Ir para conteúdo

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
QNAP

Vulnerability Alert - SAP

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Several SAP products
ECOSYSTEM
Other
Description

SAP published a Security Patch Day document where it is addressed various vulnerabilities (four of them critical, five important, and the remaining ones are medium severity), that affect several products.

 

Impact

Among other consequences, it allows a malicious actor to access sensitive information or to execute arbitrary code.

 

Resolution

It is recommended to upgrade the products to the most recent version.

 
References

Vulnerability Alert - VMWare

TYPE
Vulnerabilities
SYSTEMS AFFECTED
VMware vRealize Network Insight, VMware ESXi, Workstation, and Fusion
ECOSYSTEM
VMWare
Description

VMWare published two security advisories that addresses three vulnerabilities that affect VMWare products.
Two of the vulnerabilities affect the product VMware vRealize Network Insight (vRNI) - one of them is critical (CVE-2022-31702) and the other one is classified as important severity (CVE-2022-31703). 
The other vulnerability is critical as well (CVE-2022-31705) and it affects VMware ESXi, Workstation and Fusion.

 

Impact

Among other consequences, it allows a malicious unauthenticated actor to execute arbitrary code.

 

Resolution

It is recommended to upgrade the products:
- VMware vRealize Network Insight (vRNI) versions 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 e 6.7 (or latest);
- VMware Workstation Pro / Player (Workstation) version 16.2.5 (or latest);
- VMware Fusion Pro / Fusion (Fusion) version 12.2.5 (or latest);
- VMware ESXi versions 7.0 Update 3i / 8.0a (or latest).

 
References

Vulnerability Alert - Citrix

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Citrix Gateway and Citrix ADC
ECOSYSTEM
Citrix
Description

A security advisory was published about a critical RCE vulnerability (CVE-2022-27518) that affects Citrix Gateway and Citrix ADC. Versions 13.1 Citrix ADC and Citrix Gateway are not affected.
There is a pre-condition for this vulnerability to be exploited — Citrix ADC or Citrix Gateway must be configured as a Security Assertion Markup Language (SAML) service provider (SP) or a SAML identity provider (IdP). 
Please note that this vulnerability is being actively exploited in the wild.

 

Impact

A remote unauthenticated attacker could execute arbitrary code.

 

Resolution

It is recommended to upgrade the products:
- Citrix ADC and Citrix Gateway 12.1-65.25 or latest version;
- Citrix ADC and Citrix Gateway 13.0-58.32 or latest version;
- Citrix ADC 12.1-FIPS 12.1-55.291 or latest version;
- Citrix ADC 12.1-NDcPP 12.1-55.291 or latest version.

NSA published a guide [2] that helps identifying compromised Citrix ADC.

 
References

Vulnerability Alert - FortiOS

TYPE
Vulnerabilities
SYSTEMS AFFECTED
FortiOS versions 6.2.0, 6.4.0, 7.0.0 e 7.2.0; FortiOS-6K7K versions 6.0.0, 6.2.0, 6.4.0 e 7.0.0
ECOSYSTEM
Other
Description

A security advisory was published about a critical Heap-based Buffer Overflow vulnerability (CVE-2022-42475) in FortiOS SSL-VPN.

Please note that this vulnerability is being exploited in the wild. Moreover, please refer to [1] where it is recommended to validate your systems against the indicators of comprimise stated in the advisory.

 

Impact

A remote unauthenticated attacker could execute arbitrary code.

 

Resolution

It is recommended to upgrade to the most recent versions:
- FortiOS version 7.2.3 or above;
- FortiOS version 7.0.9 or above;
- FortiOS version 6.4.11 or above;
- FortiOS version 6.2.12 or above;
- FortiOS-6K7K version 7.0.8 or above;
- FortiOS-6K7K version 6.4.10 or above;
- FortiOS-6K7K version 6.2.12 or above;
- FortiOS-6K7K version 6.0.15 or above.

 
References

Vulnerability Alert - Citrix

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Citrix Gateway and Citrix ADC
ECOSYSTEM
Citrix
Description

A security advisory was published about three vulnerabilities that affect Citrix Gateway and Citrix ADC — critical (CVE-2022-27510), high (CVE-2022-27513) and medium (CVE-2022-27516). 
Please refer to article [1] where it is explained pre-conditions in the appliances for these vulnerabilities to be exploited.

 

Impact

It could result, among other consequences, the unauthorised access to a certain system.

 

Resolution

It is recommended to upgrade to the most recent versions (12.1-65.21, 13.0-88.12, 13.1-33.47).

 
References

Vulnerability Alert - OpenSSL

TYPE
Vulnerabilities
SYSTEMS AFFECTED
OpenSSL 3.x
ECOSYSTEM
Other
Description

OpenSSL published a security advisory where it addresses two Buffer Overflow vulnerabilities (CVE-2022-3602 and CVE-2022-3786). All versions OpenSSL 3.x are affected.
Please refer to [1] for details on the vulnerabilities.

 

Impact

It could result in denial of service attacks, as well as, potentially remote code execution.

 

Resolution

It is recommended to upgrade to OpenSSL 3.0.7 (or to a more recent version).

 
References

Vulnerability Alert - VMware Cloud Foundation

TYPE
Vulnerabilities
SYSTEMS AFFECTED
VMware Cloud Foundation versions 3.x / VMware NSX-V versions prior to 6.4.14
ECOSYSTEM
VMWare
Description

VMWare published a security advisory that address two vulnerabilities (CVE-2021-39144 and CVE-2022-31678). These vulnerabilities affect all the VMware Cloud Foundation 3.x versions environment and VMware NSX-V instance prior to 6.4.14.
RCE vulnerability (CVE-2021-39144) affects VMware Cloud Foundation via XStream open source library. The CVE-2022-31678 addresses an XML External Entity (XXE) vulnerability.

 

Impact

Among other consequences, it allows a malicious actor to get remote code execution.

 

Resolution

It is recommended that for VMware Cloud Foundation versions prior to 3.9.1, to upgrade to 3.11.0.1 (or later) and apply the steps in the Workaround section of [2].
For VMware Cloud Foundation versions after 3.9.1, it is recommended to apply the steps in the Workaround section of [2].

 
References

Vulnerability Alert - Apple

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Versions prior to iOS 16.1 and iPadOS 16
ECOSYSTEM
Apple, iOS
Description

Apple published a security advisory that addresses 20 vulnerabilities, affecting devices with iOS and iPadOS. Within the 20 vulnerabilities, 8 of them are 0-day.
Please refer to [1] for vulnerabilities’ details — 3 in Kernel, 4 in Point-to-Point Protocol (PPP), 3 in WebKit and in AppleMobileFileIntegrity, AVEVideoEncoder, CFNetwork, Core Bluetooth, GPU Drivers, IOHIDFamily, IOKit, Sandbox, Shortcuts e WebKit PDF, 1 of each.

 

Impact

Among other consequences, it allows an attacker to execute arbitrary code.

 

Resolution

It is recommended to perform an immediate upgrades to the most recent version.

 
References

Vulnerability Alert - Fortinet

TYPE
Vulnerabilities
SYSTEMS AFFECTED
FortiOS from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1; FortiProxy from 7.0.0 to 7.0.6 and 7.2.0; FortiSwitchManager versions 7.0.0 and 7.2.0
ECOSYSTEM
Other
Description

It was identified a critical vulnerability (CVE-2022-40684) where a malicious actor may bypass authentication on the administrative interface that could allow remote threat actors to log into unpatched devices.
Fortinet clients have access to more detailed informations in Customer Support Bulletin CSB-221006-1.

 

Impact

It allows an attacker to bypass authentication and perform operations on the administrative interface.

 

Resolution

It is recommended to perform an immediate upgrades to the most recent version.
Additionally, it is recommended to limit the IP addresses that can reach the administrative interface using a local-in-policy.


References

Vulnerability Alert - Microsoft Exchange Server

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Microsoft Exchange Server 2013, 2016, and 2019
ECOSYSTEM
Microsoft
Description

There were identified two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) affecting Microsoft Exchange Server 2013, 2016, and 2019. 
The vulnerability CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. 
The SSRF vulnerability can enable an authenticated attacker to remotely trigger the RCE vulnerability. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities.  
These vulnerabilities are being actively exploited.
Microsoft Exchange Online has detections and mitigation in place, therefore these costumers do not need to take any action.

 

Impact

It allows an autenticated attacker to execute Server-Side Request Forgery and achieve remote code execution.

 

Resolution

It was not yet published the security update to solve these vulnerabilities, however Microsoft recommends that the mitigations mentioned in [1] should be applied.
Please refer to [2] and verify the Indicators of Compromise (IOCs).

October 3, 2022 Update:
It is recommended disabling remote PowerShell access for non-admin users.
There was an update on the information related to Detection in [3].

October 5, 2022 Update:
Microsoft updated their blog article in the Mitigations section improving the URL Rewrite rule. [1]
It is recommended to review the set of mitigations, and apply them with the updated version.

References

Vulnerability Alert - WhatsApp / WhatsApp Business

TYPE
Vulnerabilities
SYSTEMS AFFECTED
WhatsApp versions prior to 22.16.12
ECOSYSTEM
Android, iOS
Description

WhatsApp has released security updates to address two RCE vulnerabilities (CVE-2022-36934 and CVE-2022-27492) in its apps for Android and iOS. The first vulnerability affects both WhatsApp and WhatsApp Business in their versions prior to v2.22.16.12. On the other hand, the second vulnerability only affects WhatsApp for Android in the versions prior to v2.22.16.2, and WhatsApp for iOS in the versions prior to v2.22.15.9.
For technical details, please refer to [2].

 

Impact

It allows an attacker to achieve remote code execution.

 

Resolution

It is recommended to update the apps to their most recent version.

References

Vulnerability Alert - Sophos Firewall

TYPE
Vulnerabilities
SYSTEMS AFFECTED
Sophos Firewall v19.0 MR1 (19.0.1) and older
ECOSYSTEM
Other
Description

Sophos released a new version of Sophos Firewall to solve a critical RCE vulnerability (CVE-2022-3236). It relates to a code injection vulnerability allowing remote code execution in the User Portal and Webadmin of the product.
This vulnerability is being actively exploited.

 

Impact

It allows an attacker to achieve remote code execution.

 

Resolution

No action is required for Sophos Firewall customers with the "Allow automatic installation of hotfixes" feature enabled. However, the customers without this feature enable, it is recommended to upgrade the version of your product.  To confirm that the hotfix has been applied to your firewall, please refer to [2].

Additionally, it is recommended that customers could protect themselves from external attackers by ensuring their User Portal and Webadmin are not exposed to WAN. [3]

References

Vulnerability Alert - GitLab

TYPE
Vulnerabilities
SYSTEMS AFFECTED
GitLab CE/EE versions prior to 15.3.1, 15.2.3 and 15.1.5
ECOSYSTEM
Other
Description

GitLab released a new version of GitLab CE/EE to solve a critical RCE vulnerability (CVE-2022-2884) affecting all versions starting from 11.3.4 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1.

 

Impact

It allows an authenticated user to achieve remote code execution.

 

Resolution

It is recommended that all installations are upgraded to the latest version. 
If it’s unachievable to upgrade right away, it’s recommended to secure the GitLab installation against this vulnerability using the workaround mentioned in [1].

References

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
Cisco

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
VMWare

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
Apache, Drupal

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
Other

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
Other

TYPE
SYSTEMS AFFECTED
ECOSYSTEM
Microsoft
Last updated on 07-09-2022