existe solución (ver apartado de 'Referencias'). http://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-toctou-en-el-firmware-ami-uefi-de-pc-hp