Security | Marcin Lis

04/19/2024marcin No Comments

Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

This time we have a few vulnerabilities from Google and Microsoft:

Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability

04/16/2024marcin No Comments

Electrolink FM/DAB/TV Transmitter

1. EXECUTIVE SUMMARY

CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Electrolink
Equipment: FM/DAB/TV Transmitter
Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.

04/12/2024marcin No Comments

Critical 0day in VPN from PaloAlto. CVSS 10/10.

The vulnerability is GlobalProtect. The vulnerability makes it possible to get root on a PaloAlto device – without any authentication (!). Unauth Command Injection. The manufacturer reports that the vulnerability is being exploited in real-world attacks.

03/29/2024marcin No Comments

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.

This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

03/28/2024marcin No Comments

Few vulnerabilities in Linux Kernel

ZDI-24-297: Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability
ZDI-24-298: Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability
ZDI-24-299: Linux Kernel nft_exthdr_ipv6_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

03/14/2024marcin

Multiple advisoried for Siemens systems

Siemens SINEMA Remote Connect Server
Siemens SIMATIC
Siemens SENTRON
Siemens Solid Edge
Siemens RUGGEDCOM APE1808
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
Siemens SINEMA Remote Connect Client
Siemens SENTRON 7KM PAC3x20
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family

03/13/2024marcin

Multiple advisories in March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication

Cisco IOS XR Software SSH Privilege Escalation Vulnerability (Security Impact Rating: High)
Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability (Security Impact Rating: Medium)
Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability (Security Impact Rating: Medium)
Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability (Security Impact Rating: High)
Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities (Security Impact Rating: Medium)
Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability (Security Impact Rating: Medium)
Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability (Security Impact Rating: High)

03/13/2024marcin

Vulnerabilities in Adobe Premiere Pro and Adobe Bridge founded

ZDI-24-292: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20745.
http://www.zerodayinitiative.com/advisories/ZDI-24-292/

The specific flaw exists within the parsing of AVI files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html

ZDI-24-291: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20752.
http://www.zerodayinitiative.com/advisories/ZDI-24-291/

The specific flaw exists within the parsing of PS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/bridge/apsb24-15.html

03/13/2024marcin

Vulnerabilities in Microsoft Office and Microsoft Skype founder.

ZDI-24-293: Microsoft Skype Protection Mechanism Failure Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21411.
http://www.zerodayinitiative.com/advisories/ZDI-24-293/

Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411

ZDI-24-294: Microsoft Office Performance Monitor Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26199.
http://www.zerodayinitiative.com/advisories/ZDI-24-294/

Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199

03/12/2024marcin

NI LabVIEW VI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI LabVIEW. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned:

The specific flaw exists within the parsing of VI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.