Announcements

Referring to EG-FinCIRT report “Microsoft November 2022 Patch Tuesday” Number 257/2022, Threat actors and ransomware groups discovered a new exploit method that bypasses Microsoft Exchange “ProxyNotShell” mitigations. Threat actors leveraging a new exploit chain method called “OWASSRF” that bypasses blocking rules for “ProxyNotShell” (CVE-2022-41040 and CVE-2022-41082) vulnerabilities in Microsoft Exchange Server and taking advantage of the privilege escalation vulnerability […]

IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform a Cross-Site Scripting attack, perform a Server-Side Request Forgery Attack (SSRF) attack, perform a Log Injection attack, execute arbitrary code and cause a denial of service attack on the affected products. Sample of

Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars). The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system. Samples of the addressed vulnerabilities: 1. Moment.js Directory Traversal (CVE-2022-24785): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Tenable has released a security update to fix a vulnerability in Tenable.ad’s thirdparty component Erlang. The addressed vulnerability could allow the remote attacker to perform a client authentication bypass in certain client-certification situations for SSL, TLS, and DTLS via sending a specially-crafted request. The remote attacker could exploit this vulnerability to gain access to the affected system and bypass

Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, and Safari 16.2. In addition, the mentioned updates fix a zero-day vulnerability actively exploited in the wild. The severity of the addressed vulnerabilities could allow the remote attacker to gainaccess to sensitive information, bypass

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains fixes for two zero-day vulnerabilities. One has been exploited in the wild and the other has been publicly disclosed. Microsoft has fixed (49) vulnerabilities, with (6) classified as critical as they allow remote code execution, denial of service attack, or elevation

VMware has released security updates to fix vulnerabilities across multiple products. severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary commands via specially crafted requests to gain access and obtain information from the affected products. Sample of the addressed vulnerabilities: 1. VMware vRealize Network Insight command execution (CVE-2022-31702) • CVSS: 9.8 • Attack Vector:

VMware has released security updates to fix a zero-day vulnerability across multiple products. The addressed vulnerability could allow the attacker with local administrative privileges on a virtual machine to execute code to gain access to the affected products. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705) • CVSS: 9.3 • Attack Vector: Local • Attack Complexity:

Citrix has released security updates to fix a critical zero-day vulnerability in Citrix ADC and Citrix Gateway. The severity of the addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected products. Citrix ADC and Gateway code execution (CVE-2022-27518): • CVSS: 9.8

IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information and cause a denial of service attack on the affected products. Sample of the addressed Vulnerabilities : 1. IBM InfoSphere Information Server Apache Commons Text code execution (CVE-2022-42889) • CVSS: 9.8

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (4) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform (Web intelligence) and (Program Objects), SAP NetWeaver Process Integration, SAP Commerce, SAP

Fortinet has released security updates to fix a critical zero-day vulnerability in FortiOS and FortiOS-6k7k. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected product. FortiOS heap-based buffer overflow in sslvpnd (CVE-2022-42475): • CVSS: 9.3 • Attack Vector: Network •

Grafana has released security updates (Grafana 9.2.4, Grafana 8.5.15) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to gain elevated privileges on the system by sending specially-crafted requests or obtaining sensitive information. Samples of the addressed vulnerabilities: 1. Privilege Escalation: Unauthorized access to arbitrary endpoints (CVE-2022- 39328): •

IBM has released a security update to fix a critical vulnerability that affects IBM InfoSphere Information Server. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability. The addressed vulnerability could allow the remote attacker to execute an arbitrary command due to improper neutralization of special elements on the affected system of IBM InfoSphere DataStage.

Dell has released a security update to fix a critical vulnerability that affects Connectrix (Brocade) FOS. Brocade Fabric OS versions before v9.1.1_01, v9.0.1e1, v8.2.3c1, and v7.4.2j1 could allow the unauthenticated remote attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Brocade

Redhat has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, leak kernel information, gain Privileges, and cause a denial of service on the affected system. Sample of the addressed vulnerabilities: GnuPG Libksba buffer overflow (CVE-2022-3515): CVSS: 9.8 Attack Vector: Network

Citrix has released security updates for Citrix ADC and Citrix Gateway to fix multiple vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker could exploit these vulnerabilities to take over the administrator’s account, take control of the affected system or bypass the security. Sample of the addressed vulnerabilities: Citrix ADC and Citrix

Microsoft has released its monthly patch of security updates, known as Patch Tuesday, and with it comes fixes for six actively exploited zero-day vulnerabilities, with one being publicly disclosed.Microsoft has fixed (68) vulnerabilities, with (11) classified as Critical as they allow remote code execution, the elevation of privileges, or spoofing. November’s Patch Tuesday was released

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the system or perform unintentional contact with remote servers by sending a specially-crafted input/configuration.

Tenable Nessus has released an updated version (Nessus 10.3.1) to fix multiple vulnerabilities in the third-party components (moment.js, expat, datatables, libxml2, zlib). The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service condition on the affected products by sending a specially-crafted request. Sample of the addressed