dcsimg

IT Security Vulnerability Roundup – June 2019

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

While it can be challenging to keep up with the wide range of security flaws disclosed each month, it's worth paying attention to the most critical ones.

According to the results of a recent study by researchers at Virginia Tech, Cyentia and the RAND Corporation, even though just 5.5 percent of all security vulnerabilities are actively exploited, more than 16.5 percent of those with CVSS scores of 9.0 or higher are targeted.

With that in mind, below we look at a dozen flaws with CVSS scores of 9.8 or higher that were disclosed in the past few weeks. 

1. Heap Overflow Vulnerability in Linux Kernel

CVE identifier: CVE-2019-10126

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the mwifiex driver component of the Linux Kernel, caused by improper memory operations and manifesting as a heap overflow memory error condition, could enable an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: Kernel.org has released software updates to address the issue.

More info: Cisco has details here, and Kernel.org has more information here. 

2. Remote Code Execution Flaw in Oracle WebLogic Server

CVE identifier: CVE-2019-2729

CVSS Base Score: 9.8

The vulnerability: A flaw in Oracle WebLogic Server, caused by improper deserialization in the XMLDecoder, could enable a remote attacker to execute arbitrary code on a targeted system. The vulnerability is being actively exploited in the wild.

The fix: Oracle has released software updates to address the issue.

More info: IBM X-Force Exchange has details here, and Oracle has more information here

3. Three Improper Permission Flaws in GNOME

CVE identifiers: CVE-2019-12447, CVE-2019-12449, CVE-2019-12450

CVSS Base Scores: 9.8, 9.8, 9.8

The vulnerability: Three separate vulnerabilities in GNOME could provide an unauthenticated remote attacker with unauthorized access to arbitrary files on a targeted system, which could then be used to conduct further attacks. The first flaw in GNOME gvfs is caused by the mishandling of file ownership by the daemon/gvfsbackendadmin.c source code file of the software, and the second flaw in GNOME gvfs is caused by the mishandling of file user and group ownership by the daemon/gvfsbackendadmin.c source code file of the software. The third flaw in GNOME Glib is caused by the failure of the file_copy_fallback function to restrict file permissions while a copy operation is in progress.

The fix: GNOME has released software updates to address the issue.

More info: Cisco has details here, here and here; and GNOME has more information here, here and here

4. Heap-Based Buffer Overflow Vulnerability in BusyBox DHCP Client

CVE identifier: CVE-2019-2148

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the DHCP client component of BusyBox, due to the fact that the software improperly parses OPTION_6RD, could allow an unauthenticated remote attacker to trigger a heap-based buffer overflow condition that could then be used to execute arbitrary code or cause a denial of service condition on a targeted system.

The fix: BusyBox has released software updates to address the issue.

More info: Cisco has details here, and BusyBox has more information here

5. Command Execution Flaw in TP-Link RE365 Wi-Fi Extender

CVE identifier: CVE-2019-7406

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the TP-Link RE365 Wi-Fi extender could enable a remote attacker to inject commands and spawn a remote shell over telnetd, and execute arbitrary commands on the targeted system with root privileges. The same flaw has also been found in three additional models: RE350, RE500 and RE650.

The fix: TP-Link has released software updates to address the issue.

More info: IBM X-Force Exchange has details here, and TP-Link has more information here, here, here and here. 

6. Remote Code Execution Vulnerability in Cyrus IMAP

CVE identifier: CVE-2019-11356

CVSS Base Score: 9.8

The vulnerability: A flaw in the CalDAV feature of Cyrus IMAP, due to insufficient bounds checks by the affected software that could cause a buffer overrun condition, could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: The Cyrus Team has released software updates to address the issue.

More info: Cisco has details here, and the Cyrus Team has more information here and here. 

7. Two Buffer Overflow Vulnerabilities in Advantech WebAccess/SCADA

CVE identifiers: CVE-2019-3953, CVE-2019-3954

CVSS Base Scores: 9.8, 9.8

The vulnerabilities: Two flaws in Advantech WebAccess/SCADA, both caused by improper bounds checking, could enable a remote attacker to overflow a buffer and execute arbitrary code on a targeted system. 

The fix: Advantech has released software updates to address the issue.

More info: IBM X-Force Exchange has details here and here, and Tenable has more information here

8. Access Control Vulnerability in Nagios XI

CVE identifier: CVE-2019-17148

CVSS Base Score: 9.8

The vulnerability: A flaw in the configuration snapshot page of Nagios XI, due to insufficient permissions in the configuration snapshot page of the software, could allow an unauthenticated remote attacker to gain access to sensitive configuration files, resulting in complete compromise of the software.

The fix: Nagios has released software updates to address the issue.

More info: Cisco has details here, and Nagios has more information here. 

9. Remote Command Execution Flaw in Cisco Routers

CVE identifier: CVE-2019-1663

CVSS Base Score: 9.8

The vulnerability: A flaw in the Web-based management interfaces of the Cisco RV215W Wireless-N VPN Router, the Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV110W Wireless-N VPN Firewall, caused by improper validation of user-supplied data in the Web-based management interface, could enable an unauthenticated remote attacker to execute arbitrary code on the underlying operating system of a targeted device as a high-privilege user.

The fix: Cisco has released software updates to address the issue.

More info: Cisco has details here

10. Two Vulnerabilities in VideoLAN VLC Media Player

CVE identifiers: CVE-2019-1663, CVE-2019-12874

CVSS Base Scores: 9.8, 9.8

The vulnerabilities: Two separate flaws in VideoLAN VLC Media Player could enable an unauthenticated remote attacker to execute arbitrary code on a targeted system. The first vulnerability is due to a heap buffer overflow within the /demux/avi/avi.c file of the software, and the second is due to issues when parsing a malformed MKV file type within the Matroska demuxer.  

The fix: VideoLAN has released software updates to address both issues.

More info: Cisco has details here and here, and VideoLAN has more information here and here

11. Out-of-Bounds Read Vulnerability in SQLite3

CVE identifier: CVE-2019-8457

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the rtreenode() function of SQLite3, caused by a heap out-of-bounds read condition that exists in the software when handling invalid rtree tables, could allow an unauthenticated remote attacker to access sensitive information or cause a denial of service condition on a targeted system.

The fix: SQLite has released software updates to address the issue.

More info: Cisco has details here, and SQLite has more information here. 

12. Improper Internet Access Control Flaw in Istio

CVE identifier: CVE-2019-12243

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Istio, caused by the fact that policy enforcement is disabled by default in the default installation of the software, could allow an unauthenticated attacker to gain unauthorized access to a targeted system and conduct further attacks.

The fix: Istio has released software updates to address the issue.

More info: Cisco has details here, and Istio has more information here.  

Looking for more? Last month’s vulnerability roundup can be found here.