It's a challenge every month to keep up with the vulnerabilities disclosed on an almost daily basis – below is a closer look at 10 particularly impactful flaws revealed in October.
1. Three Critical Vulnerabilities in Oracle GoldenGate
CVE identifiers: CVE-2018-2912, CVE-2018-2913, CVE-2018-2914
CVSS Base Scores: 7.5, 10, 7.5
The vulnerability: Among a total of 301 vulnerabilities patched in Oracle's October Critical Patch Update were three critical vulnerabilities in Oracle GoldenGate, all of which may be remotely exploitable without requiring user credentials.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The fix: Oracle's October Critical Patch Update includes patches for all three flaws.
More info: The flaws were uncovered by Tenable researchers, who provide details here.
2. Critical Access Flaws in Cisco Digital Network Architecture Center
CVE identifiers: CVE-2018-0448, CVE-2018-15386
CVSS Base Scores: 9.8, 9.8
The vulnerability: A pair of vulnerabilities in Cisco Digital Network Architecture (DNA) Center could allow unauthenticated remote attackers to bypass authentication and access critical management functions. One is caused by insufficient security restrictions, and the other is caused by an insecure default configuration.
The fix: Cisco has released software updates to address both flaws.
3. SSHD Configuration Flaw in Juniper NFX Series Devices
CVE identifier: CVE-2018-0044
CVSS Base Score: 9.8
The vulnerability: An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices could allow remote unauthenticated access if any of the passwords on the system are empty – the issue is only exploitable when there are user or system accounts with blank or empty passwords configured on JDM or the host OS.
The fix: Juniper is advising users to ensure that all accounts on the JDM and host OS are configured with a password.
More info: Juniper Networks has more details here.
4. Authentication Bypass Vulnerability in libssh
CVE identifier: CVE-2018-10933
CVSS Base Score: 9.1
The vulnerability: A vulnerability caused by improper authentication operations in libssh could allow a remote attacker to authenticate on a targeted system without any credentials. Products from several leading vendors are affected by this flaw.
The fix: Patches addressing the flaw have been posted to libssh.org.
5. Command Injection Flaw in Cisco Webex Meetings Desktop Application
CVE identifier: CVE-2018-15442
CVSS Base Score: 7.8
The vulnerability: A vulnerability due to insufficient validation of user-supplied parameters could enable an authenticated local attacker (or one leveraging remote management tools) to execute arbitrary commands as a privileged user. The flaw can be exploited via the update service command.
The fix: Cisco has released free software updates to patch the vulnerability.
6. Privilege Escalation Flaw in X.Org X Server
CVE identifier: CVE-2018-14665
CVSS Base Score: 6.6
The vulnerability: An incorrect command-line parameter validation in the X.org X server can allow unprivileged users who have the ability to log into the system via a physical console to run arbitrary code under root privileges.
The fix: A patch for the issue has been added to the X server repository.
7. Four Critical Vulnerabilities in Adobe Digital Editions
CVE identifier: CVE-2018-12813, CVE-2018-12814, CVE-2018-12822, CVE-2018-12823
CVSS Base Score: TBD
The vulnerability: Three heap overflow vulnerabilities and one use after free vulnerability in Adobe Digital Editions could be exploited to enable arbitrary code execution in the context of the current user.
The fix: Adobe has released updates to patch the flaws.
8. Remote Code Execution Vulnerability in Yammer Desktop App
CVE identifier: CVE-2018-8659
CVSS Base Score: TBD
The vulnerability: A remote code execution vulnerability in the Yammer desktop application could allow an attacker to run arbitrary code in the context of the current user – if the current user is logged in with administrative user rights, the attacker could take control of the affected system.
The fix: Microsoft has released a security update to patch the flaw.
9. A Pair of Flaws in VMware ESXi, Fusion and Workstation
CVE identifiers: CVE-2018-6974, CVE-2018-6977
CVSS Base Scores: TBD
The vulnerability: An out-of-bounds read vulnerability in VMware ESXi, Fusion and Workstation could allow an attacker to execute arbitrary code; and a denial-of-service vulnerability in the same three products could allow an attacker with normal user privileges to make the VM unresponsive.
10. Memory Safety, Use-After-Free Vulnerabilities in Firefox, Thunderbird
CVE identifiers: CVE-2018-12376, CVE-2018-12377, CVE-2018-12378
CVSS Base Scores: TBD
The fix: The vulnerabilities are fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1.
More info: The Mozilla Foundation has more details here.