SysAdmin 24x7

28 September 2024 09:54

Improper signature verification of driver installation in TeamViewer Remote clients

Bulletin ID
TV-2024-1006
Issue Date Sep 25, 2024
Priority Important
CVSS 8.8 (High)
Assigned CVE CVE-2024-7479, CVE-2024-7481

Affected Products
TeamViewer Remote
TeamViewer Tensor

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2024-1006/

SysAdmin 24x7

27 September 2024 18:59

Múltiples vulnerabilidades en OpenPrinting CUPS

Fecha 27/09/2024
Importancia 5 - Crítica

Recursos Afectados
CVE-2024-47176: cups-browsed, versiones 2.0.1 y anteriores;
CVE-2024-47076: libcupsfilters, versiones 2.1b1 y anteriores;
CVE-2024-47175: libppd, versiones 2.1b1 y anteriores;
CVE-2024-47177: cups-filters, versiones 2.0.1 y anteriores.
En el artículo del investigador aporta también información sobre sistemas afectados.

Para que un sistema sea vulnerable, debe tener habilitado el daemon de cups-browsed, que por defecto aparece no habilitado, para exponer sus puertos UDP en la red. Además, el atacante debería engañar a un usuario para que realizase una impresión desde un servidor de impresión malicioso en su red local.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-openprinting-cups

SysAdmin 24x7

21 September 2024 10:25

Acceso no autorizado en Ivanti CSA

Fecha 20/09/2024
Importancia 5 - Crítica

Recursos Afectados
Cloud Services Appliance versión 4.6 (todas las versiones anteriores al parche 519).

Descripción
Ivanti ha informado de una vulnerabilidad crítica, cuya explotación podría permitir a un usuario remoto autenticarse para acceder a funcionalidades restringidas y ejecutar comandos arbitrarios.

Ivanti tiene constancia de que un número reducido de clientes ha sido afectado por esta vulnerabilidad.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/acceso-no-autorizado-en-ivanti-csa

SysAdmin 24x7

21 September 2024 10:21

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Release DateSeptember 20, 2024

Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs.

CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:

Versa Advisory

https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229

SysAdmin 24x7

17 September 2024 17:27

Múltiples vulnerabilidades en Scriptcase

Fecha 17/09/2024
Importancia 5 - Crítica

Recursos Afectados
Scriptcase, versión 9.4.019.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-scriptcase

SysAdmin 24x7

16 September 2024 16:28

Múltiples vulnerabilidades en GitLab CE/EE

Fecha 16/09/2024
Importancia 5 - Crítica

Recursos Afectados
Ediciones Gitlab Community y Enterprise, versiones 17.3.1, 17.2.4, 17.1.6 y anteriores.

Descripción
Gitlab ha publicado la última actualización para las ediciones de Gitlab Community (CE) y Enterprise (EE), que soluciona 17 vulnerabilidades: una de severidad crítica, 3 altas y el resto medias y bajas. Estas vulnerabilidades podrían permitir una denegación de servicio (DoS), una inyección de código y acceso sin autorización, entre otros.

Solución
Actualizar los productos afectados a las versiones 17.3.2, 17.2.5 y 17.1.7.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-gitlab-ceee

SysAdmin 24x7

11 September 2024 09:44

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/regresshion-vulnerabilidad-rce-en-servidor-openssh

SysAdmin 24x7

11 September 2024 09:42

Security Advisory Ivanti Workspace Control (IWC)

Created Date
10-Sep-2024 14:04:02

CVE-2024-8012 7.8 (High)
CVE-2024-44105 8.2 (High)
CVE-2024-44104 8.8 (High)
CVE-2024-44107 8.8 (High)
CVE-2024-44103 8.8 (High)
CVE-2024-44106 8.8 (High)

Affected Versions
Ivanti IWC 10.18.0.0 and below

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC

SysAdmin 24x7

11 September 2024 09:36

Security Advisory EPM September 2024 for EPM 2024 and EPM 2022

Primary Product
Endpoint Manager
Created Date
10-Sep-2024 13:47:00

CVE-2024-37397 8.2 (High)
CVE-2024-8191 7.8 (High)
CVE-2024-32840 9.1 (Critical)
CVE-2024-32842 9.1 (Critical)
CVE-2024-32843 9.1 (Critical)
CVE-2024-32845 9.1 (Critical)
CVE-2024-32846 9.1 (Critical)
CVE-2024-32848 9.1 (Critical)
CVE-2024-34779 9.1 (Critical)
CVE-2024-34783 9.1 (Critical)
CVE-2024-34785 9.1 (Critical)
CVE-2024-8320 5.3 (Medium)
CVE-2024-8321 5.8 (Medium)
CVE-2024-8322 4.3 (Medium)
CVE-2024-29847 10.0 (Critical)
CVE-2024-8441 6.7 (Medium)

https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

SysAdmin 24x7

11 September 2024 09:24

Microsoft September 2024 Security Updates

https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep

SysAdmin 24x7

07 September 2024 10:17

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.

https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/

SysAdmin 24x7

03 September 2024 18:12

VMSA-2024-0018:VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811)

Advisory ID: VMSA-2024-0018
Advisory Severity: Important
CVSSv3 Range: 8.8
Synopsis: VMware Fusion update addresses a code-execution vulnerability (CVE-2024-38811)
Issue date: 2024-09-03
CVE(s): CVE-2024-38811

Impacted Products
VMware Fusion

Introduction
A code-execution vulnerability in VMware Fusion was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939

SysAdmin 24x7

20 August 2024 12:38

Múltiples vulnerabilidades en Moodle

Fecha 20/08/2024
Importancia 5 - Crítica

Recursos Afectados
Versiones anteriores que no reciban soporte actualmente y, además:
Versiones 4.4 a 4.4.1;
Versiones 4.3 a 4.3.5;
Versiones 4.2 a 4.2.8;
Versiones 4.1 a 4.1.11.

Descripción
Moodle ha publicado correcciones para 16 vulnerabilidades, 8 de ellas críticas. Su explotación podría permitir ejecución de código remoto, acceso a la información e inyección de código, entre otros.

Dichas vulnerabilidades fueron reportadas por los investigadores: RedTeam Pentesting GmbH, TaiYou, Andrew Lyons, Paul Holden y TeHoFu.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-moodle-5

SysAdmin 24x7

16 August 2024 20:22

Ejecución de código remoto en Web Help Desk de SolarWinds

Fecha 16/08/2024
Importancia 5 - Crítica

Recursos Afectados
Web Help Desk: versiones 12.4, 12.5, 12.6, 12.7 y 12.8.

Descripción
SolarWinds ha publicado un parche para corregir una vulnerabilidad crítica que afectaría a Web Help Desk.
SolarWinds agradece a Inmarsat Government y Viasat su ayuda en esta vulnerabilidad.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-de-codigo-remoto-en-web-help-desk-de-solarwinds

SysAdmin 24x7

15 August 2024 23:42

A PoC exploit code is available for critical Ivanti vTM bug

Ivanti warned of a critical authentication bypass flaw in its Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.

Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS score of 9.8), impacting Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue administrator accounts.

https://securityaffairs.com/166991/hacking/ivanti-virtual-traffic-manager-flaw.html

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

SysAdmin 24x7

27 September 2024 19:03

Múltiples vulnerabilidades en productos HPE Aruba

Fecha 25/09/2024
Importancia 5 - Crítica

Recursos Afectados
Access Points de Aruba ejecutando Instant AOS-8 y AOS-10, versiones de software:

AOS-10.6.x.x: 10.6.0.2 y anteriores;
AOS-10.4.x.x: 10.4.1.3 y anteriores;
Instant AOS-8.12.x.x: 8.12.0.1 y anteriores;
Instant AOS-8.10.x.x: 8.10.0.13 y anteriores.
Además, todas las versiones de los siguientes productos que se encuentran en fase EoSL (End of Support Life):

AOS-10.5.x.x;
AOS-10.3.x.x;
Instant AOS-8.11.x.x;
Instant AOS-8.9.x.x;
Instant AOS-8.8.x.x;
Instant AOS-8.7.x.x;
Instant AOS-8.6.x.x;
Instant AOS-8.5.x.x;
Instant AOS-8.4.x.x;
Instant AOS-6.5.x.x;
Instant AOS-6.4.x.x.

Descripción
HPE Product Security Response Team ha reportado 3 vulnerabilidades de severidad crítica que afectan a dispositivos Access Points de Aruba, cuya explotación podría permitir a un atacante remoto realizar una ejecución de código arbitrario.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-hpe-aruba-0

SysAdmin 24x7

27 September 2024 18:57

Actualiza Synology Drive Client para protegerte de estas vulnerabilidades

Fecha 27/09/2024
Importancia 4 - Alta

Recursos Afectados
Synology Drive Client, versiones anteriores a la 3.5.0-16084.

Descripción
Se han identificado seis vulnerabilidades que afectan a en Synology Drive Client y que podrían permitir a un ciberdelincuente bloquear el sistema, obtener información sensible o ejecutar comandos maliciosos. Algunas de estas vulnerabilidades pueden ser explotadas de forma remota, mientras que otras requieren acceso local al equipo con privilegios de administrador.

https://www.incibe.es/empresas/avisos/actualiza-synology-drive-client-para-protegerte-de-estas-vulnerabilidades

SysAdmin 24x7

21 September 2024 10:24

Updated on: 2024-09-20

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

SysAdmin 24x7

17 September 2024 20:41

VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)

Advisory ID: VMSA-2024-0019
Severity: Critical
CVSSv3 Range: 7.5-9.8

Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Issue date: 2024-09-17
CVE(s) CVE-2024-38812, CVE-2024-38813


Impacted Products
VMware vCenter Server
VMware Cloud Foundation
Introduction
A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

SysAdmin 24x7

16 September 2024 16:29

Múltiples vulnerabilidades en productos D-Link

Fecha 16/09/2024
Importancia 5 - Crítica

Recursos Afectados
COVR-X1870: v1.02 y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores.

Descripción
El investigador TWCERT ha informado de 5 vulnerabilidades: 3 de severidad crítica y dos altas que podrían permitir al atacante ejecutar código arbitrario o iniciar sesión y ejecutar comandos del sistema.

Solución
COVR-X1870: versión 1.03B01.
DIR-X4860: versión 1.04B05.
DIR-X4860: DIR-X5460A1_V1.11B04.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-d-link

SysAdmin 24x7

16 September 2024 16:27

Vulnerabilidad RCE en SolarWinds Access Rights Manager

Fecha 16/09/2024
Importancia 5 - Crítica

Recursos Afectados
Access Rights Manager (ARM), versiones 2024.3 y anteriores.

Descripción
Piotr Bazydlo (@chudypb), investigador de Trend Micro ZDI, ha reportado una vulnerabilidad crítica detectada en Access Rights Manager (ARM) de SolarWinds.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-rce-en-solarwinds-access-rights-manager-0

SysAdmin 24x7

11 September 2024 09:43

Actualización de seguridad de SAP de septiembre de 2024

Fecha 10/09/2024
Importancia 3 - Media

Recursos Afectados
SAP Production y Revenue Accounting;
SAP S/4HANA eProcurement;
SAP NetWeaver Application Server para ABAP y ABAP Platform;
SAP NetWeaver AS para Java;
SAP Commerce Cloud;
SAP BusinessObjects Business Intelligence Platform;
SAP NetWeaver Enterprise Portal;
SAP Business Warehouse;
SAP NetWeaver BW;
SAP S/4 HANA;
SAP for Oil & Gas.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-septiembre-de-2024

SysAdmin 24x7

11 September 2024 09:39

Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)

Created Date
10-Sep-2024 14:00:02
CVE-2024-8190 7.2 (High)

Affected Versions
Ivanti Cloud Services Appliance (CSA)
CSA 4.6 (All versions before Patch 519)

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190

SysAdmin 24x7

11 September 2024 09:27

Cisco Releases Security Updates for Cisco Smart Licensing Utility

Release DateSeptember 10, 2024

Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisory and apply the necessary updates:

Cisco Smart Licensing Utility Vulnerabilities

https://www.cisa.gov/news-events/alerts/2024/09/10/cisco-releases-security-updates-cisco-smart-licensing-utility

Bug ID(s): CSCwi41731
CVE ID: CVE-2024-20439
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8

Bug ID(s): CSCwi47950
CVE ID: CVE-2024-20440
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

SysAdmin 24x7

07 September 2024 12:21

Veeam Security Bulletin (September 2024)

KB ID: 4649
Product: Veeam Backup & Replication
Veeam ONE
Veeam Service Provider Console
Veeam Agent for Linux
Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Published: 2024-09-04
Last Modified: 2024-09-05

https://www.veeam.com/kb4649

SysAdmin 24x7

04 September 2024 23:22

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/

SysAdmin 24x7

26 August 2024 11:25

Control de acceso inadecuado en SonicOS de SonicWall

Fecha 26/08/2024
Importancia 5 - Crítica

Recursos Afectados
SOHO (5.ª generación): 5.9.2.14-12o y versiones anteriores.
Gen6 Firewalls (SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, modelos: SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W): 6.5.4.14-109n y versiones anteriores.
Gen7 Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700: versión de compilación de SonicOS 7.0.1-5035 y versiones anteriores.

Descripción
SonicWall ha publicado una vulnerabilidad podría provocar un acceso no autorizado a recursos y, en condiciones específicas, provocar el bloqueo del firewall.

https://www.incibe.es/incibe-cert/alerta-temprana/avisos/control-de-acceso-inadecuado-en-sonicos-de-sonicwall

SysAdmin 24x7

17 August 2024 23:28

WHD 12.8.3 Hotfix 1
All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed.

Aug 16, 2024•Success Center

First Published Date
8/13/2024 10:12 PM
Last Published Date
8/16/2024 8:30 PM

Overview
For your protection and to quickly deliver SolarWinds customers a secure version of WHD, we applied an aggressive security patch in WHD 12.8.3 Hotfix 1 on August 13, 2024. In a few cases, this approach impacted product functionality such as SSO. See the known issues for WHD 12.8.3 Hotfix 1.

https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1

SysAdmin 24x7

15 August 2024 23:58

Remote code execution within ping script (CVE-2024-22116)

CVSS score 9.9
Resolution Fixed

Remote code execution within ping script

Description
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.

https://support.zabbix.com/plugins/servlet/mobile#issue/ZBX-25016

SysAdmin 24x7

15 August 2024 23:38

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks.

https://thehackernews.com/2024/08/industrial-remote-access-tool-ewon-cosy.html