dcsimg

IT Security Vulnerability Roundup – March 2019

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Email  

Every month, a wide range of security vulnerabilities are uncovered and disclosed -- below, we take a closer look at 14 of them, all with CVSS scores of 9.8 or higher, that were disclosed in March.

 

1. Server Side Request Forgery Flaw in Moodle

CVE identifier: CVE-2019-3809

CVSS Base Score: 10.0

The vulnerability: A flaw in the mybackpack functionality of Moodle versions 3.1 to 3.1.15 (as well as earlier unsupported versions) allowed the setting of badge URLs, enabling a Server Side Request Forgery (SSRF) attack via requests made by the page.

The fix: Moodle has released software updates to address the vulnerability.

More info: NIST has details here, and Moodle has more information here.

 

2. Arbitrary Code Execution Vulnerability in Elastic Kibana

CVE identifier: CVE-2019-7609

CVSS Base Score: 10.0

The vulnerabilities: A flaw in the Timelion visualizer component of Elastic Kibana, caused by improper handling of user-supplied input, could allow an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: Elastic has released software updates to address the vulnerability.

More info: Cisco has details here, and Elastic has more information here.

 

3. Buffer Overflow Vulnerability in Apple iOS Kernel

CVE identifier: CVE-2019-8527

CVSS Base Score: 9.8

The vulnerabilities: A buffer overflow vulnerability in Apple iOS, caused by improper bounds checking by the Kernel component, could enable a remote attacker to cause unexpected system termination or corrupt kernel memory.

The fix: Apple has released software updates to address the vulnerability.

More info: IBM X-Force Exchange has details here, and Apple has more information here.

 

4. Four Critical Vulnerabilities in PHP EXIF

CVE identifiers: CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, CVE-2019-9641

CVSS Base Scores: 9.8, 9.8, 9.8, 9.8

The vulnerabilities: Four separate vulnerabilities in the EXIF component of PHP, in the exif_process_IFD_in_MAKERNOTE method, the exif_process_SOFn method and the exif_process_IFD_in_TIFF method, could enable an unauthenticated remote attacker to execute arbitrary code and completely compromise a system.

The fix: The PHP Project has release software updates to address the flaws.

More info: Cisco has details here, here, here and here; and the PHP Project has more information here, here, here and here.

 

5. Privilege Escalation Vulnerability in libseccomp

CVE identifier: CVE-2019-9893

CVSS Base Score: 9.8

The vulnerability: A flaw in the generation of 64-bit syscall argument comparisons in libseccomp versions prior to 2.4.0 could allow an attacker to elevate privileges on the affected system.

The fix: The libseccomp project has released software updates to address the flaw.

More info: NIST has details here, and the libseccomp project has more information here.

 

6. Directory Traversal Vulnerability in Arch Linux pacman

CVE identifier: CVE-2019-9686

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the curl_download_internal function  of pacman, caused by improper validation of user-supplied input, could allow an attacker to execute arbitrary code with root privileges and compromise the system.

The fix: Arch Linux has released software updates to address the vulnerability.

More info: Cisco has details here, and Arch Linux has more information here.

 

7. Information Disclosure Vulnerability in Python

CVE identifiers: CVE-2019-9636

CVSS Base Scores: 9.8

The vulnerabilities: A flaw in the urllib.parse.urlsplit and urllib.parse.urlparse components of Python could allow an unauthenticated remote attacker to obtain sensitive information such as cookies and authentication data from a targeted system.

The fix: Python has released software updates to address the flaw.

More info: Cisco has details here, and Python has more information here.

 

8. Static Credential Vulnerability in Cisco Common Services Platform Collector

CVE identifier: CVE-2019-1723

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Cisco Common Services Platform Collector (CSPC) could enable an unauthenticated remote attacker to log into an affected device via a user account that has a default, static password.

The fix: Cisco has released software updates to address the flaws.

More info: Cisco has details here.

 

9. Open Redirector Flaw in Pivotal Spring Security OAuth

CVE identifier: CVE-2019-3778

CVSS Base Score: 9.8

The vulnerability: A vulnerability in Pivotal Spring Security OAuth, caused by insufficient validation of user-supplied input, could enable an unauthenticated remote attacker to conduct an open redirect attack on a targeted system, redirecting the resource owner user-agent to an attacker-controlled URL.

The fix: Pivotal Software has released software updates to address the vulnerability.

More info: Cisco has details here, and Pivotal Software has more information here.

 

10. Buffer Over-Read Vulnerability in Poppler

CVE identifier: CVE-2019-9631

CVSS Base Score: 9.8

The vulnerability: A flaw in the downsample_row_box_filter function of Poppler, caused by improper memory operations, could allow an unauthenticated remote attacker to execute arbitrary code and completely compromise the targeted system.

The fix: No fix was available at the time of publication.

More info: Cisco has details here.

 

11. Two Arbitrary Shell Command Execution Flaws in rssh

CVE identifiers: CVE-2019-3463, CVE-2019-3464

CVSS Base Scores: 9.8, 9.8

The vulnerabilities: Two vulnerabilities in PizzaShack rssh, both caused by insufficient sanitization of arguments when passed to rsync, could allow an unauthenticated remote attacker to bypass security restrictions and execute arbitrary shell commands on a targeted system.

The fix: No fix was available at the time of publication.

More info: Cisco has details here and here.

 

12. Arbitrary Code Execution Flaw in Apache JMeter

CVE identifier: CVE-2019-0187

CVSS Base Score: 9.8

The vulnerability: A flaw in the distributed mode of Apache JMeter, caused by the use of untrusted data deserialization, could enable an unauthenticated remote attacker to execute arbitrary code on a targeted system.

The fix: Apache.org has released software updates to address the flaw.

More info: Cisco has details here, and Apache.org has more information here.

 

13. Remote Command Execution Vulnerability in Cisco Router Management Interface

CVE identifier: CVE-2019-1663

CVSS Base Score: 9.8

The vulnerability: A vulnerability in the Web-based management interface for the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router and the Cisco RV215W Wireless-N VPN Router, caused by improper validation of user-supplied data, could enable an unauthenticated remote attacker to execute arbitrary code on an affected device as a high-privilege user.

The fix: Cisco has released software updates to address the vulnerability.

More info: Cisco has details here.

 

14. Arbitrary Code Execution Flaw in Flexera FlexNet Publisher

CVE identifier: CVE-2019-20033

CVSS Base Score: 9.8

The vulnerability: A flaw in the lmgrd and vendor daemon components of FlexNet Publisher, caused by improper memory operations, could enable an unauthenticated remote attacker to execute arbitrary code on an affected system.

The fix: Flexera has released software updates to address the vulnerability.

More info: Cisco has details here, and Flexera has more information here.

 

Looking for more? Last month’s vulnerability roundup can be found here.