by CIRT Team
TMUI RCE vulnerability CVE-2020-5902
Description In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. Impact This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete...
Read More
by CIRT Team
Common Vulnerabilities and Exposures (CVE) Report June 2020
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of June 2020.
by CIRT Team
SaltStack Patches Critical Vulnerabilities in Salt
SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild. CVE-2020-11651: An issue was discovered in...
Read More
by CIRT Team
ISC Releases Security Advisories for BIND
CVE-2020-8618:An assertion check in BIND (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly triggered by a large response during zone transfer. Impact: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to...
Read More
by CIRT Team
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. For more information, please visit following URL:https://www.drupal.org/sa-core-2020-004https://www.drupal.org/sa-core-2020-005
by CIRT Team
WordPress Releases Security and Maintenance Update
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. WordPress 5.4.2 is now available. For more information, please visit following URL:https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
by CIRT Team
CVE-2020-3347: Cisco Webex Meetings Desktop App Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is...
Read More
by CIRT Team
CVE-2020-13428: VLC Media Player 3.0.11 Fixes Severe Remote Code Execution Flaw
CVE-2020-13428:A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. Impact:According to VideoLan’s security bulletin, this vulnerability can be exploited by creating a specially crafted file and tricking a user into opening it...
Read More
by CIRT Team
6 New Vulnerabilities Found on D-Link Home Routers
Palo Alto Networks’ Unit 42 researchers discovered six new vulnerabilities in D-Link wireless cloud routers running their latest firmware.The vulnerabilities were found in the DIR-865L model of D-Link routers. The following are the six vulnerabilities found: CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection)CVE-2020-13786: Cross-Site Request Forgery (CSRF)CVE-2020-13785: Inadequate Encryption StrengthCVE-2020-13784: Predictable seed in pseudo-random number generatorCVE-2020-13783: Cleartext storage of sensitive...
Read More
by CIRT Team
Critical Vulnerabilities in Treck TCP/IP stack software
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices and include multiple remote code execution vulnerabilities. These vulnerabilities affect Treck TCP/IP stack implementations for embedded systems. The Treck TCP/IP stack is affected including: IPv4IPv6UDPDNSDHCPTCPICMPv4ARP Impact:Successful exploitation of these...
Read More
