Cybersecurity Updates For Week 5 of 2022

Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution – CVE-2022-44142

All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

Read more:

Libexpat CVE-2022-23852 & CVE-2022-23990

Two vulnerabilities have been found in Libexpat, this is a well known used XML parser in devices such as loadbalancers.
So make sure to double check if your vendor is affected and has updated.

Read more:

Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series, make sure to read the security advisory from ciso and update as soon as possible.

Read More:

Other news worth mentioning:

Google Patches 27 Vulnerabilities With Release of Chrome 98
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Linux kernel patches “performance can be harmful” bug in video driver

New Initiative Aims to Fast-Track Women into Cybersecurity Careers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new professional development initiative will give 100 women the opportunity to revamp their careers and prepare for new roles in cybersecurity in only 100 days…

Read more


Top 5 Security News

What’s Behind the Wolters Kluwer Tax Outage?

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeove

Turla LightNeuron: An email too far

Hackers steal US$41 million worth of Bitcoin from cryptocurrency exchange

Image by Gerd Altmann from Pixabay

Security Software & Tools Tips – December 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaothroducts.

This month we have choosen for the following:
* ModSecurity
* Snort
* Nmap
* Osquery


ModSecurity is a WAF module that can be used for various webservers such as Nginx, Apache and IIS.

Information from the ModSecurity website:

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.



Information from the Snort website:

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.



Information from the OSSIM website:

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization, and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.



Information from the Nmap website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).



Information from the Osquery website:

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.


Photo by Collin Armstrong on Unsplash

Vulnerability in Cisco ASA

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities:
Cisco ASA ASDM Privilege Escalation Vulnerability
Cisco ASA SSL VPN Privilege Escalation Vulnerability
Cisco ASA SSL VPN Authentication Bypass Vulnerability
Cisco ASA SIP Denial of Service Vulnerability
These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others.

Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system.

Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN.

It is recommended to upgrade as soon as possible in order to avoid breaches.

More information and upgrade information:

Cisco ASA VPN Denial of Service Vulnerability

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device.

The vulnerability is due to parallel processing of a large number of Internet Key Exchange (IKE) requests for which username-from-cert is configured. An attacker could exploit this vulnerability by sending a large number of IKE requests when the affected device is configured with the username-from-cert command. An exploit could allow the attacker to cause a reload of the affected device, leading to a denial of service (DoS) condition.

More information:

Cisco ASA and FWSM – multiple vulnerabilities

Cisco has released two security advisories to address multiple vulnerabilities. These vulnerabilities could allow an attacker to obtain elevation of privilege, bypass security controls, or cause a denial of service condition.

More information:

Cisco releases multiple vulnerability updates

Cisco have released advisories about applying updates for the following products:
Cisco ASA Protcol Inspection Connection Table Denial of Service Vulnerability
Cisco UCS 6100 Fabric Interconnect Memory Leak
Cisco IOS XR RIP Version 2 Crafted Packet Vulnerability
Cisco Wireless LAN Controller Multiple Parameter Handling Denial of Service Vulnerability

It is recommended to apply for these product upgrades as soon as possible.

Cisco IOS Multiple DoS Vulnerabilities

Information regarding 7 DoS vulnerabilities for Cisco IOS was released yesterday by Cisco.
All of them are regarding DoS attacks, so it’s recommended to upgrade as soon as possible.

Cisco IOS Software Internet Key Exchange Vulnerability

Cisco IOS Software Smart Install Denial of Service Vulnerability

Cisco IOS Software Zone-Based Policy Firewall Session Initiation

Cisco IOS Software Network Address Translation Vulnerability

Cisco IOS Software Protocol Translation Vulnerability

Cisco IOS Software Resource Reservation Protocol Denial of Service

Cisco IOS Software IP Service Level Agreement Vulnerability

Alltid kul med nytänkande

Med referens till artikeln i IDG .

Nöden är väl ändå uppfinningens moder? Trots alla stora och återkommande framsteg som skett genom åren på prestandasidan i form av minne, cpu och format, har väldigt lite hänt på själva plattformssidan. En server anno 2001 är väldigt lik en server idag. Administration och automation av infrastruktur har alltid varit något av en efterkonstruktion vid framtagandet av t.ex. serverprodukter och vi som arbetar med just automation och drift vill gärna uppmuntra fler leverantörer att följa Ciscos exempel.

Att göra en server tillgänglig för produktion innefattar många fler steg än att bara montera servern i racket och sedan slå på strömbrytaren, snarare handlar det om ett 50-tal moment som ska utföras och testas innan man ger tummen upp för produktion. Verktyg som underlättar för oss att kunna systematiskt integrera dom i våra befintliga system och arbetsflöden för att sedan bara kunna klicka på “Kör” stärker både kvaliteten och flexibiliteten för våra kunder.

För att gå tillbaka till framtiden, så vill jag tro att många av oss går och väntar på äkta multitenancy även på hårdvarusidan, där vi kan avbrottsfritt tillföra eller frigöra maskinkraft på låg nivå, men för att då oundvikligen snegla mot stordatorvärlden, så förutsätts då att både hårdvara, OS och applikationer är framtagna och underhålls i harmoni. Och, den moderna termen för detta är väl ändå Platform as A Service (PaaS) och vi får hoppas på att utvecklare hoppar på tåget och går i den riktningen. Än så länge är adaptionen av PaaS väldigt låg för nya produkter och tjänster på nätet och man fastnar i labb-stadiet.

Så, för att återgå i ämnet, är UCS då räddningen för Ciscos framtid? Vem vet, när fler operatörer börjar bygga PaaS plattformar så är Cisco UCS en tilltalande infrastruktur att bygga den kring. Kommer UCS produkten tilltala IT-chefen som köper en server i månaden och har inga automatiserade arbetsflöden eller ambitioner, förmodligen inte. 🙂

/Stefan Månsby