Questions about COVID-19?
Visit coronavirus.ohio.gov or call 1-833-4-ASK-ODH for answers.

 

Phishing Targets You

Who's Spying on You?
I Will Gladly Pay You Tuesday For Your Money Today.

Protect Yourself Online

The Stop. Think. Connect.™ web site contains resources and hints to help you protect yourself and your family against many online risks.

Arm yourself with the hints, tips, and techniques provided by contributors at www.stopthinkconnect.org/ and the Department of Homeland Security, and experience a safer web!

Latest Vulnerability Information

Multiple Vulnerabilities in Rockwell Automation ISaGRAF5 Runtime Could Allow...

Multiple Vulnerabilities in Rockwell Automation ISaGRAF5 Runtime Could Allow for Remote Code Execution

Multiple Vulnerabilities in Rockwell Automation ISaGRAF5 Runtime Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2021-097

DATE(S) ISSUED:

07/29/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Rockwell Automation ISaGRAF5 Runtime, the most severe of which could allow for remote code execution. These affected Industrial Control System (ICS) products are used across several sectors, including chemical, critical manufacturing, food and agriculture, water and wastewater systems and others. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to perform remote code execution on the affected device.

 

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • AADvance Controller version 1.40 and earlier
  • ISaGRAF Free Runtime in ISaGRAF6 Workbench Version 6.6.8 and earlier
  • Micro800 family, all versions
  • GE Steam Power’s ALSPA S6 MFC3000 and MFC1000 (all versions)
  • Xylem MultiSmart Gen-1 devices and MultiSmart Gen-2 devices running firmware prior to Version 3.2.0 (If ISaGRAF is enabled on those devices)

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Rockwell Automation ISaGRAF5 Runtime which could allow for remote code execution. Details of these vulnerabilities are as follows:

 

  • Some commands used by the ISaGRAF eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. (CVE-2020-25176)
  • ISaGRAF Runtime stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. (CVE-2020-25184)
  • ISaGRAF Workbench communicates with ISaGRAF Runtime using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. (CVE-2020-25178)
  • ISaGRAF Runtime searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. (CVE-2020-25182)
  • ISaGRAF Runtime includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the Tiny Encryption Algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. (CVE-2020-25180)

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Rockwell Automation to vulnerable systems immediately after appropriate testing.
  • Isolate control systems from other networks when possible.
  • Minimize network exposure for all control system devices.
  • Remind users not to download, accept or execute files from untrusted and unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

ICS-CERT:

https://us-cert.cisa.gov/ics/advisories/icsa-20-280-01

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25176

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25178

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25180

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25182

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25184

A Vulnerability in macOS Big Sur, iOS and iPadOS...

A Vulnerability in macOS Big Sur, iOS and iPadOS Could Allow for Arbitrary Code Execution

A Vulnerability in macOS Big Sur, iOS and iPadOS Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-096

DATE(S) ISSUED:

07/27/2021

OVERVIEW:

A vulnerability has been discovered in macOS Big Sur, iOS and iPadOS, which could allow for arbitrary code execution.

  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  • macOS Big Sur is the 17th and current major release of macOS.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with kernel privileges to take full control over a device.

THREAT INTELLIGENCE:

Apple is aware of a report that this issue may have been actively exploited to plant malware on vulnerable devices. (CVE-2021-30807)

SYSTEMS AFFECTED:

  • iOS prior to version 14.7.1
  • iPadOS prior to version 14.7.1
  • macOS Big Sur prior to version 11.5.1

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: HIGH

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: HIGH

Home Users:

LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in macOS Big Sur, iOS and iPadOS that could allow for arbitrary code execution. This vulnerability occurs due to a memory corruption issue in IOMobileFrameBuffer that was addressed with improved memory handling. Successful exploitation of this vulnerability could result in arbitrary code execution with kernel privileges to take full control over a device.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept or execute files from untrusted and unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Apple:

https://support.apple.com/en-us/HT212622

https://support.apple.com/en-us/HT212623

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30807

Security Affairs:

https://securityaffairs.co/wordpress/120576/security/apple-cve-2021-30807-zero-day.html

A Vulnerability in HP, Xerox, and Samsung Printer Drivers...

A Vulnerability in HP, Xerox, and Samsung Printer Drivers Could Allow Attackers to Gain Administrator Rights on a System

A Vulnerability in HP, Xerox, and Samsung Printer Drivers Could Allow Attackers to Gain Administrator Rights on a System

 

MS-ISAC ADVISORY NUMBER:

2021-092

DATE(S) ISSUED:

07/20/2021

OVERVIEW:

HP, Xerox and Samsung drivers which could result in local privilege escalation. A printer driver is a piece of system software that allows your computer to interact with your printer. This vulnerability specifically deals with an old printer driver from 2005 called SSPORT.SYS which affects hundreds of millions of devices and millions of users worldwide. Successful exploitation of this vulnerability might allow attachers to potentially install programs, view change, encrypt or delete data, or create new accounts with full user rights.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • Please refer to the reference section for the full list of systems affected for HP and Xerox

 

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in HP, Xerox, and Samsung printer drivers which could result in local privilege escalation. HP, Xerox, and Samsung are prone to a local privilege escalation vulnerability that could allow a user with basic user privileges to elevate their privileges to SYSTEM and run code in kernel mode, potentially bypassing security products that would block their attacks or the delivery of additional malicious payloads. Successfully exploiting this vulnerability (SSPORT.SYS) might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the latest patches provided by HP and Xerox
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Bleeping Computer:

https://www.bleepingcomputer.com/news/security/16-year-old-bug-in-printer-software-gives-hackers-admin-rights/

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3438

HP (Affected Systems/Patch):

https://support.hp.com/us-en/document/ish_3900395-3833905-16/hpsbpi03724

SentinelOne:

https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/

XP (Affected Systems/Patch):

https://securitydocs.business.xerox.com/wp-content/uploads/2021/05/cert_Security_Mini_Bulletin_XRX21K_for_B2XX_PH30xx_3260_3320_WC3025_32xx_33xx.pdf

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary...

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-095

DATE(S) ISSUED:

07/21/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  • Safari is a graphical web browser developed by Apple, based on the WebKit engine.
  • watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
  • macOS Big Sur is the 17th and current major release of macOS.
  • macOS Catalina is the 16th major release of macOS.
  • macOS Mojave is the 15th major release of macOS.
  • tvOS is an operating system for fourth-generation Apple TV digital media player.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution with kernel or root privileges.

THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • macOS Big Sur versions prior to 11.5
  • macOS Catalina prior to security update 2021-004
  • macOS Mojave prior to security update 2021-005
  • iOS and iPadOS versions prior to 14.7
  • Safari versions prior to 14.1.2
  • watchOS versions prior to 7.6
  • tvOS versions prior to 14.7

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Apple macOS/iOS, the most severe of which could allow for arbitrary code execution with kernel or root privileges. Details of these vulnerabilities are as follows:

 

  • A shortcut may be able to bypass Internet permission requirements due to an input validation issue in ActionKit (CVE-2021-30763)
  • A memory corruption issue in the AMD kernel may lead to arbitrary code execution with kernel privileges (CVE-2021-30805)
  • Opening a maliciously crafted file may lead to unexpected AppKit termination or arbitrary code execution (CVE-2021-30790)
  • A local attacker may be able to cause unexpected application termination or arbitrary code execution via Audio (CVE-2021-30781)
  • A memory corruption issue within AVEVideoEncoder may lead to arbitrary code execution with kernel privileges (CVE-2021-30748)
  • A malicious application may be able to gain root privileges due to a memory corruption issue in Bluetooth (CVE-2021-30672)
  • Processing a maliciously crafted audio file may lead to arbitrary code execution due to a memory corruption issue in CoreAudio (CVE-2021-30775)
  • Playing a malicious audio file may lead to unexpected application termination due to a logic issue with input validation in CoreAudio (CVE-2021-30776)
  • Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution due to a race condition in CoreGraphics (CVE-2021-30786)
  • A malicious application may be able to gain root privileges via CoreServices, and a sandboxed process may be able to circumvent restrictions (CVE-2021-30772, CVE-2021-30783)
  • A malicious application may be able to gain root privileges due to an injection issue in CoreStorage (CVE-2021-30777)
  • Processing a maliciously crafted font file may lead to arbitrary code execution or process memory disclosure due to out-of-bounds reads in CoreText (CVE-2021-30789, CVE-2021-30733)
  • A malicious application may be able to gain root privileges due to a logic issue within Crash Reporter (CVE-2021-30774)
  • A malicious application may be able to gain root privileges due to an out-of-bounds write issue in CVMS (CVE-2021-30780)
  • A sandboxed process may be able to circumvent sandbox restrictions due to a logic issue in dyld (CVE-2021-30768)
  • A malicious application may be able to access Find My data due to a permissions issue (CVE-2021-30804)
  • Processing a maliciously crafted font file may lead to arbitrary code execution due to integer and stack overflows in FontParser (CVE-2021-30760, CVE-2021-30759)
  • Processing a maliciously crafted tiff file with FontParser may lead to a denial-of-service or potentially disclose memory contents (CVE-2021-30788)
  • A malicious application may be able to access a user’s recent Contacts due to a permissions issue in Identity Services (CVE-2021-30803)
  • A malicious application may be able to bypass code signing checks due to a code signature validation issue in Identity Services (CVE-2021-30773)
  • Processing maliciously crafted web content may lead to arbitrary code execution due to a use after free iddue in Image Processing (CVE-2021-30802)
  • Processing a maliciously crafted image with may lead to arbitrary code execution due to a buffer overflow in ImageIO (CVE-2021-30779, CVE-2021-30785)
  • An application may be able to cause unexpected system termination or write kernel memory due to an issue in Intel Graphics Driver (CVE-2021-30787)
  • An application may be able to execute arbitrary code with kernel privileges due to an out-of-bounds write issue in Intel Graphics Driver (CVE-2021-30765, CVE-2021-30766)
  • An unprivileged application may be able to capture USB devices due to an issue in IOUSBHostFamily (CVE-2021-30731)
  • A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit (CVE-2021-30784)
  • An application may be able to execute arbitrary code with kernel privileges due to logic issues in state management and double free issues in the kernel (CVE-2021-30703, CVE-2021-30793)
  • A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication due to a kernel logic issue (CVE-2021-30769)
  • An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations due to a kernel logic issue (CVE-2021-30770)
  • A malicious application may be able to bypass Privacy preferences due to entitlement issues in Kext Management (CVE-2021-30778)
  • A malicious application or sandboxed process may be able to break out of its sandbox or restrictions due to environment sanitization and access restriction issues in LaunchServices (CVE-2021-30677, CVE-2021-30783)
  • A remote attacker may be able to cause arbitrary code execution due to an issue in libxml2 (CVE-2021-3518)
  • Multiple issues were found in libwebp (CVE-2018-25010, CVE-2018-25011, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331)
  • Processing a maliciously crafted image may lead to a denial of service due to a logic issue in Model I/O (CVE-2021-30796)
  • Processing a maliciously crafted image may lead to arbitrary code execution due to an out-of-bounds write in Model I/O (CVE-2021-30792)
  • Processing a maliciously crafted file may disclose user information due to an out-of-bounds read in Model I/O (CVE-2021-30791)
  • A malicious application may be able to access restricted files due to an issue in Sandbox (CVE-2021-30782)
  • A malicious application may be able to bypass certain Privacy preferences due to a logic issue in TCC (CVE-2021-30798)
  • Processing maliciously crafted web content may lead to arbitrary code execution due to type confusion, use after free, and memory corruption issues in WebKit (CVE-2021-30758, CVE-2021-30795, CVE-2027-30797, CVE-2021-30799)
  • Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution (CVE-2021-30800)

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept or execute files from untrusted and unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Apple:

  • https://support.apple.com/en-us/HT201222
  • https://support.apple.com/en-us/HT212600
  • https://support.apple.com/en-us/HT212601
  • https://support.apple.com/en-us/HT212602
  • https://support.apple.com/en-us/HT212603
  • https://support.apple.com/en-us/HT212604
  • https://support.apple.com/en-us/HT212605
  • https://support.apple.com/en-us/HT212606

 

CVE:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30672
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30677
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30703
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30731
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30733
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30748
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30759
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30760
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30763
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30765
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30766
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30768
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30769
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30770
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30772
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30773
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30774
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30775
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30776
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30777
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30778
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30779
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30780
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30781
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30782
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30783
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30784
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30785
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30786
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30787
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30788
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30789
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30790
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30791
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30792
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30793
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30796
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30798
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30800
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30802
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30803
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30804
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30805

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary...

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – UPDATE

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-088 – UPDATED

DATE(S) ISSUED:

07/13/2021

07/21/2021 – UPDATED

OVERVIEW:

Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution.

 

  • Dimension is a 3D rendering and design software.
  • Illustrator is a vector graphics editor and design program.
  • Adobe Framemaker is a document processing software used to write and edit large or complex documents.
  • Acrobat and Reader is a family of application software and Web services mainly used to create, view, and edit PDF documents.
  • Bridge is a free digital asset management app. It is a mandatory component of Adobe Creative Suite, Adobe eLearning Suite, Adobe Technical Communication Suite and Adobe Photoshop CS2 through CS6.

 

July 21 – UPDATED OVERVIEW:

 

  • Photoshop is Adobe’s flagship image editing software.
  • Premiere Pro is a video editing software
  • After Effects is a graphics and visual effects software
  • Audition is a professional audio editing application that includes a non-destructive mixing and editing environment
  • Animator is a motion capture and animation tool that gives everyone a solution for intuitive animation
  • Prelude software is a video ingest and logging tool that helps you quickly tag and transcode raw footage from file-based cameras
  • Media Encoder is a software program by Adobe that is used to provide media content for the web and other sources

 

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Adobe Dimension 3.4 and earlier versions
  • Adobe Illustrator 2021 25.2.3  and earlier versions
  • Adobe Framemaker 2019 Update 8 and earlier
  • Adobe Framemaker 2020 Release Update 1 and earlier
  • Acrobat DC 2021.005.20054 and earlier versions
  • Acrobat Reader DC 2021.005.20054 and earlier versions
  • Acrobat 2020 2020.004.30005 and earlier versions
  • Acrobat Reader 2020 2020.004.30005 and earlier versions
  • Acrobat 2017 2017.011.30197  and earlier versions
  • Acrobat Reader 2017 2017.011.30197  and earlier versions
  • Adobe Bridge  11.0.2 and earlier versions

 

July 21 – UPDATED SYSTEMS AFFECTED:

 

  • Adobe Photoshop 2020 21.2.9 and earlier versions
  • Adobe Photoshop 2021 22.4.2 and earlier versions
  • Adobe Audition 14.2 and earlier versions
  • Adobe Character Animator 2020 4.2 and earlier versions
  • Adobe Prelude 10.0 and earlier versions
  • Adobe Premiere Pro 15.2 and earlier versions
  • Adobe After Effects 18.2.1 and earlier versions
  • Adobe Media Encoder 15.2 and earlier versions

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

Adobe Dimension

  • Uncontrolled Search Path Element, which could allow for arbitrary code execution. (CVE-2021-28595)

 

Adobe Illustrator

  • Out-of-bounds write vulnerability, which could allow for arbitrary code execution. (CVE-2021-28591, CVE-2021-28592)
  • Use After Free vulnerability, which could allow for arbitrary file system read. (CVE-2021-28593)

 

Adobe Framemaker

  • Out-of-bounds write vulnerability, which could allow for arbitrary code execution. (CVE-2021-28596)

 

Acrobat and Reader

  • Path Traversal vulnerability, which could allow for arbitrary file system read. (CVE-2021-35980, CVE-2021-28644)
  • Use After Free vulnerabilities, which could allow for arbitrary code execution. (CVE-2021-28640, CVE-2021-28641, CVE-2021-28639, CVE-2021-35983, CVE-2021-35981, CVE-2021-28635)
  • Type Confusion vulnerability, which could allow for arbitrary code execution. ( CVE-2021-28643)
  • Out-of-bounds Write vulnerability, which could allow for arbitrary file system write. (CVE-2021-28642)
  • Out-of-bounds Read vulnerability, which could allow for a memory leak. (CVE-2021-28637)
  • Heap-based Buffer Overflow vulnerability, which could allow for arbitrary code execution. (CVE-2021-28638)
  • Uncontrolled Search Path Element vulnerability, which could allow for arbitrary code execution. (CVE-2021-28636)
  • OS Command Injection vulnerability, which could allow for arbitrary code execution. (CVE-2021-28634)
  • Out-of-bounds Read, vulnerability, which could allow for privilege escalation. (CVE-2021-35988, CVE-2021-35987)
  • Type Confusion vulnerability, which could allow for arbitrary file system read. (CVE-2021-35986)
  • NULL Pointer Dereference vulnerability, which could allow for application denial-of-service. (CVE-2021-35985, CVE-2021-35984)

 

Adobe Bridge

  • Heap-based Buffer Overflow vulnerability, which could allow for arbitrary code execution. (CVE-2021-28624)
  • Improper Input Validation vulnerability, which could allow for arbitrary code execution. (CVE-2021-35991)
  • Out-of-bounds Write vulnerability, which could allow for arbitrary code execution. (CVE-2021-35989, CVE-2021-35990)
  • Out-of-bounds Read vulnerability, which could allow for arbitrary file system read. (CVE-2021-35992)

 

July 21 – UPDATED TECHNICAL SUMMARY:

Adobe Photoshop

  • Stack-based buffer overflow vulnerability, which could allow for arbitrary code execution (CVE-2021-36005)
  • Improper Input Validation vulnerability, which would allow for arbitrary file system read (CVE-2021-36006)

 

Adobe Audition

  • Out-of-bounds read vulnerability, which could allow for arbitrary code execution (CVE-2021-36003)

 

Adobe Character Animator

  • Out-of-bounds read vulnerability, which could allow for privilege escalation (CVE-2021-36001)
  • Access of Memory Location After End of Buffer vulnerability, which could allow for arbitrary code execution (CVE-2021-36000)

 

Adobe Prelude

  • Improper Input Validation vulnerability, which could allow for arbitrary code execution (CVE-2021-36007)
  • Access of Memory Location After End of Buffer vulnerability, which could allow for arbitrary code execution (CVE-2021-35999)

 

Adobe Premiere Pro

  • Access of Memory Location After End of Bugger vulnerability, which could allow for arbitrary code execution (CVE-2021-35997)

 

Adobe After Effects

  • Out-of-bounds read vulnerability, which could allow for arbitrary file system read (CVE-2021-36018-19)
  • Access of Memory Location After End of Buffer vulnerability, which could allow for arbitrary code execution (CVE-2021-36017, CVE-2021-35996)
  • Out-of-bounds write vulnerability, which could allow for arbitrary code execution (CVE-2021-35993-94)
  • Improper Input Validation vulnerability, which could allow for arbitrary code execution (CVE-2021-35995)

 

Adobe Media Encoder

  • Out-of-bounds read vulnerability, which could allow for arbitrary code execution (CVE-2021-28589-90, CVE-2021-36013, CVE-2021-36016)
  • Improper Input Validation vulnerability, which could allow for arbitrary code execution (CVE-2021-36014)
  • Access of Memory Location After End of Buffer vulnerability, which could allow for arbitrary code execution (CVE-2021-36015)

 

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Install the updates provided by Adobe immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

 

REFERENCES:

Adobe:

  • https://helpx.adobe.com/security/security-bulletin.html
  • https://helpx.adobe.com/security/products/dimension/apsb21-40.html
  • https://helpx.adobe.com/security/products/illustrator/apsb21-42.html
  • https://helpx.adobe.com/security/products/framemaker/apsb21-45.html
  • https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
  • https://helpx.adobe.com/security/products/bridge/apsb21-53.html

 

CVE:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28591
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28592
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28593
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28595
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28596
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28624
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28634
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28635
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28636
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28637
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28638
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28639
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28640
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28641
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28643
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28644
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35980
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35981
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35983
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35984
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35985
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35986
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35987
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35988
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35989
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35990
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35991
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35992
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35993
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35994
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35995
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35997
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35999
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36000
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36001
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36003
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36005
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36006
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36013
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36014
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36015
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36016
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36018
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36019

 

July 21 – UPDATED REFERENCES:

 

Adobe:

  • https://helpx.adobe.com/security/products/media-encoder/apsb21-43.html
  • https://helpx.adobe.com/security/products/after_effects/apsb21-54.html
  • https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html
  • https://helpx.adobe.com/security/products/prelude/apsb21-58.html
  • https://helpx.adobe.com/security/products/character_animator/apsb21-59.html
  • https://helpx.adobe.com/security/products/audition/apsb21-62.html
  • https://helpx.adobe.com/security/products/photoshop/apsb21-63.html

 

CVE:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28589-90
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35993-94
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35995
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35996
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35997
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35999
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36000
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36001
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36003
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36005
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36006
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36013
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36014
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36015
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36016
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36017
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36018-19

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-094

DATE(S) ISSUED:

07/21/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • Google Chrome versions prior to 92.0.4515.107

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

 

  • Out of bounds write vulnerability exists in Tab Groups. (CVE-2021-30565)
  • Stack buffer overflow vulnerability exists in Printing. (CVE-2021-30566)
  • Use after free vulnerability exists in DevTools. (CVE-2021-30567)
  • Heap buffer overflow vulnerability exists in WebGL. (CVE-2021-30568)
  • Use after free vulnerability exists in sqlite. (CVE-2021-30569)
  • Insufficient policy enforcement vulnerability exists in DevTools. (CVE-2021-30571)
  • Use after free vulnerability exists in Autofill. (CVE-2021-30572)
  • Use after free vulnerability exists in GPU. (CVE-2021-30573)
  • Use after free vulnerability exists in protocol handling. (CVE-2021-30574)
  • Out of bounds read vulnerability exists in Autofill. (CVE-2021-30575)
  • Use after free vulnerability exists in DevTools. (CVE-2021-30576)
  • Insufficient policy enforcement vulnerability exists in Installer. (CVE-2021-30577)
  • Uninitialized Use vulnerability exists in Media. (CVE-2021-30578)
  • Use after free vulnerability exists in UI framework. (CVE-2021-30579)
  • Insufficient policy enforcement vulnerability exists in Android intents. (CVE-2021-30580)
  • Use after free vulnerability exists in DevTools. (CVE-2021-30581)
  • Inappropriate implementation vulnerability exists in Animation. (CVE-2021-30582)
  • Insufficient policy enforcement vulnerability exists in image handling on Windows. (CVE-2021-30583)
  • Incorrect security UI vulnerability exists in Downloads. (CVE-2021-30584)
  • Use after free vulnerability exists in sensor handling. (CVE-2021-30585)
  • Use after free vulnerability exists in dialog box handling on Windows. (CVE-2021-30586)
  • Inappropriate implementation vulnerability exists in Compositing on Windows. (CVE-2021-30587)
  • Type Confusion vulnerability exists in V8. (CVE-2021-30588)
  • Insufficient validation of untrusted input vulnerability exists in Sharing. (CVE-2021-30589)

 

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Google:
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html

CVE:

Oracle Quarterly Critical Patches Issued July 20, 2021

Oracle Quarterly Critical Patches Issued July 20, 2021

Oracle Quarterly Critical Patches Issued July 20, 2021

MS-ISAC ADVISORY NUMBER:

2021-093

DATE(S) ISSUED:

07/20/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Oracle products, which could allow for remote code execution.

SYSTEMS AFFECTED:

  • Oracle Database Server, versions 12.1.0.2, 19c
  • Big Data Spatial and Graph, versions prior to 2.0, prior to 23.1
  • Essbase, version 21.2
  • Essbase Analytic Provider Services, versions 11.1.2.4, 21.2
  • Hyperion Essbase Administration Services, versions 11.1.2.4, 21.2
  • Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version 11.3.1.5
  • Oracle Communications Billing and Revenue Management, versions 7.5.0.23.0, 12.0.0.3.0
  • Oracle Communications BRM – Elastic Charging Engine, versions 11.3.0.9.0, 12.0.0.3.0
  • Oracle Communications Convergent Charging Controller, version 12.0.4.0.0
  • Oracle Communications Design Studio, version 7.4.2
  • Oracle Communications Instant Messaging Server, version 10.0.1.4.0
  • Oracle Communications Network Charging and Control, versions 6.0.1.0, 12.0.1.0-12.0.4.0, 12.0.4.0.0
  • Oracle Communications Offline Mediation Controller, version 12.0.0.3.0
  • Oracle Communications Pricing Design Center, version 12.0.0.3.0
  • Oracle Communications Unified Inventory Management, versions 7.3.2, 7.3.4, 7.3.5, 7.4.0, 7.4.1
  • Oracle Communications Application Session Controller, version 3.9
  • Oracle Communications Cloud Native Core Console, version 1.4.0
  • Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 1.4.0, 1.7.0
  • Oracle Communications Cloud Native Core Network Slice Selection Function, version 1.2.1
  • Oracle Communications Cloud Native Core Policy, versions 1.5.0, 1.9.0
  • Oracle Communications Cloud Native Core Security Edge Protection Proxy, version 1.7.0
  • Oracle Communications Cloud Native Core Service Communication Proxy, version 1.5.2
  • Oracle Communications Cloud Native Core Unified Data Repository, versions 1.4.0, 1.6.0
  • Oracle Communications Diameter Signaling Router (DSR), versions 8.0.0-8.5.0
  • Oracle Communications EAGLE Software, versions 46.6.0-46.8.2
  • Oracle Communications Evolved Communications Application Server, version 7.1
  • Oracle Communications Services Gatekeeper, versions 7.0, 8.2
  • Instantis EnterpriseTrack, versions 17.1, 17.2, 17.3
  • Primavera Gateway, versions 17.12.0-17.12.11, 18.8.0-18.8.11, 19.12.0-19.12.10, 20.12.0
  • Primavera P6 Enterprise Project Portfolio Management, versions 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14, 20.12.0-20.12.3
  • Primavera Unifier, versions 17.7-17.12, 18.8, 19.12, 20.12
  • Oracle E-Business Suite, versions 12.1.1-12.1.3, 12.2.3-12.2.10
  • Enterprise Manager Base Platform, version 13.4.0.0
  • Oracle Application Testing Suite, version 13.3.0.1
  • Oracle Configuration Manager, version 12.1.2.0.8
  • Oracle Banking Enterprise Collections, versions 2.10.0, 2.12.0
  • Oracle Banking Party Management, version 2.7.0
  • Oracle Banking Platform, versions 2.4.0, 2.7.1, 2.9.0
  • Oracle Banking Treasury Management, version 14.4
  • Oracle Financial Services Analytical Applications Infrastructure, versions 8.0.6-8.0.9, 8.1.0
  • Oracle Financial Services Crime and Compliance Investigation Hub, version 20.1.2
  • Oracle Financial Services Regulatory Reporting with AgileREPORTER, version 8.0.9.6.3
  • Oracle FLEXCUBE Private Banking, versions 12.0.0, 12.1.0
  • Oracle FLEXCUBE Universal Banking, versions 12.0-12.4, 14.0-14.4.0
  • MICROS Compact Workstation 3, version 310
  • MICROS ES400 Series, versions 400-410
  • MICROS Kitchen Display System Hardware, version 210
  • MICROS Workstation 5A, version 5A
  • MICROS Workstation 6, versions 610-655
  • Oracle Hospitality Reporting and Analytics, version 9.1.0
  • Identity Manager, versions 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Access Manager, version 11.1.2.3.0
  • Oracle BAM (Business Activity Monitoring), versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle BI Publisher, versions 5.5.0.0.0, 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle Business Intelligence Enterprise Edition, version 12.2.1.4.0
  • Oracle Coherence, versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • Oracle Data Integrator, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Enterprise Data Quality, version 12.2.1.3.0
  • Oracle Enterprise Repository, version 11.1.1.7.0
  • Oracle Fusion Middleware MapViewer, version 12.2.1.4.0
  • Oracle GoldenGate Application Adapters, version 19.1.0.0.0
  • Oracle JDeveloper, version 12.2.1.4.0
  • Oracle JDeveloper and ADF, version 12.2.1.4.0
  • Oracle Managed File Transfer, versions 12.2.1.3.0, 12.2.1.4.0
  • Oracle Outside In Technology, version 8.5.5
  • Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
  • Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
  • Real-Time Decisions (RTD) Solutions, version 3.2.0.0
  • Oracle Hospitality Suite8, versions 8.13, 8.14
  • Hyperion Financial Reporting, versions 11.1.2.4, 11.2.5.0
  • Hyperion Infrastructure Technology, versions 11.1.2.4, 11.2.5.0
  • Oracle Hyperion BI+, versions 11.1.2.4, 11.2.5.0
  • Oracle Insurance Policy Administration, versions 11.0.2, 11.1.0-11.3.0
  • Oracle Insurance Policy Administration J2EE, version 11.0.2
  • Oracle Insurance Rules Palette, versions 11.0.2, 11.1.0-11.3.0
  • Oracle GraalVM Enterprise Edition, versions 20.3.2, 21.1.0
  • Oracle Java SE, versions 7u301, 8u291, 11.0.11, 16.0.1
  • JD Edwards EnterpriseOne Orchestrator, versions 9.2.5.3 and prior
  • JD Edwards EnterpriseOne Tools, versions 9.2.5.3 and prior
  • MySQL Cluster, versions 8.0.25 and prior
  • MySQL Connectors, versions 8.0.23 and prior
  • MySQL Enterprise Monitor, versions 8.0.23 and prior
  • MySQL Server, versions 5.7.34 and prior, 8.0.25 and prior
  • PeopleSoft Enterprise CS Campus Community, version 9.2
  • PeopleSoft Enterprise HCM Candidate Gateway, version 9.2
  • PeopleSoft Enterprise HCM Shared Components, version 9.2
  • PeopleSoft Enterprise PeopleTools, versions 8.57, 8.58, 8.59
  • PeopleSoft Enterprise PT PeopleTools, versions 8.57, 8.58, 8.59
  • Oracle Policy Automation, versions 12.2.0-12.2.22
  • Oracle Retail Back Office, version 14.1
  • Oracle Retail Central Office, version 14.1
  • Oracle Retail Customer Engagement, versions 16.0-19.0
  • Oracle Retail Customer Management and Segmentation Foundation, versions 16.0-19.0
  • Oracle Retail Financial Integration, versions 14.1.3.2, 15.0.3.1, 16.0.3.0
  • Oracle Retail Integration Bus, versions 14.1.3.2, 15.0.3.1, 16.0.3.0
  • Oracle Retail Merchandising System, versions 14.1.3.2, 15.0.3.1, 16.0.3
  • Oracle Retail Order Broker, versions 15.0, 16.0
  • Oracle Retail Order Management System Cloud Service, version 19.5
  • Oracle Retail Point-of-Service, version 14.1
  • Oracle Retail Price Management, versions 14.0, 14.1, 15.0, 16.0
  • Oracle Retail Returns Management, version 14.1
  • Oracle Retail Service Backbone, versions 14.1.3.2, 15.0.3.1, 16.0.3.0
  • Oracle Retail Xstore Point of Service, versions 16.0.6, 17.0.4, 18.0.3, 19.0.2, 20.0.1
  • Siebel Applications, versions 21.5 and prior
  • Oracle Agile Engineering Data Management, version 6.2.1.0
  • Oracle Agile PLM, versions 9.3.3, 9.3.5, 9.3.6
  • Oracle Transportation Management, version 6.4.3
  • OSS Support Tools, versions prior to 2.12.41
  • Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2400, prior to XCP3100
  • Oracle Solaris, version 11
  • Oracle Solaris Cluster, version 4.4
  • Oracle ZFS Storage Appliance Kit, version 8.8
  • StorageTek Tape Analytics SW Tool, version 2.3
  • Oracle Secure Global Desktop, version 5.6
  • Oracle VM VirtualBox, versions prior to 6.1.24

RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: HIGH

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: HIGH

Home Users:

LOW

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches or appropriate mitigations provided by Oracle to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and

REFERENCES:

Oracle:

https://www.oracle.com/security-alerts/cpujul2021.html

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-091

DATE(S) ISSUED:

07/16/2021

OVERVIEW:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

Google stated that an exploit for CVE-2021-30563 exists in the wild.

SYSTEMS AFFECTED:

  • Google Chrome versions prior to 91.0.4472.164RISK:

Government:

  • Large and medium government entities: HIGH
  • Small government entities: HIGH

Businesses:

  • Large and medium business entities: HIGH
  • Small business entities: HIGH

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

 

  • A use after free vulnerability exists in V8. (CVE-2021-30541)
  • An out of bounds write vulnerability exists in ANGLE. (CVE-2021-30559)
  • A use after free vulnerability exists in Blink XSLT. (CVE-2021-30560)
  • A type confusion vulnerability exists in V8. (CVE-2021-30561, CVE-2021-30563)
  • A use after free vulnerability exists in WebSerial. (CVE-2021-30562)
  • A heap buffer overflow vulnerability exists in WebXR. (CVE-2021-30564)

 

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

 

REFERENCES:

Google:

https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30541

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30559

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30560

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30561

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30562

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30564