Security Advisories
-
2018-028: BLEEDINGBIT - Vulnerabilities Affecting Enterprise WiFi Devices
Monday, November 05, 2018 04:43:00 PM CETSecurity researchers disclosed details about two critical vulnerabilities related to the use of BLE (Bluetooth Low Energy) chips made by Texas Instruments (TI). The vulnerable BLE chips are embedded in WiFi network equipment from Cisco, Meraki and Aruba Networks. Dubbed BleedingBit, the two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication.
-
2018-027: Multiple Vulnerabilities in Oracle Products
Friday, October 19, 2018 03:37:00 PM CESTOn 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.
-
2018-026: Vulnerabilities in PHP
Tuesday, October 16, 2018 02:09:00 PM CESTOn 11th of October 2018, several vulnerabilities have been fixed in PHP, a programming language designed for web applications. According to the Center for Internet Security, these vulnerabilities allow an adversary to perform an arbitrary code execution and/or denial-of-service attack (DoS).
-
2018-025: Cisco Webex Player Remote Code Execution Vulnerabilities
Friday, September 21, 2018 10:46:00 AM CESTOn 19th of September 2018, Cisco published a security advisory concerning Remote Code Execution Vulnerabilities. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code on an affected device. The vulnerabilities are due to improper validation of Webex recording files. An attacker could exploit these vulnerabilities by sending a user an e-mail with a link or attachment containing a malicious file and persuading the user to open the file in the Cisco Webex Player. A successful exploit could allow the attacker to execute
arbitrary code on an affected system. Cisco has released software
updates that address these vulnerabilities. -
2018-024: Windows Task Scheduler – Privileges Escalation Vulnerability
Thursday, August 30, 2018 10:51:00 AM CESTOn August 27th, a tweet from a researcher with a nick SandboxEscaper announced an unpatched local privileges escalation vulnerability in Windows. This flaw is affecting the way Task Scheduler uses Advanced Local Procedure Call (ALPC) to read and set permissions. This allows a user with read access to an object to change his rights on it. Eventually, this vulnerability allows a user to run code with SYSTEM privileges. It is important to notice that a POC has been already
published on Internet and there is no available patch yet. -
2018-023: Major Vulnerability in Ghostscript
Friday, August 24, 2018 03:46:00 PM CESTGhostscript -- an interpreter for PostScript and PDF -- is affected by a major vulnerability. There is currently no patch available, but some workarounds are possible.
-
2018-022: Apache Struts -- Critical Remote Code Execution Vulnerability
Thursday, August 23, 2018 04:57:00 PM CESTSemmle researchers discovered and disclosed a critical remote code execution vulnerability (CVE-2018-11776) in the Apache Struts web application framework. That flaw could allow remote attackers to run malicious code on the affected servers.
-
2018-021: Critical Vulnerabilities in Adobe Acrobat and Reader
Thursday, August 16, 2018 04:35:00 PM CESTOn 14th of August 2018, Adobe released a security bulletin addressing two critical vulnerabilities affecting Adobe Acrobat and Reader for Windows and MacOS. Successful exploitation could lead to arbitrary code execution in the context of the current user and be used in a phishing campaign. No exploit has been observed yet in the wild.
-
2018-020: Speculative Execution Attack on Intel Processors
Friday, August 17, 2018 10:04:00 AM CESTIn January 2018, two separate teams discovered flaws in Intel processor
allowing speculative execution attacks and notified Intel of their researches. On 14th of August 2018, the vulnerabilities were disclosed publicly under the name Foreshadow. Based on the provided technical details Intel investigated further and identified two other attack channel with the potential to impact additional microprocessors, operating systems, system management mode, and virtualization software. -
2018-019: New attack on WPA/WPA2 using PMKID
Wednesday, August 08, 2018 08:53:00 AM CESTOn August 4th the researcher Jens Steube published on his website a new method to get a hash which involves the Pre-Shared Key (PSK) of a wifi access point. A successful exploitation of the technique allows an attacker to retrieve the PSK.
-
2018-018: WebLogic Vulnerability Exploited In The Wild
Thursday, July 26, 2018 05:00:00 PM CESTRecently Oracle released patches for vulnerability CVE-2018-2893. This vulnerability allows an unauthenticated attacker to compromise Oracle WebLogic Server. Exploits were published on GitHub and on other websites after the announcement of the security updates. There were reported attacks against vulnerable instances.
-
2018-017: Juniper JunOS Multiple Vulnerabilities
Friday, July 13, 2018 04:49:00 PM CESTOn the 12th of July 2018, Juniper has released updates to address several vulnerabilities affecting JunOS products. A remote attacker can exploit those vulnerabilities in order to trigger privilege escalation, denial of service, firewall rule bypass, security restriction bypass and sensitive information disclosure on the targeted system. An exploit is available for the privilege escalation vulnerability (CVE-2018-0024).
-
2018-016: Signature Spoofing Vulnerability in GnuPG
Friday, June 15, 2018 02:27:00 PM CESTOn 13th of June 2018, Marcus Brinkmann released technical details concerning a vulnerability impacting GnuPG and most applications based on GnuPG (Enigmail, GPGtools, python-gnupg, etc.) [1]. This vulnerability can be exploited by a remote attacker to spoof signatures in encrypted messages. Security researchers named those vulnerabilities SigSpoof.
To exploit the vulnerabilities, the verbose option needs to be enabled (via configuration file or via command line parameter). A successful exploitation of the vulnerability allows the attacker to spoof signature verification and message decryption results. Concerning Enigmail, exploitation of the vulnerability does not even need the message to be encrypted (encryption is spoofed as well). -
2018-015: Critical Vulnerabilities in Adobe Acrobat, Reader and Photoshop CC
Tuesday, May 15, 2018 05:26:00 PM CESTAdobe has released Adobe Security Bulletins APSB18-09 and APSB18-17 providing security updates for Adobe Acrobat, Reader and Adobe Photoshop
CC for Windows and MacOS. These updates address critical and important
vulnerabilities, which successful exploitation could lead to arbitrary
code execution in the context of the current user. -
2018-014: Vulnerabilities in OpenPGP and S/MIME Client Implementations
Monday, May 14, 2018 05:01:00 PM CESTOn 14th of May 2018, security researchers released technical details
concerning vulnerabilities impacting OpenPGP and S/MIME encryption
technologies. These vulnerabilities abuse e-mail clients rendering HTML
content when displaying e-mails to exfiltrate plaintext content of
OpenPGP or S/MIME encrypted email. Security researchers named those
vulnerabilities EFAIL. -
2018-013: Cisco WebEx ARF Remote Code Execution Vulnerabilities
Thursday, May 03, 2018 12:58:00 PM CESTOn May 2nd, 2018, Cisco published two advisories for remote code execution vulnerabilities, CVE-2018-0287 (medium) and CVE-2018-0264 (critical) in the various Cisco WebEx Players. The players are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The records are using the Advanced Recording Format (ARF). An attacker could exploit these vulnerabilities by sending a link or an e-mail attachment with a malicious ARF file and persuading the target to open the malicious file. Successful exploitation could allow the attacker to execute arbitrary code on the target system.
-
2018-012: Drupal Core - Remote Code Execution
Friday, April 27, 2018 05:24:00 PM CESTDrupal is a content management system often used for Enterprise Content
Management Projects. A remote code execution vulnerability
(CVE-2018-7602) exists within multiple subsystems of Drupal 7.x and 8.x.
This allows attackers to exploit multiple attack vectors on a Drupal
site, which result in the site being compromised. This vulnerability is
related to Drupal core - highly critical - Remote Code Execution -
SA-CORE-2018-002 (CVE-2018-7600). Both
SA-CORE-2018-002/CERT-EU-SA2018-008 (CVE-2018-7600) and this
vulnerability are being exploited in the wild. -
2018-011: Cisco Products Multiple Vulnerabilities
Thursday, April 19, 2018 04:36:00 PM CESTOn the 17th and 18th of April 2018, Cisco has released several updates to address vulnerabilities affecting multiple products in which a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.
-
2018-010: Critical Vulnerability in Sophos Mobile and Sophos Mobile Control
Tuesday, April 10, 2018 07:46:00 AM CESTOn 26th of March 2018, Sophos released a security advisory concerning Sophos Mobile and Sophos Mobile Control. This critical vulnerability could allow an unauthenticated user to access the administration console or the self-service portal of Sophos Mobile.
-
2018-009: UPDATE Cisco Smart Install Protocol Remote Code Execution Vulnerability
Friday, April 06, 2018 05:10:00 PM CESTOn 28th of March 2018, Cisco published a security advisory concerning a buffer overflow discovered in Smart Install feature of Cisco IOS and Cisco IOS XE software. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on an affected device.
A proof of concept for the vulnerability has been published. Also, there are already many attacks observed in the wild. -
2018-008: Drupal Core – Remote Code Execution
Friday, March 30, 2018 04:54:00 PM CESTDrupal team announced a security advisory for a vulnerability (CVE-2018-7600) reported by Jasper Mattsson and rated as Highly Critical with a score of 21/25 based on the NIST Common Misuse Scoring System. A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site. Successful exploitation could lead to a potential compromise of the web application and possibly the underlying operating system as well.
-
2018-007: Unauthorized Personal Data Sharing
Friday, March 30, 2018 04:49:00 PM CESTCERT-EU has recently observed the usage of software tools and components that might lead to unauthorized personal data leakage. These components are often available in the form of browser extensions or plugins, or e-mail clients plugins. Examples include: Zoominfo, Data.com, InsideView, NetProspex, DiscoverOrg, or LeadIQ. Depending on the machine configuration and policy, these components may be often installed by the users themselves -- without any need for administrator access. Once installed, these components typically gather contact information (address books, etc.), which are then exfiltrated and shared with third parties. Such indiscriminate sharing of corporate address books and other similar data creates potential issues under the new European GDPR directive, and hence should be avoided.
-
2018-006: Remote Code Execution Vulnerability in Exim
Wednesday, March 07, 2018 03:07:00 PM CETOn February 05, 2018, Devcore Security Consulting discovered a buffer overflow vulnerability in the base64 decode function of Exim message transfer agent. On March 06, 2018, Exim released a security advisory about the issue, confirming potential remote code execution that could be triggered by sending a handcrafted message. The issue has been fixed in version 4.90.1 of Exim and no alternative mitigation is known.
-
2018-005: UPDATE Critical Vulnerability in Adobe Flash Player
Tuesday, February 06, 2018 04:50:00 PM CETOn January 31, 2018, KrCERT/CC released a security alert regarding a vulnerability in Adobe Flash Player. Regarding this issue, Adobe Systems has also released a security advisory about the vulnerability (CVE-2018-4878). According to Adobe, the vulnerability is being exploited in the wild. As of February 6th, 2017 a patch from Adobe is available.
-
2018-004: UPDATE Critical Vulnerability in Cisco Adaptive Security Appliance
Wednesday, January 31, 2018 12:35:00 PM CETOn the 29nd of January 2018, CISCO published a security advisory for a
remote code execution and denial of service vulnerability affecting
Cisco Adaptive Security Appliance (ASA). The vulnerability is located in
the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive
Security Appliance (ASA) Software and could allow an unauthenticated,
remote attacker to cause a reboot of the affected system or to remotely
execute code. On the 5th of February 2018, CISCO updated the advisory
after identifying additional attack vectors and release of new patches. -
2018-003: Critical Vulnerability in Electron on Windows
Monday, January 29, 2018 03:57:00 PM CETOn the 22nd of January 2018, GitHub published a fix for a remote code execution vulnerability affecting Electron applications that use custom protocol handlers. An attacker could exploit the vulnerability by providing to the victim a specifically crafted link calling the custom protocol handler. The vulnerability affects - among others - applications such as Skype, Slack, etc.
-
2018-002: INTEL AMT Security Issue
Friday, January 12, 2018 04:33:00 PM CETOn January 12th 2018, F-Secure reported a security issue affecting laptops supporting Intel’s Active Management Technology (AMT). The issue allows an attacker with physical access to the laptop to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation.
-
2018-001: UPDATE Meltdown and Spectre Critical Vulnerabilities
Thursday, January 11, 2018 10:39:00 AM CETDesign flaws in modern computer processors allow programs to steal data processed on the computer. The hardware design deficiencies leaded to the development of two attack scenarios: Meltdown, melts security boundaries normally enforced by the processors hardware, and Spectre, which abuses speculative execution leading to information disclosure.