Questions about COVID-19?
Visit coronavirus.ohio.gov or call 1-833-4-ASK-ODH for answers.

 

Phishing Targets You

Who's Spying on You?
I Will Gladly Pay You Tuesday For Your Money Today.

Protect Yourself Online

The Stop. Think. Connect.™ web site contains resources and hints to help you protect yourself and your family against many online risks.

Arm yourself with the hints, tips, and techniques provided by contributors at www.stopthinkconnect.org/ and the Department of Homeland Security, and experience a safer web!

Kids safe online.

Click here for more information

 

Last Updated:04/16/2020 12:30 PM


Latest Vulnerability Information

A Vulnerability with Cisco Adaptive Security Appliance and Firepower...

A Vulnerability with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service



October 23 – UPDATED: Multiple Vulnerabilities with Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Denial of Service

MS-ISAC ADVISORY NUMBER:


2020-147

DATE(S) ISSUED:


10/22/2020

OVERVIEW:


October 23 – UPDATED: Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Cisco Adaptive Security Appliance is the core operating system that delivers enterprise-class firewall capabilities and Cisco Firepower Threat Defense is an integrative software image. Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

THREAT INTELLIGENCE:



There are no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • Cisco Adaptive Security Appliance prior to 9.12.4.2

  • Cisco Adaptive Security Appliance prior to 9.13.1.12

  • Cisco Adaptive Security Appliance prior to 9.14.1.9

  • Cisco Firepower Threat Defense Software prior to 6.4.0.9

  • Cisco Firepower Threat Defense Software prior to 6.6.0.1

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



October 23 – UPDATED:
Multiple vulnerability has been discovered in Cisco Adaptive Security Appliance and Firepower Threat Defense, which could allow for a denial of service condition. Details of the vulnerabilities are as follows:

  • A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. (CVE-2020-3304)
  • A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. This memory leak could prevent traffic from being processed through the device, resulting in a denial of service (DoS) condition. (CVE-2020-3373)
  • A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. (CVE-2020-3529)
  • A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. (CVE-2020-3533)
  • A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3554)
  • A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3562)
  • A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3563)
  • A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3571)
  • A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (CVE-2020-3572)

Successful exploitation of this vulnerability could allow an attacker to cause denial-of-service condition.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by Cisco to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary...

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution.



Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:


2020-146

DATE(S) ISSUED:


10/21/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Mozilla Firefox ESR versions prior to 78.3

  • October 23 – UPDATED: Mozilla Firefox versions prior to 82

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. (CVE-2020-15969)
  • In the crossbeam rust crate, the bounded channel incorrectly assumed that Vec::from_iter had allocated capacity that was the same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumptions – this is unsound and caused a deallocation with the incorrect capacity when Vec::from_iter had allocated different sizes than the number of iterator elements. The impact on Firefox is undetermined, but in another use case, the behavior was causing corruption of jemalloc structures. (CVE-2020-15254)
  • If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. (CVE-2020-15680)
  • When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another’s entry in a shared stub table, resulting in a potentially exploitable crash. (CVE-2020-15681)
  • When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn’t control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. (CVE-2020-15682)
  • Mozilla developers and community members Simon Giesecke, Christian Holler, Philipp, and Jason Kratzer reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-15683)
  • Mozilla developers Christian Holler, Sebastian Hengst, Bogdan Tara, and Tyson Smith reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-15684)
    Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates provided by Mozilla to vulnerable systems, immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2020-145

DATE(S) ISSUED:


10/20/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Google Chrome versions prior to 86.0.4240.111

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:

  • Inappropriate implementation in Blink (CVE-2020-16000)
  • Use after free in media (CVE-2020-16001)
  • Use after free in PDFium (CVE-2020-16002)
  • Heap buffer overflow in Freetype (CVE-2020-15999)
  • Use after free in printing (CVE-2020-16003)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



Oracle Quarterly Critical Patches Issued October 20, 2020

Oracle Quarterly Critical Patches Issued October 20, 2020



Oracle Quarterly Critical Patches Issued October 20, 2020

MS-ISAC ADVISORY NUMBER:


2020-144

DATE(S) ISSUED:


10/20/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.

SYSTEMS AFFECTED:


  • Application Performance Management (APM), versions 13.3.0.0, 13.4.0.0

  • Big Data Spatial and Graph, versions prior to 3.0

  • Enterprise Manager Base Platform, versions 13.2.1.0, 13.3.0.0, 13.4.0.0

  • Enterprise Manager for Peoplesoft, version 13.4.1.1

  • Enterprise Manager for Storage Management, versions 13.3.0.0, 13.4.0.0

  • Enterprise Manager Ops Center, version 12.4.0.0

  • Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2362, prior to XCP3090

  • Fujitsu M12-1, M12-2, M12-2S Servers, versions prior to XCP3090

  • Hyperion Analytic Provider Services, version 11.1.2.4

  • Hyperion BI+, version 11.1.2.4

  • Hyperion Essbase, version 11.1.2.4

  • Hyperion Infrastructure Technology, version 11.1.2.4

  • Hyperion Lifecycle Management, version 11.1.2.4

  • Hyperion Planning, version 11.1.2.4

  • Identity Manager Connector, version 9.0

  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3

  • Management Pack for Oracle GoldenGate, version 12.2.1.2.0

  • MySQL Cluster, versions 7.3.30 and prior, 7.4.29 and prior, 7.5.19 and prior, 7.6.15 and prior, 8.0.21 and prior

  • MySQL Enterprise Monitor, versions 8.0.21 and prior

  • MySQL Server, versions 5.6.49 and prior, 5.7.31 and prior, 8.0.21 and prior

  • MySQL Workbench, versions 8.0.21 and prior

  • Oracle Access Manager, version 11.1.2.3.0

  • Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6

  • Oracle Agile Product Lifecycle Management for Process, version 6.2.0.0

  • Oracle Application Express, versions prior to 20.2

  • Oracle Application Testing Suite, version 13.3.0.1

  • Oracle Banking Corporate Lending, versions 12.3.0, 14.0.0-14.4.0

  • Oracle Banking Digital Experience, versions 18.1, 18.2, 18.3, 19.1, 19.2, 20.1

  • Oracle Banking Payments, versions 14.1.0-14.4.0

  • Oracle Banking Platform, versions 2.4.0-2.10.0

  • Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

  • Oracle Business Intelligence Enterprise Edition, versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

  • Oracle Business Process Management Suite, versions 12.2.1.3.0, 12.2.1.4.0

  • Oracle Communications Application Session Controller, versions 3.8m0, 3.9m0p1

  • Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.2.0, 12.0.0.3.0

  • Oracle Communications BRM – Elastic Charging Engine, versions 11.3.0.9.0, 12.0.0.3.0

  • Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0.0-8.4.0.5, [IDIH] 8.0.0-8.2.2

  • Oracle Communications EAGLE Software, versions 46.6.0-46.8.2

  • Oracle Communications Element Manager, versions 8.2.0-8.2.2

  • Oracle Communications Evolved Communications Application Server, version 7.1

  • Oracle Communications Messaging Server, version 8.1

  • Oracle Communications Offline Mediation Controller, version 12.0.0.3.0

  • Oracle Communications Services Gatekeeper, version 7

  • Oracle Communications Session Border Controller, versions 8.2-8.4

  • Oracle Communications Session Report Manager, versions 8.2.0-8.2.2

  • Oracle Communications Session Route Manager, versions 8.2.0-8.2.2

  • Oracle Communications Unified Inventory Management, versions 7.3.0, 7.4.0

  • Oracle Communications WebRTC Session Controller, version 7.2

  • Oracle Data Integrator, versions 11.1.1.9.0, 12.2.1.3.0

  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c

  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10

  • Oracle Endeca Information Discovery Integrator, version 3.2.0

  • Oracle Endeca Information Discovery Studio, version 3.2.0

  • Oracle Enterprise Repository, version 11.1.1.7.0

  • Oracle Enterprise Session Border Controller, version 8.4

  • Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.1.0

  • Oracle Financial Services Analytical Applications Reconciliation Framework, versions 8.0.6-8.0.8, 8.1.0

  • Oracle Financial Services Asset Liability Management, versions 8.0.6, 8.0.7, 8.1.0

  • Oracle Financial Services Balance Sheet Planning, version 8.0.8

  • Oracle Financial Services Basel Regulatory Capital Basic, versions 8.0.6-8.0.8, 8.1.0

  • Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, versions 8.0.6-8.0.8, 8.1.0

  • Oracle Financial Services Data Foundation, versions 8.0.6-8.1.0

  • Oracle Financial Services Data Governance for US Regulatory Reporting, versions 8.0.6-8.0.9

  • Oracle Financial Services Data Integration Hub, versions 8.0.6, 8.0.7, 8.1.0

  • Oracle Financial Services Funds Transfer Pricing, versions 8.0.6, 8.0.7, 8.1.0

  • Oracle Financial Services Hedge Management and IFRS Valuations, versions 8.0.6-8.0.8, 8.1.0

  • Oracle Financial Services Institutional Performance Analytics, versions 8.0.6, 8.0.7, 8.1.0, 8.7.0

  • Oracle Financial Services Liquidity Risk Management, version 8.0.6

  • Oracle Financial Services Liquidity Risk Measurement and Management, versions 8.0.7, 8.0.8, 8.1.0

  • Oracle Financial Services Loan Loss Forecasting and Provisioning, versions 8.0.6-8.0.8, 8.1.0

  • Oracle Financial Services Market Risk Measurement and Management, versions 8.0.6, 8.0.8, 8.1.0

  • Oracle Financial Services Price Creation and Discovery, versions 8.0.6, 8.0.7

  • Oracle Financial Services Profitability Management, versions 8.0.6, 8.0.7, 8.1.0

  • Oracle Financial Services Regulatory Reporting for European Banking Authority, versions 8.0.6-8.1.0

  • Oracle Financial Services Regulatory Reporting for US Federal Reserve, versions 8.0.6-8.0.9

  • Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.0.9.2.0

  • Oracle Financial Services Retail Customer Analytics, version 8.0.6

  • Oracle FLEXCUBE Core Banking, versions 5.2.0, 11.5.0-11.7.0

  • Oracle FLEXCUBE Direct Banking, versions 12.0.1, 12.0.2, 12.0.3

  • Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0

  • Oracle FLEXCUBE Universal Banking, versions 12.3.0, 14.0.0-14.4.0

  • Oracle GoldenGate Application Adapters, versions 12.3.2.1.0, 19.1.0.0.0

  • Oracle GraalVM Enterprise Edition, versions 19.3.3, 20.2.0

  • Oracle Health Sciences Empirica Signal, version 9.0

  • Oracle Healthcare Data Repository, version 7.0.1

  • Oracle Healthcare Foundation, versions 7.1.1, 7.2.0, 7.2.1, 7.3.0

  • Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1

  • Oracle Hospitality Materials Control, version 18.1

  • Oracle Hospitality OPERA 5 Property Services, versions 5.5, 5.6

  • Oracle Hospitality Reporting and Analytics, version 9.1.0

  • Oracle Hospitality RES 3700, version 5.7

  • Oracle Hospitality Simphony, versions 18.1, 18.2, 19.1.0-19.1.2

  • Oracle Hospitality Suite8, versions 8.10.2, 8.11-8.15

  • Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0

  • Oracle Insurance Accounting Analyzer, version 8.0.9

  • Oracle Insurance Allocation Manager for Enterprise Profitability, versions 8.0.8, 8.1.0

  • Oracle Insurance Data Foundation, versions 8.0.6-8.1.0

  • Oracle Insurance Insbridge Rating and Underwriting, versions 5.0.0.0-5.6.0.0, 5.6.1.0

  • Oracle Insurance Policy Administration J2EE, versions 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26, 11.2.2.0

  • Oracle Insurance Rules Palette, versions 10.2.0.37, 10.2.4.12, 11.0.2.25, 11.1.0.15, 11.2.0.26

  • Oracle Java SE, versions 7u271, 8u261, 11.0.8, 15

  • Oracle Java SE Embedded, version 8u261

  • Oracle JDeveloper, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

  • Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0

  • Oracle Outside In Technology, versions 8.5.4, 8.5.5

  • Oracle Policy Automation, versions 12.2.0-12.2.20

  • Oracle Policy Automation Connector for Siebel, version 10.4.6

  • Oracle Policy Automation for Mobile Devices, versions 12.2.0-12.2.20

  • Oracle REST Data Services, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c, [Standalone ORDS] prior to 20.2.1

  • Oracle Retail Advanced Inventory Planning, version 14.1

  • Oracle Retail Assortment Planning, versions 15.0.3.0, 16.0.3.0

  • Oracle Retail Back Office, versions 14.0, 14.1

  • Oracle Retail Bulk Data Integration, versions 15.0.3.0, 16.0.3.0

  • Oracle Retail Central Office, versions 14.0, 14.1

  • Oracle Retail Customer Management and Segmentation Foundation, versions 18.0, 19.0

  • Oracle Retail Integration Bus, versions 14.1, 15.0, 16.0

  • Oracle Retail Order Broker, versions 15.0, 16.0, 18.0, 19.0, 19.1, 19.2, 19.3

  • Oracle Retail Point-of-Service, versions 14.0, 14.1

  • Oracle Retail Predictive Application Server, versions 14.1.3.0, 15.0.3.0, 16.0.3.0

  • Oracle Retail Price Management, versions 14.0.4, 14.1.3.0, 15.0.3.0, 16.0.3.0

  • Oracle Retail Returns Management, versions 14.0, 14.1

  • Oracle Retail Service Backbone, versions 14.1, 15.0, 16.0

  • Oracle Retail Xstore Point of Service, versions 15.0.3, 16.0.5, 17.0.3, 18.0.2, 19.0.1

  • Oracle Solaris, versions 10, 11

  • Oracle TimesTen In-Memory Database, versions prior to 11.2.2.8.49, prior to 18.1.3.1.0, prior to 18.1.4.1.0

  • Oracle Transportation Management, version 6.3.7

  • Oracle Utilities Framework, versions 2.2.0.0.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0-4.3.0.6.0, 4.4.0.0.0, 4.4.0.2.0

  • Oracle VM VirtualBox, versions prior to 6.1.16

  • Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0

  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

  • Oracle ZFS Storage Appliance Kit, version 8.8

  • PeopleSoft Enterprise HCM Global Payroll Core, version 9.2

  • PeopleSoft Enterprise PeopleTools, versions 8.56, 8.57, 8.58

  • PeopleSoft Enterprise SCM eSupplier Connection, version 9.2

  • Primavera Gateway, versions 16.2.0-16.2.11, 17.12.0-17.12.8

  • Primavera Unifier, versions 16.1, 16.2, 17.7-17.12, 18.8, 19.12

  • Siebel Applications, versions 20.7, 20.8

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by Oracle to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:


Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could...

Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.



Multiple Vulnerabilities in HP Intelligent Management Center (iMC) Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:


2020-143

DATE(S) ISSUED:


10/20/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. HP Intelligent Management Center (iMC) is software platform used to manage enterprise network environments. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Versions prior to HP Intelligent Management Center (iMC) PLAT 7.3

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in HP Intelligent Management Center (iMC), the most severe of which could allow for arbitrary code execution. A full list of all vulnerabilities can be found at the link below:
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbnw04036en_us

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Attackers can exploit these issues to execute arbitrary code, gain elevated privileges, bypass certain security restrictions, perform unauthorized actions or cause denial-of-service. Other attacks are possible.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates by HP Intelligent Management Center to vulnerable systems, immediately after appropriate testing.

  • Restrict access to devices and applications from only authorized users and hosts.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24647
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24649
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24650
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24651
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7149
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7151
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7159
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7187
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7195


Multiple Vulnerabilities in Magento CMS Could Allow for Remote...

Multiple Vulnerabilities in Magento CMS Could Allow for Remote Code Execution (APSB20-59)



Multiple Vulnerabilities in Magento CMS Could Allow for Remote Code Execution (APSB20-59)

MS-ISAC ADVISORY NUMBER:


2020-142

DATE(S) ISSUED:


10/16/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in Magento CMS, the most severe of which could allow for arbitrary code execution. Magento is a web-based e-commerce application written in PHP. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Magento Open Source versions prior to 2.3.6 and 2.4.1

  • Magento Commerce versions prior to 2.3.6 and 2.4.1

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Magento CMS, the most severe of which could allow for arbitrary code execution. The vulnerabilities are as follows:

  • An File Upload Allow List Bypass vulnerability could allow for Arbitrary Code Execution. (CVE-2020-24407)
  • An SQL Injection vulnerability that could allow for Arbitrary read or write access. (CVE-2020-24400)
  • Multiple Improper Authorization vulnerabilities that could allow for Unauthorized modification of customer list. (CVE-2020-24402, CVE-2020-24404, CVE-2020-24405, CVE-2020-24403)
  • An Insufficient Invalidation of User Session vulnerability could allow for Unauthorized access to restricted resources. (CVE-2020-24401)
  • An Information Disclosure vulnerability could allow for Disclosure of document root path. (CVE-2020-24406)
  • A Cross-Site Scripting vulnerability could allow for Arbitrary JavaScript execution in the browser. (CVE-2020-24408)

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates provided by Magento to affected systems immediately after appropriate testing.

  • Apply the Principle of Least Privilege to all systems and services.

  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • Monitor intrusion detection systems for any signs of anomalous activity.

  • Unless required, limit external network access to affected products.

REFERENCES:



Multiple Vulnerabilities in SonicWALL Sonic OS Could Allow for...

Multiple Vulnerabilities in SonicWALL Sonic OS Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in SonicWALL Sonic OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2020-141

DATE(S) ISSUED:


10/16/2020

OVERVIEW:


Multiple vulnerabilities have been discovered in SonicWALL Sonic OS, the most severe of which could allow for arbitrary code execution. SonicWALL is a firewall and cybersecurity solution vendor. Successful exploitation of the most severe of these vulnerabilities could allow for buffer overflow within the context of the application. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service conditions.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • SonicOS 6.5.4.7-79n and earlier

  • SonicOS 5.9.1.7-2n and earlier

  • SonicOS 5.9.1.13-5n and earlier

  • SonicOS 6.5.1.11-4n and earlier

  • SonicOS 6.0.5.3-93o and earlier

  • SonicOSv 6.5.4.4-44v-21-794 and earlier

  • SonicOS 7.0.0.0-1

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in SonicWALL Sonic OS, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for buffer overflow within the context of the application. Details of these vulnerabilities are as follows:

  • SonicWALL Sonic OS is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue by sending a specially-crafted ‘HTTP’ request containing a custom protocol handler to the affected device. [CVE-2020-5135]
  • A heap-based buffer-overflow vulnerability that affects the firewall SSLVPN service. A remote unauthenticated attacker can exploit this issue to crash the Sonic OS denying service to the legitimate users. [CVE-2020-5138]
  • A buffer-overflow vulnerability that affects the firewall SSLVPN service. A remote unauthenticated attacker can exploit this issue to crash the firewall denying service to the legitimate users. [CVE-2020-5137]
    Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service conditions.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Install the updates provided by SonicWALL to vulnerable systems immediately after appropriate testing.

  • Disable all unnecessary services.

  • Restrict access to devices and applications from only authorized users and hosts.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



A Vulnerability in Juniper Junos OS Could Allow for...

A Vulnerability in Juniper Junos OS Could Allow for Denial of Service



A Vulnerability in Juniper Junos OS Could Allow for Denial of Service

MS-ISAC ADVISORY NUMBER:


2020-140

DATE(S) ISSUED:


10/15/2020

OVERVIEW:


A vulnerability has been discovered in Juniper Junos OS, which could allow for denial of service. Junos OS is a FreeBSD-based operating system used in Juniper Networks routers. This vulnerability specifically affects MX Series routers and EX9200 series switches with Trio-based PFEs configured with IPv6 Distributed Denial of Service (DDoS) protection mechanism enabled. An attacker can exploit this issue to disrupt network protocol operations or interrupt traffic. Successful exploitation of this vulnerability could result in denial of service conditions.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Juniper Networks Junos OS on MX Series and EX 9200 Series 17.2 versions prior to 17.2R3-S4

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 17.3 versions prior to 17.3R3-S8

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 17.4 versions prior to 17.4R2-S11, 17.4R3-S2

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 18.2X75 versions prior to 18.2X75-D30

  • Juniper Networks Junos OS on MX Series and EX 9200 Series 18.3 versions prior to 18.3R2-S4, 18.3R3-S2

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



A vulnerability has been discovered in Juniper Junos OS, which could allow for denial of service. This vulnerability specifically affects MX Series routers and EX9200 series switches with Trio-based PFEs configured with IPv6 Distributed Denial of Service (DDoS) protection mechanism enabled. The IPv6 DDoS protection mechanism allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. An attacker can exploit this issue to disrupt network protocol operations or interrupt traffic by overwhelming the Routing Engine (RE) and/or the Flexible PIC Concentrator (FPC). Successful exploitation of this vulnerability could result in denial of service conditions.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by Juniper to vulnerable systems immediately after appropriate testing.

  • Disable all unnecessary services.

  • Restrict access to devices and applications from only authorized users and hosts.

  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES: