Questions about COVID-19?
Visit coronavirus.ohio.gov or call 1-833-4-ASK-ODH for answers.

 

Phishing Targets You

Who's Spying on You?
I Will Gladly Pay You Tuesday For Your Money Today.

Protect Yourself Online

The Stop. Think. Connect.™ web site contains resources and hints to help you protect yourself and your family against many online risks.

Arm yourself with the hints, tips, and techniques provided by contributors at www.stopthinkconnect.org/ and the Department of Homeland Security, and experience a safer web!

Latest Vulnerability Information

A Vulnerability in HP Printer Products Could Allow for...

A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution.



A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:


2021-151

DATE(S) ISSUED:


12/01/2021

OVERVIEW:


A vulnerability has been discovered in HP FutureSmart that could allow for arbitrary code execution. HP FutureSmart is a piece of system firmware that is used on all HP Enterprise devices. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • HP Futuresmart 3 cpe:/h:hp:futuresmart_3 DS

  • HP Futuresmart 4 cpe:/h:hp:futuresmart_4 DS

  • HP Futuresmart 5 cpe:/h:hp:futuresmart_5 DS

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A vulnerability has been discovered in HP FutureSmart that could allow for arbitrary code execution. Vulnerable HP FutureSmart versions are susceptible to a buffer overflow vulnerability that may result in the ability for a remote and unauthenticated attacker to execute arbitrary code on the targeted systems.

Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the latest patches provided by HP after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary...

A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution.



A Vulnerability in Fortinet FortiWeb Could Allow for Arbitrary Code Execution.

MS-ISAC ADVISORY NUMBER:


2021-150

DATE(S) ISSUED:


11/22/2021

OVERVIEW:


A vulnerability has been discovered in Fortinet FortiWeb that could allow for arbitrary code execution. Fortinet FortiWeb is a firewall for web applications, which provides threat protection for medium and large enterprises. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • FortiWeb versions prior to 6.4.1

  • FortiWeb versions prior to 6.3.16

  • FortiWeb versions prior 6.2.6

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A vulnerability has been discovered in Fortinet FortiWeb, that could allow for arbitrary code execution. This vulnerability can be exploited when an unauthenticated attacker overwrites the content of the stack by sending crafted HTTP requests with large request parameter values.

Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates by Fortinet to vulnerable systems, immediately after appropriate testing.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:



A Vulnerability in Microsoft Edge Could Allow for Arbitrary...

A Vulnerability in Microsoft Edge Could Allow for Arbitrary Code Execution



A Vulnerability in Microsoft Edge Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-149

DATE(S) ISSUED:


11/22/2021

OVERVIEW:


A vulnerability has been discovered in Microsoft Edge that could result in remote code execution. Microsoft Edge is a Chromium based internet browser made by Microsoft, which is installed by default on all new Windows computers. Edge was made to replace Internet Explorer, and runs faster and with more features. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • Microsoft Edge cpe:/a:microsoft:edge DS

  • Microsoft Windows 10 for 32-bit Systems

  • Microsoft Windows 10 for x64-based Systems

  • Microsoft Windows 10 version 1511 for 32-bit Systems

  • Microsoft Windows 10 version 1511 for x64-based Systems

  • Microsoft Windows 10 Version 1607 for 32-bit Systems

  • Microsoft Windows 10 Version 1607 for x64-based Systems

  • Microsoft Windows 10 version 1703 for 32-bit Systems

  • Microsoft Windows 10 version 1703 for x64-based Systems

  • Microsoft Windows 10 version 1709 for 32-bit Systems

  • Microsoft Windows 10 version 1709 for x64-based Systems

  • Microsoft Windows 10 Version 1803 for 32-bit Systems

  • Microsoft Windows 10 Version 1803 for x64-based Systems

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2016 for x64-based Systems

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A design error vulnerability exists in Microsoft Edge (Chromium Based) which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the security updates provided by Microsoft to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



A Vulnerability in Multiple NETGEAR Products Could Allow for...

A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution



A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-148

DATE(S) ISSUED:


11/18/2021

OVERVIEW:


A vulnerability has been discovered in multiple NETGEAR products, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the root user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:



GRIMM researchers are reported to have an exploit capable of compromising fully patched devices that are running the default configuration.

SYSTEMS AFFECTED:


  • NetGear AirCards prior to firmware version 1.0.0.62

  • NetGear Cable Modems prior to firmware version 2.1.3.5

  • NetGear DSL Modem Routers D7000v2 and D6220 prior to firmware version 1.0.0.76

  • NetGear DSL Modem Routers D6400 prior to firmware version 1.0.0.108

  • NetGear DSL Modem Routers D6400 prior to firmware version 1.0.0.126

  • NetGear Extenders EX3700 and EX3800 prior to firmware version 1.0.0.94

  • NetGear Extenders EX6120 and EX6130 prior to firmware version 1.0.0.66

  • NetGear Routers: See NetGear release under references for full list of patched firmware versions

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A vulnerability has been discovered in multiple NETGEAR products, which could allow for arbitrary code execution. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the root user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by NETGEAR to vulnerable systems immediately after appropriate testing.

  • Apply the Principle of Least Privilege to all systems and services

REFERENCES:




Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-147

DATE(S) ISSUED:


11/16/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



Google is not aware of any exploits for these vulnerabilities in the wild.

SYSTEMS AFFECTED:


  • Google Chrome versions prior to 96.0.4664.45

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Use after free vulnerability exists in loader (CVE-2021-38005)
  • Use after free vulnerability exists in storage foundation (CVE-2021-38006)
  • Type Confusion vulnerability exists in V8 (CVE-2021-38007)
  • Use after free vulnerability exists in media (CVE-2021-38008)
  • Inappropriate implementation vulnerability exists in cache (CVE-2021-38009)
  • Inappropriate implementation vulnerability exists in service workers (CVE-2021-38010)
  • Use after free vulnerability exists in storage foundation (CVE-2021-38011)
  • Type Confusion vulnerability exists in V8 (CVE-2021-38012)
  • Heap buffer overflow vulnerability exists in fingerprint recognition (CVE-2021-38013)
  • Out of bounds write vulnerability exists in Swiftshader (CVE-2021-38014)
  • Inappropriate implementation vulnerability exists in input (CVE-2021-38015)
  • Insufficient policy enforcement vulnerability exists in background fetch (CVE-2021-38016)
  • Insufficient policy enforcement vulnerability exists in iframe sandbox (CVE-2021-38017)
  • Inappropriate implementation vulnerability exists in navigation (CVE-2021-38018)
  • Insufficient policy enforcement vulnerability exists in CORS (CVE-2021-38019)
  • Insufficient policy enforcement vulnerability exists in contacts picker (CVE-2021-38020)
  • Inappropriate implementation vulnerability exists in referrer (CVE-2021-38021)
  • Inappropriate implementation vulnerability exists in WebAuthentication (CVE-2021-38022)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



Multiple Vulnerabilities in iCloud for Windows Could Allow for...

Multiple Vulnerabilities in iCloud for Windows Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in iCloud for Windows Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-146

DATE(S) ISSUED:


11/12/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in iCloud for Windows Could Allow for Arbitrary Code Execution. iCloud for Windows is a cloud storage and cloud computing service. Successful exploitation of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

THREAT INTELLIGENCE:



There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • iCloud for Windows versions prior to 13

RISK:



Government:


  • Large and medium government entities: MEDIUM

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: MEDIUM

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple Vulnerabilities have been discovered in iCloud for Windows which could allow for arbitrary code execution in the context of the affected user. Details of these vulnerabilities are as follows:

  • A type confusion issue was addressed with improved memory handling, which could allow for arbitrary code execution. (CVE-2021-30852)
  • A memory corruption issue was addressed with improved input validation, which could allow for arbitrary code execution. (CVE-2021-30814)
  • Processing a maliciously crafted image could allow for arbitrary code execution. (CVE-2021-30835, CVE-2021-30847)
  • An attacker in a privileged network position may be able to bypass HSTS. (CVE-2021-30823)
  • Multiple memory corruption issues, which could allow for arbitrary code execution. (CVE-2021-30849)

Successful exploitation of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.

  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to download, accept or execute files from untrusted and unknown sources.

  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.

  • Evaluate read, write, and execute permissions on all newly installed software.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



A Vulnerability in Palo Alto PAN-OS Could Allow for...

A Vulnerability in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution



A Vulnerability in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-145

DATE(S) ISSUED:


11/12/2021

OVERVIEW:


A vulnerability has been discovered in Palo Alto PAN-OS that could allow for arbitrary code execution. PAN-OS is the software that runs on all Palo Alto Network firewalls. Successful exploitation of this vulnerability could allow for arbitrary code execution with root privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:



There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • Palo Alto PAN-OS versions prior to 10.1.3

  • Palo Alto PAN-OS versions prior to 10.0.8

  • Palo Alto PAN-OS versions prior to 9.1.11-h2

  • Palo Alto PAN-OS versions prior to 8.1.20-h1

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS could allow for arbitrary code execution. To successfully exploit, the attacker must have specific knowledge of the firewall configuration, and have network access to the GlobalProtect interfaces. When exploited, an attacker can run execute arbitrary code with root privileges.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Restrict access to the GlobalProtect interface to authorized hosts only

  • Apply appropriate patches or mitigations provided by Palo Alto to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



A Vulnerability in Palo Alto PAN-OS Could Allow for...

A Vulnerability in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution



A Vulnerability in Palo Alto PAN-OS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-144

DATE(S) ISSUED:


11/10/2021

OVERVIEW:


A vulnerability has been discovered in Palo Alto PAN-OS that could allow for arbitrary code execution. PAN-OS is the software that runs on all Palo Alto Network firewalls. Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:



There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:


  • Palo Alto PAN-OS versions prior to 8.1.17

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



A memory corruption vulnerability has been discovered in Palo Alto PAN-OS that could allow for arbitrary code execution. To successfully exploit, the attacker must have access to the network and to the GlobalProtect interface. When exploited, an attacker can disrupt system processes and potentially execute arbitrary code with root privileges.

Successful exploitation of this vulnerability could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches or mitigations provided by Palo Alto to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES: