4088
Noticias y alertas de seguridad informática. Chat y contacto: t.me/sysadmin24x7chat
WHD 12.8.3 Hotfix 1
All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed.
Aug 16, 2024•Success Center
First Published Date
8/13/2024 10:12 PM
Last Published Date
8/16/2024 8:30 PM
Overview
For your protection and to quickly deliver SolarWinds customers a secure version of WHD, we applied an aggressive security patch in WHD 12.8.3 Hotfix 1 on August 13, 2024. In a few cases, this approach impacted product functionality such as SSO. See the known issues for WHD 12.8.3 Hotfix 1.
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Remote code execution within ping script (CVE-2024-22116)
CVSS score 9.9
Resolution Fixed
Remote code execution within ping script
Description
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
https://support.zabbix.com/plugins/servlet/mobile#issue/ZBX-25016
Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks
Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks.
https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38063
Security Vulnerability
Released: Aug 13, 2024
CVSS Source: Microsoft
CVSS:3.1 9.8 / 8.5
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager
Release DateAugust 13, 2024
Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface and follow industry best practices by adhering to Ivanti’s network configuration guidance to restrict access to the management interface.
CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates:
Security Advisory: Ivanti Avalanche
Security Advisory: Ivanti Neurons for ITSM
Security Advisory: Ivanti Virtual Traffic Manager (vTM)
https://www.cisa.gov/news-events/alerts/2024/08/13/ivanti-releases-security-updates-avalanche-neurons-itsm-and-virtual-traffic-manager
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs, mobile devices, and many other smart devices worldwide, numbering in the millions. Attackers could chain and remotely exploit some of the discovered vulnerabilities to achieve an attack chain consisting of remote code execution (RCE) and local privilege escalation (LPE).
https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/
Múltiples vulnerabilidades en Jenkins
Fecha 08/08/2024
Importancia 5 - Crítica
Recursos Afectados
Jenkins weekly, hasta la versión 2.470 incluida;
Jenkins LTS, hasta la versión 2.452.3 incluida.
Descripción
Varios investigadores han reportado 2 vulnerabilidades, de severidad crítica y media, que afectan al core de Jenkins. La explotación de estas vulnerabilidades podría permitir a un atacante remoto ejecutar código o acceder a información de otros usuarios.
Solución
Jenkins weekly, actualizar a 2.471;
Jenkins LTS, actualizar a 2.452.4 o 2.462.1.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-jenkins
Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement
Vulnerability Note VU#244112
Original Release Date: 2024-07-30 | Last Revised: 2024-08-02
https://kb.cert.org/vuls/id/244112
Múltiples vulnerabilidades en ClearPass Policy Manager de HPE
Fecha 31/07/2024
Importancia 5 - Crítica
Recursos Afectados
ClearPass Policy Manager, versiones:
6.12.1 y anteriores;
6.11.8 y anteriores.
Descripción
HPE Product Security Response Team ha reportado 4 vulnerabilidades: 1 de severidad crítica, 1 alta y 2 medias. La explotación de estas vulnerabilidades podría permitir a un atacante omitir el proceso de autenticación, divulgar información sensible o realizar una inyección SQL.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-clearpass-policy-manager-de-hpe
Feliz SysAdminDay a tod@s
Día del Administrador de Sistemas Informáticos
Viernes 26 de julio de 2024
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
https://www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/
Múltiples vulnerabilidades en Endpoint Manager para Mobile de Ivanti
Fecha 23/07/2024
Importancia 5 - Crítica
Recursos Afectados
Endpoint Manager for Mobile: versiones anteriores a 11.12.0.3, 12.0.0.3 and 12.1.0.1.
Descripción
Ivanti ha publicado 4 vulnerabilidades: 1 de severidad crítica, 2 altas y una media. La explotación de estas vulnerabilidades podría permitir fuga de información, acceso a recursos y ejecución de código.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-endpoint-manager-para-mobile-de-ivanti
Pantalla Azul de la Muerte, Empresas de Todo el Mundo Afectadas por Error de CrowdStrike
https://unaaldia.hispasec.com/2024/07/pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike.html?utm_source=rss&utm_medium=rss&utm_campaign=pantalla-azul-de-la-muerte-empresas-de-todo-el-mundo-afectadas-por-error-de-crowdstrike
Cisco Secure Email Gateway Arbitrary File Write Vulnerability
Advisory ID: cisco-sa-esa-afw-bGG2UsjH
First Published: 2024 July 17 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCwj53998
CVE-2024-20401
CWE-36
CVSS Score: Base 9.8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Ejecución de código remoto en Web Help Desk de SolarWinds
Fecha 16/08/2024
Importancia 5 - Crítica
Recursos Afectados
Web Help Desk: versiones 12.4, 12.5, 12.6, 12.7 y 12.8.
Descripción
SolarWinds ha publicado un parche para corregir una vulnerabilidad crítica que afectaría a Web Help Desk.
SolarWinds agradece a Inmarsat Government y Viasat su ayuda en esta vulnerabilidad.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-de-codigo-remoto-en-web-help-desk-de-solarwinds
A PoC exploit code is available for critical Ivanti vTM bug
Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.
Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS score of 9.8), impacting Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.
https://securityaffairs.com/166991/hacking/ivanti-virtual-traffic-manager-flaw.html
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593
FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could allow remote code execution with elevated privileges.
The maintainers of the FreeBSD Project have released urgent security updates to address a high-severity flaw, tracked as CVE-2024-7589, (CVSS score of 7.4) in OpenSSH. A remote attacker could exploit the vulnerability to execute arbitrary code with elevated privileges.
OpenSSH is an implementation of the SSH protocol suite that offers encrypted and authenticated transport for various services, including remote shell access.
https://securityaffairs.com/166941/security/freebsd-openssh-flaw.html
Adobe Releases Security Updates for Multiple Products
Release DateAugust 14, 2024
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
https://www.cisa.gov/news-events/alerts/2024/08/14/adobe-releases-security-updates-multiple-products
Microsoft Releases August 2024 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2024-Aug
Vulnerabilidades críticas 0day en teléfonos IP Cisco SPA300 y SPA500
Fecha 08/08/2024
Importancia 5 - Crítica
Recursos Afectados
Todas las versiones de software que se ejecutan en los teléfonos IP de la serie Cisco Small Business:
SPA300;
SPA500.
Descripción
Se han detectado múltiples vulnerabilidades críticas 0day en la interfaz de usuario web de teléfonos IP de Cisco Small Business. Estas vulnerabilidades podrían permitir a un ciberdelincuente ejecutar comandos arbitrarios en el sistema operativo del dispositivo o provocar una condición de denegación de servicio (DoS).
Solución
Por el momento, Cisco no ha lanzado actualizaciones de software que solucionen estas vulnerabilidades. Tampoco, existen soluciones alternativas para abordar las vulnerabilidades, por lo que se recomienda a las empresas que utilicen los productos afectados, considerar la migración a dispositivos más recientes y con soporte activo.
Los ataques de denegación de servicio (DoS) buscan sobrecargar un sistema o red para interrumpir su funcionamiento, haciéndolos inaccesibles para los usuarios. Recuerda que los dispositivos móviles, tanto los empresariales como los personales que se utilizan en el ámbito laboral (BYOD), también deben de estar protegidos para evitar ciberataques.
https://www.incibe.es/empresas/avisos/vulnerabilidades-criticas-0day-en-telefonos-ip-cisco-spa300-y-spa500
Critical 1Password Vulnerability: Hackers Could Exploit Security Flaw to Access Unlock Keys
https://thecyberexpress.com/critical-1password-vulnerability/
[Actualización 01/08/2024] regreSSHion: vulnerabilidad RCE en servidor OpenSSH
Fecha 02/07/2024
Importancia 4 - Alta
Recursos Afectados
Versiones de OpenSSH afectadas por esta vulnerabilidad:
anteriores a 4.4p1, a menos que estén parcheadas para CVE-2006-5051 y CVE-2008-4109;
desde 4.4p1 hasta la anterior a 8.5p1, no son vulnerables debido a un parche aplicado para CVE-2006-5051;
desde 8.5p1 hasta la anterior a 9.8p1.
Los sistemas OpenBSD no están afectados.
[Actualización 01/08/2024]
Productos afectados de Red Lion Europe:
mbCONNECT24 y mymbCONNECT24: versiones anteriores a 2.16.1.
mbNET y mbNET.rokey: versión 8.0.0 y anteriores a 8.2.0.
Productos afectados de Helmholz:
myREX24 V2 y myREX24 V2 virtual: versiones anteriores a 2.16.1.
REX200 y REX250: versión 8.0.0 y anteriores a 8.2.0.
Descripción
El equipo de Qualys Threat Research Unit (TRU) ha descubierto una vulnerabilidad que posibilitaría la ejecución remota de código, no autenticado (RCE), con privilegios de root en el servidor de OpenSSH ( sshd) que afecta en sistemas Linux basados en glibc, y a la que se ha denominado con el alias regreSSHion.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/regresshion-vulnerabilidad-rce-en-servidor-openssh
Microsoft Dynamics 365 Elevation of Privilege Vulnerability
CVE-2024-38182
Security Vulnerability
Released: Jul 31, 2024
Description
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38182
https://www.cve.org/CVERecord?id=CVE-2024-38182
STARGAZERS GHOST NETWORK
Introduction
Threat actors continually evolve their tactics to stay ahead of detection. Traditional methods of malware distribution via emails containing malicious attachments are heavily monitored, and the general public has become more aware of these tactics. Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods. Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables.
https://research.checkpoint.com/2024/stargazers-ghost-network/
Vulnerabilities in LangChain Gen AI
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
REMEDIATION AND GUIDANCE HUB:
FALCON CONTENT UPDATE
FOR WINDOWS HOSTS
Page last updated 2024-07-24 0335 UTC
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
CCN-CERT AV 12/24 Indisponibilidad de equipos Windows por fallo en el agente Falcon de CrowdStrike
https://www.ccn-cert.cni.es/es/seguridad-al-dia/avisos-ccn-cert/12981-ccn-cert-av-12-24-indisponibilidad-de-equipos-windows-por-fallo-en-el-agente-falcon-de-crowdstrike.html
Actualizaciones críticas en Oracle (julio 2024)
Fecha 17/07/2024
Importancia 5 - Crítica
Recursos Afectados
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizaciones-criticas-en-oracle-julio-2024
Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.
The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite).
https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/