IT Security Vulnerability Roundup: October 2018

It’s a challenge every month to keep up with the vulnerabilities disclosed on an almost daily basis – below is a closer look at 10 particularly impactful flaws revealed in October.

1. Three Critical Vulnerabilities in Oracle GoldenGate

CVE identifiers: CVE-2018-2912, CVE-2018-2913, CVE-2018-2914

CVSS Base Scores: 7.5, 10, 7.5

The vulnerability: Among a total of 301 vulnerabilities patched in Oracle’s October Critical Patch Update were three critical vulnerabilities in Oracle GoldenGate, all of which may be remotely exploitable without requiring user credentials.

The fix: Oracle’s October Critical Patch Update includes patches for all three flaws.

More info: The flaws were uncovered by Tenable researchers, who provide details here.

2. Critical Access Flaws in Cisco Digital Network Architecture Center

CVE identifiers: CVE-2018-0448, CVE-2018-15386

CVSS Base Scores: 9.8, 9.8

The vulnerability: A pair of vulnerabilities in Cisco Digital Network Architecture (DNA) Center could allow unauthenticated remote attackers to bypass authentication and access critical management functions. One is caused by insufficient security restrictions, and the other is caused by an insecure default configuration.

The fix: Cisco has released software updates to address both flaws.

More info: Cisco has more details here and here.

3. SSHD Configuration Flaw in Juniper NFX Series Devices

CVE identifier: CVE-2018-0044

CVSS Base Score: 9.8

The vulnerability: An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices could allow remote unauthenticated access if any of the passwords on the system are empty – the issue is only exploitable when there are user or system accounts with blank or empty passwords configured on JDM or the host OS.

The fix: Juniper is advising users to ensure that all accounts on the JDM and host OS are configured with a password.

More info: Juniper Networks has more details here.

4. Authentication Bypass Vulnerability in libssh

CVE identifier: CVE-2018-10933

CVSS Base Score: 9.1

The vulnerability: A vulnerability caused by improper authentication operations in libssh could allow a remote attacker to authenticate on a targeted system without any credentials. Products from several leading vendors are affected by this flaw.

The fix: Patches addressing the flaw have been posted to

More info: The flaw was discovered by Peter Winter-Smith of NCC Group. The libssh team has more details here, and more information is available from Cisco, Debian and Ubuntu.

5. Command Injection Flaw in Cisco Webex Meetings Desktop Application

CVE identifier: CVE-2018-15442

CVSS Base Score: 7.8

The vulnerability: A vulnerability due to insufficient validation of user-supplied parameters could enable an authenticated local attacker (or one leveraging remote management tools) to execute arbitrary commands as a privileged user. The flaw can be exploited via the update service command.

The fix: Cisco has released free software updates to patch the vulnerability.

More info: The vulnerability was uncovered by Ron Bowes and Jeff McJunkin of Counter Hack. Cisco has more details here.

6. Privilege Escalation Flaw in X.Org X Server

CVE identifier: CVE-2018-14665

CVSS Base Score: 6.6

The vulnerability: An incorrect command-line parameter validation in the X server can allow unprivileged users who have the ability to log into the system via a physical console to run arbitrary code under root privileges.

The fix: A patch for the issue has been added to the X server repository.

More info: The flaw was discovered by Indian security researcher Narendra Shinde. X.Org has details here, and Red Hat has more information here.

7. Four Critical Vulnerabilities in Adobe Digital Editions

CVE identifier: CVE-2018-12813, CVE-2018-12814, CVE-2018-12822, CVE-2018-12823

CVSS Base Score: TBD

The vulnerability: Three heap overflow vulnerabilities and one use after free vulnerability in Adobe Digital Editions could be exploited to enable arbitrary code execution in the context of the current user.

The fix: Adobe has released updates to patch the flaws.

More info: The vulnerabilities were uncovered by Jaanus Kaap of Clarified Security. Adobe has more details here.

8. Remote Code Execution Vulnerability in Yammer Desktop App

CVE identifier: CVE-2018-8659

CVSS Base Score: TBD

The vulnerability: A remote code execution vulnerability in the Yammer desktop application could allow an attacker to run arbitrary code in the context of the current user – if the current user is logged in with administrative user rights, the attacker could take control of the affected system.

The fix: Microsoft has released a security update to patch the flaw.

More info: The flaw was uncovered by Matt Austin of Contrast Security. Microsoft has more details here.

9. A Pair of Flaws in VMware ESXi, Fusion and Workstation

CVE identifiers: CVE-2018-6974, CVE-2018-6977

CVSS Base Scores: TBD

The vulnerability: An out-of-bounds read vulnerability in VMware ESXi, Fusion and Workstation could allow an attacker to execute arbitrary code; and a denial-of-service vulnerability in the same three products could allow an attacker with normal user privileges to make the VM unresponsive.

The fix: VMware has released updates to patch the out-of-bounds read vulnerability, and offered workarounds to mitigate the denial-of-service flaw.

More info: The denial-of-service flaw was discovered by Piotr Bania of Cisco Talos. VMware has more details here and here.

10. Memory Safety, Use-After-Free Vulnerabilities in Firefox, Thunderbird

CVE identifiers: CVE-2018-12376, CVE-2018-12377, CVE-2018-12378

CVSS Base Scores: TBD

The vulnerability: Several memory safety bugs present in Firefox 61 and Firefox ESR 60.1 showed evidence of memory corruption and could be exploited to run arbitrary code. Use-after-free vulnerabilities can occur when refresh driver timers are refreshed during shutdown, and when an IndexedDB index is deleted while still in use by JavaScript. Both could result in a potentially exploitable crash.

The fix: The vulnerabilities are fixed in Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2.1.

More info: The Mozilla Foundation has more details here.

See our September 2018 IT security vulnerability roundup.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles