Jul 11, 2021

Vulnerability Summary for the Week of June 28

US-CERTの先週の脆弱性サマリーから、いくつかピックアップする。


以下、次の順に

Primary Vendor -- Product, Description, Published, CVSS Score, Source & Patch Info


adobe -- after_effects

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An unauthenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

2021-06-28
9.3
CVE-2021-28570 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-28570
MISC https://helpx.adobe.com/ee/security/products/after_effects/apsb21-33.html


adobe -- robohelp_server

Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

2021-06-28
9
CVE-2021-28588 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-28588
MISC https://www.zerodayinitiative.com/advisories/ZDI-21-660/


fidelissecurity -- deception

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability.

2021-06-25
9
CVE-2021-35047 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35047
CONFIRM https://support.fidelissecurity.com/hc/en-us/categories/360001842694-Advisories-News-and-Policies


helpu -- helpu

A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.

2021-06-29
CVE-2020-7868 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-7868
MISC https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088


huawei -- anyoffice

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device.

AnyOfficeは、BYODを視野に入れたセキュリティ管理ツールで、MDMコンポーネントも含まれるらしい。  https://forum.huawei.com/enterprise/en/huawei-anyoffice-v200r002c10-deployment-guide-contents/thread/416297-867

2021-06-29
9.3
CVE-2021-22439 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22439
MISC https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210619-01-injection-en


inkdrop -- inkdrop

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.

Takuyaさんという日本のクリエイターが開発したノートアプリとのこと。  https://webdesign-trends.net/entry/4163

2021-06-28
9.3
CVE-2021-20745 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-20745
MISC https://www.inkdrop.app/
MISC https://docs.inkdrop.app/releases/5.3.1
MISC https://jvn.jp/en/jp/JVN29949691/index.html


mcafee -- mvision_edr

A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'.

2021-06-29
9
CVE-2021-31838 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-31838
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10342


securepoint -- openvpn-client

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user.

ローカルの非特権ユーザが、設定変更により、外部スクリプトを特権ユーザとして実行できる。最新版にupdateすれば良い。

2021-06-28
7.2
CVE-2021-35523 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35523
MISC https://github.com/Securepoint/openvpn-client/security/advisories/GHSA-v8p8-4w8f-qh34
MISC https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30/
FULLDISC http://seclists.org/fulldisclosure/2021/Jun/59
MISC http://packetstormsecurity.com/files/163320/Securepoint-SSL-VPN-Client-2.0.30-Local-Privilege-Escalation.html


tenable -- nessus

Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host.

2021-06-29
7.2
CVE-2021-20079 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-20079
MISC https://www.tenable.com/security/tns-2021-07


以下「Severity Not Yet Assigned」からピックアップしたもの。


apache -- traffic_server

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

caching proxy server "Apache Traffic Server"への潜在的リモート攻撃脆弱性

2021-06-29
not yet calculated
CVE-2021-27577 https://nvd.nist.gov/vuln/detail/CVE-2021-27577
 ← Base Score:  7.5 HIGH とされている。
MISC https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E


google -- chrome

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

2021-07-02
not yet calculated
CVE-2021-30554 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-30554
 ← Base Score:  8.8 HIGH  となっている。
MISC https://crbug.com/1219857
MISC https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html


hitachi -- virtual_file_platform_versions

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

2021-06-28
not yet calculated
CVE-2021-20740 https://nvd.nist.gov/vuln/detail/CVE-2021-20740
 ← Base Score:  8.8 HIGH とされている。
MISC https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html
MISC https://jpn.nec.com/security-info/secinfo/nv21-011.html
MISC https://jvn.jp/en/jp/JVN21298724/index.html


huawei -- smartphone

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause the device to crash and restart.

2021-06-30
not yet calculated
CVE-2021-22350 https://nvd.nist.gov/vuln/detail/CVE-2021-22350
 ← Base Score:  7.5 HIGH とされている。
MISC https://consumer.huawei.com/en/support/bulletin/2021/5/


huawei -- smartphone

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

2021-06-30
not yet calculated
CVE-2021-22352 https://nvd.nist.gov/vuln/detail/CVE-2021-22352
 ← Base Score:  7.8 HIGH とされている。
MISC https://consumer.huawei.com/en/support/bulletin/2021/5/


ibm -- security_identity_manager_adapters

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252.

2021-06-28
not yet calculated
CVE-2021-20574 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-20574
 ← Base Score:  8.8 HIGH (CVSS:3.1 ...) とされている。
CONFIRM https://www.ibm.com/support/pages/node/6465875
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/199252


jenkins -- jenkins

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

2021-06-30
not yet calculated
CVE-2021-21671 https://nvd.nist.gov/vuln/detail/CVE-2021-21671
 ← Base Score:  7.5 HIGH とされている。
CONFIRM https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2371
MLIST http://www.openwall.com/lists/oss-security/2021/06/30/1


libressl -- libressl

LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print).

2021-07-01
not yet calculated
CVE-2019-25048 https://nvd.nist.gov/vuln/detail/CVE-2019-25048
 ← Base Score:  7.1 HIGH とされている。
MISC https://github.com/libressl-portable/portable/commit/17c88164016df821df2dff4b2b1291291ec4f28a
MISC https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13914
MISC https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libressl/OSV-2020-1923.yaml


mediawiki -- mediawiki

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value (MaxNameChars).

2021-07-02
not yet calculated
CVE-2021-36125 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36125
 ← Base Score:  7.5 HIGH とされている。
MISC https://phabricator.wikimedia.org/T260865
MISC https://gerrit.wikimedia.org/r/q/I97d8b3236b5abed8ba9a9c4d3ab5050c2e782c22


microsoft -- windows

Windows Print Spooler Remote Code Execution Vulnerability

2021-07-02
not yet calculated
CVE-2021-34527 https://nvd.nist.gov/vuln/detail/CVE-2021-34527
 ← Base Score:  8.8 HIGH (CVSS 3.1)とされている。Criticalじゃないのか?
   ※ PrintNightmare 過去記事 
MISC https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527


netgear -- wac104_devices

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).

2021-06-30
not yet calculated
CVE-2021-35973 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35973
 ← Base Score:  9.8 CRITICAL とされている。
MISC https://gynvael.coldwind.pl/?lang=en&id=736
MISC https://kb.netgear.com/000063785/Security-Advisory-for-Authentication-Bypass-on-WAC104-PSV-2021-0075


nvidia -- mb2

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.

2021-06-30
not yet calculated
CVE-2021-34384 https://nvd.nist.gov/vuln/detail/CVE-2021-34384
 ← Base Score:  7.8 HIGH (CVSS:3.1)とされている。
CONFIRM https://nvidia.custhelp.com/app/answers/detail/a_id/5205


torproject -- tor

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

2021-06-29
not yet calculated
CVE-2021-34550 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34550
 ← Base Score:  7.5 HIGH とされている。
MISC https://gitlab.torproject.org/tpo/core/tor/-/issues/40392
CONFIRM https://blog.torproject.org/node/2041


torproject -- tor

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

2021-06-29
not yet calculated
CVE-2021-34549 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34549
 ← Base Score:  7.5 HIGH とされている。
MISC https://gitlab.torproject.org/tpo/core/tor/-/issues/40391
CONFIRM https://blog.torproject.org/node/2041


torproject -- tor

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

2021-06-29
not yet calculated
CVE-2021-34548 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34548
 ← Base Score:  7.5 HIGH とされている。
MISC https://gitlab.torproject.org/tpo/core/tor/-/issues/40389
CONFIRM https://blog.torproject.org/node/2041


xen -- xen

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.

2021-06-29
not yet calculated
CVE-2021-28691 https://nvd.nist.gov/vuln/detail/CVE-2021-28691
 ← Base Score:  7.8 HIGH とされている。
MISC https://xenbits.xenproject.org/xsa/advisory-374.txt


出典

Bulletin (SB21-186) Vulnerability Summary for the Week of June 28, 2021 (07/05)
https://us-cert.cisa.gov/ncas/bulletins/sb21-186


No comments: