Category Archives: Advisories

CVE-2021-44171

Read Time:20 Second

A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

Read More

dhcp-4.4.3-4.P1.fc37

Read Time:12 Second

FEDORA-2022-9ca9a94e28

Packages in this update:

dhcp-4.4.3-4.P1.fc37

Update description:

New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)

Read More

dhcp-4.4.3-4.P1.fc38

Read Time:20 Second

FEDORA-2022-5c58ef733f

Packages in this update:

dhcp-4.4.3-4.P1.fc38

Update description:

Automatic update for dhcp-4.4.3-4.P1.fc38.

Changelog

* Wed Oct 5 2022 Martin Osvald <mosvald@redhat.com> – 12:4.4.3-4.P1
– New version 4.4.3-P1 (rhbz#2132240)
– Fix for CVE-2022-2928 (rhbz#2132429)
– Fix for CVE-2022-2929 (rhbz#2132430)

Read More

[SYSS-2022-046]: Verbatim Store ‘n’ Go Secure Portable SSD – Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Read Time:18 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-046
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:…

Read More

[SYSS-2022-045]: Verbatim Store ‘n’ Go Secure Portable SSD – Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Read Time:18 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-045
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:…

Read More

[SYSS-2022-044]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Read Time:17 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-044
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:…

Read More

[SYSS-2022-043]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

Read Time:17 Second

Posted by Matthias Deeg on Oct 08

Advisory ID: SYSS-2022-043
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status:…

Read More

Maggie: New Backdoor Targeting Microsoft SQL Servers

Read Time:1 Minute, 20 Second

FortiGuard Labs is aware of reports that a new backdoor called “Maggie” targets Microsoft SQL servers. Maggie connects to Command and Control (C2) servers for remote commands and supports a variety of commands such as downloading, executing,and deleting files and propagates to other SQL servers through bruteforcing as well as unknown exploit commands. Based on external reports, most infected Microsoft SQL servers are in Asia.Why is this Significant?This is significant because Maggie is a new backdoor malware that has reportedly infected Microsoft SQL servers around the globe, with heavy concentration in Asia. The backdoor allows a remote attacker to control infected SQL servers. Maggie also supports commands to propagate to other SQL servers through bruteforcing.What is Maggie malware?Maggie is a backdoor malware that targets Microsoft SQL servers. The backdoor allows a remote attacker to control infected servers and supports commands such as downloading, executing and deleting files, turning on and off remote desktop services (TermService) as well as propagating to other SQL servers through bruteforcing. Reportedly, Maggie is also capable of accepting unidentified exploit related commands.The attacker disguised Maggie as “sqlmaggieAntiVirus_64.dll” signed with a digital certificate belonging to a company in South Korea. The file is an Extended Stored Procedure (ESP) DLL that the malware abuses for backdoor activities.At the time of this writing, an initial infection vector has not been identified.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for Maggie malware and relevant files:W64/JuicyPotato.AI!trRiskware/Inject.HEUR!tr.pwsAll network IOCs are blocked by the WebFiltering client.

Read More

CISA Advisory on Vulnerabilities Actively Exploited By Threat Actors Supported by China

Read Time:2 Minute, 43 Second

On October 6, 2022, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) released a joint advisory that has a list of the most exploited vulnerabilities since 2020 by threat actors sponsored by China. The list includes 20 vulnerabilities across 13 vendors that were used against the U.S. and its allies.Why is this Significant?This is significant because the list contains vulnerabilities that are known to be exploited by Chinese threat actors. Patches and workarounds should be applied to the vulnerabilities as soon as possible.What Vulnerabilities are on the List?The list includes the following vulnerabilities:CVE-2022-26134: Atlassian Confluence Remote Code Execution Vulnerability via OGNL InjectionCVE-2022-24112: APISIX Admin API default access token Remote Code Execution VulnerabilityCVE-2022-1388: F5 BIG-IP iControl REST Authentication Bypass VulnerabilityCVE-2021-44228: Apache Log4j Error Log Remote Code Execution VulnerabilityCVE-2021-42237: Sitecore XP Insecure Deserialization Remote Code Execution VulnerabilityCVE-2021-41773: Apache HTTP Server Path Traversal VulnerabilityCVE-2021-40539: Zoho ManageEngine ADSelfService Plus RESTAPI Authentication Bypass VulnerabilityCVE-2021-36260: Hikvision Product SDK WebLanguage Tag Command Injection VulnerabilityCVE-2021-27065: Microsoft Exchange Server CVE-2021-27065 Remote Code Execution VulnerabilityCVE-2021-26858: Microsoft Exchange Server CVE-2021-26858 Remote Code Execution VulnerabilityCVE-2021-26857: Microsoft Exchange Server CVE-2021-26857 Remote Code Execution VulnerabilityCVE-2021-26855: Microsoft Exchange Server ProxyRequestHandler Remote Code Execution VulnerabilityCVE-2021-26084: Atlassian Confluence CVE-2021-26084 Remote Code Execution VulnerabilityCVE-2021-22205: GitLab Community and Enterprise Edition Remote Command Execution VulnerabilityCVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload VulnerabilityCVE-2021-20090: Buffalo WSR2533DHP Arbitrary Directory Traversal VulnerabilityCVE-2021-1497: Cisco HyperFlex HX Auth Handling Remote Command Execution VulnerabilityCVE-2020-5902: F5 BIG-IP Traffic Management User Interface Directory Traversal VulnerabilityCVE-2019-19781: Citrix ADC and Gateway Directory Traversal VulnerabilityCVE-2019-11510: Pulse Secure SSL VPN HTML5 Information DisclosureWhat is the Status of Protection?FortiGuard Labs has the following IPS protection in place for the vulnerabilities listed in the CISA advisory:Atlassian.Confluence.OGNL.Remote.Code.Execution (CVE-2022-26134)APISIX.Admin.API.default.token.Remote.Code.Execution (CVE-2022-24112)F5.BIG-IP.iControl.REST.Authentication.Bypass (CVE-2022-1388)Apache.Log4j.Error.Log.Remote.Code.Execution (CVE-2021-44228)Sitecore.XP.Insecure.Deserialization.Remote.Code.Execution (CVE-2021-42237)Apache.HTTP.Server.cgi-bin.Path.Traversal (CVE-2021-41773)Zoho.ManageEngine.ADSelfService.Plus.Authentication.Bypass (CVE-2021-40539)Hikvision.Product.SDK.WebLanguage.Tag.Command.Injection (CVE-2021-36260)MS.Exchange.Server.CVE-2021-27065.Remote.Code.Execution (CVE-2021-27065)MS.Exchange.Server.CVE-2021-26858.Remote.Code.Execution (CVE-2021-26858)MS.Exchange.Server.UM.Core.Remote.Code.Execution (CVE-2021-26857)MS.Exchange.Server.ProxyRequestHandler.Remote.Code.Execution (CVE-2021-26855)Atlassian.Confluence.CVE-2021-26084.Remote.Code.Execution (CVE-2021-26084)GitLab.Community.and.Enterprise.Edition.Command.Injection (CVE-2021-22205)VMware.vCenter.Server.Analytics.Arbitrary.File.Upload (CVE-2021-22005)Arcadyan.Routers.images.Path.Authentication.Bypass (CVE-2021-20090)Cisco.HyperFlex.HX.Auth.Handling.Command.Injection (CVE-2021-1497)F5.BIG.IP.Traffic.Management.User.Interface.Directory.Traversal (CVE-2020-5902)Citrix.Application.Delivery.Controller.VPNs.Directory.Traversal (CVE-2019-19781)Pulse.Secure.SSL.VPN.HTML5.Information.Disclosure (CVE-2019-11510)

Read More