dcsimg

IT Security Vulnerability Roundup – January 2019

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

1. Buffer Overflow Vulnerability in Cisco SD-WAN Solution

CVE identifier: CVE-2019-1651

CVSS Base Score: 9.9

The vulnerability: A flaw in the vContainer of the Cisco SD-WAN Solution, due to improper bounds checking, could allow an authenticated remote attacker to cause a denial of service condition and execute arbitrary code as the root user.

The fix: Cisco has released software updates that address the vulnerability.

More info: The vulnerability was found during internal testing. Cisco has details here.

2. SQL Injection Vulnerability in phpMyAdmin Designer

CVE identifier: CVE-2019-6798

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Designer feature of phpMyAdmin, caused by insufficient validation of username requests, could enable an unauthenticated remote attacker to launch a SQL injection attack on a targeted system. The attacker could then modify sensitive information or cause a denial of service condition by deleting sensitive information from the back-end database.

The fix: phpMyAdmin has released software updates to address the vulnerability.

More info: The vulnerability was reported by Yu-Hsiang Huang, Yung-Hao Tseng and Eddie TC Chang. Cisco has details here, and phpMyAdmin has more information here.

3. Two SQLite Code Execution Flaws in Apple iCloud for Windows

CVE identifiers: CVE-2018-20505, CVE-2018-20506

CVSS Base Scores: 9.8, 9.8

The vulnerability: Two memory corruption flaws in the SQLite component of Apple iCloud for Windows could allow a remote attacker to leverage specially crafted SQL statements to gain access and execute arbitrary code on the system.

The fix: Apple has released software updates to address the flaws.

More info: IBM X-Force has details here and here, and Apple has more information here.

4. Three XXL Injection Flaws in Spring by Pivotal Software

CVE identifiers: CVE-2019-3772, CVE-2019-3773, CVE-2019-3774

CVSS Base Scores: 9.8, 9.8, 9.8

The vulnerabilities: Three separate vulnerabilities in Spring Integration, Spring Web Services and Spring Batch, all caused by insufficient validation of user-supplied XML input, could allow unauthenticated remote attackers to conduct XML External Entity (XXL) injection attacks on targeted systems. The attacker could then access sensitive information, cause a denial of service condition, or conduct further attacks on the system.

The fix: Pivotal has released software updates to address the flaws.

More info: Cisco has details herehere and here; and Pivotal Software has more information herehere and here.

5. Out-of-Bounds Write Code Vulnerability in Netatalk

CVE identifier: CVE-2018-1160

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Netatalk, due to insufficient bounds checking of user-supplied input, could enable an attacker to trigger an out-of-bounds write condition that could be leveraged to execute arbitrary code – proof-of-concept code demonstrating an exploit of the flaw is publicly available.

The fix: Netatalk has released software updates to address the vulnerability.

More info: Cisco has details here, and Netatalk has more information here.

6. Command Execution Vulnerability in Chatopera cosin

CVE identifier: CVE-2019-6503

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Chatopera cosin could enable a remote attacker to execute arbitrary commands on the system, due to a deserialization flaw in TemplateController.java. An attacker could exploit the vulnerability by uploading a specially-crafted file.

The fix: No fix was available at the time of publication.

More info: IBM X-Force has details here.

7. Privileged Access Vulnerability in Cisco Small Business Switches

CVE identifier: CVE-2018-15439

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated remote attacker to bypass user authentication. The flaw exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system, potentially enabling an attacker to log into an affected device and execute commands with full admin rights.

The fix: Cisco has not yet released software updates to address the vulnerability but has provided a workaround.

More info: The flaw was reported by Thor Simon of Two Sigma Investments LP. Cisco has details here.

8. Seven Vulnerabilities in the FasterXML jackson-databind Library

CVE identifiers: CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362

CVSS Base Scores: 9.8, 9.8, 9.8, 9.8, 9.8, 9.8, 9.8

The vulnerabilities: Seven separate vulnerabilities in the FasterXML jackson-databindlibrary could allow unauthenticated remote attacks to execute arbitrary code, perform unauthorized actions, conduct server-side request forgery (SSRF) attacks, and/or conduct XML external entity (XXE) attacks on targeted systems. All vulnerabilities exist because the software fails to block polymorphic serialization. 

The fix: FasterXML has released software updates to fix the flaws.

More info: Cisco has details herehereherehereherehere and here; and FasterXML has information on the updates here and here.

9. Arbitrary Code Execution Flaw in Jenkins Stapler Web Framework

CVE identifier: CVE-2018-1000861

CVSS Base Score: 9.8

The vulnerability: A flaw in Stapler framework of Jenkins, caused by improper handling of HTTP requests, could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: Jenkins has released software updates to address the flaw.

More info: Cisco has details here, and Jenkins has more information here.

10. Security Bypass Vulnerability in Advantech WebAccess/SCADA

CVE identifier: CVE-2019-6519

CVSS Base Score: 9.8

The vulnerability: A remote attacker could take advantage of improper authentication in Advantech WebAccess/SCADA to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit the flaw to upload malicious data.

The fix: Advantech has released version 8.3.5 of WebAccess/SCADA to address the vulnerability.

More info: IBM X-Force has details here, and ICS-CERT has more information here.

11. SQL Injection Vulnerability in coturn TURN Administrator Web Portal

CVE identifier: CVE-2018-4056

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the administrator Web portal for coturn Traversal Using Relay NAT (TURN), caused by the failure of the affected software to fully validate login messages, could enable an unauthenticated remote attacker to conduct a SQL injection attack on a targeted system. The attacker could then gain access to the targeted TURN administrator Web portal, which the attacker could use to conduct further attacks. Proof-of-concept code demonstrating an exploit of the flaw is publicly available.

The fix: The coturn TURN server projecthas released software updates to address the vulnerability.

More info: Cisco has details here, and the coturn TURN server project has more information here.

12. Directory Traversal Vulnerability in idreamsoft iCMS

CVE identifier: CVE-2019-7160

CVSS Base Score: 9.8

The vulnerability: A flaw in idreamsoft iCMS could enable a remote attacker to traverse directories on an affected system. By sending a specially crafted URL request to the admin.php script, the attacker could create arbitrary files and execute arbitrary code on the system.

The fix: The idreamsoft teamhas released software updates to address the vulnerability.

More info: IBM X-Force has details here, and the idreamsoft team has more information here.

 

Looking for more? Last month’s vulnerability roundup can be found here.