Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server
Category Archives: Advisories
CVE-2020-25691
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally.
CVE-2021-20295
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.
CVE-2021-22277
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.
CVE-2022-26233: Barco Control Room Management Suite File Path Traversal Vulnerability
Posted by Murat Aydemir on Apr 01
*I. SUMMARY*
Title: [CVE-2022-2623] Barco Control Room Management Suite File Path
Traversal Vulnerability
Product: Barco Control Room Management Suite before 2.9 build 0275 and all
prior versions
Vulnerability Type: File Path Traversal
Credit by/Researcher: Murat Aydemir from Accenture Cyber Security Team
(Prague CFC)
Contact: https://twitter.com/mrtydmr75
Github: https://github.com/murataydemir
*II. CVE REFERENCE, CVSS SCORES &…
AcidRain Wiper Suspected in Satellite Broadband Outage in Europe
FortiGuard Labs is aware a report that a new wiper malware was deployed and destroyed data on modems and routers for KA-SAT satellite broadband services, resulting in service outages across Europe on February 24th, 2022. The service interruption also caused the disconnection of remote access to 5,800 wind turbines in Europe. According to security vendor SentinelOne, AcidRain wiper shares similarities with a VPNFilter stage 3 destructive plugin. The Federal Bureau of Investigation (FBI) and Department of Justice disrupted the VPNFilter botnet by seizing a domain that was part of the Command-and-Control (C2) infrastructure. The Russian-connected the Sofacy threat actor (also known as APT28, Sednit, Pawn Storm, Fancy Bear, and Tsar) is believed to have operated the VPNFilter botnet. Why is this Significant?This is significant not only because a new wiper malware was used in the attack but also because the attack caused service interruption for satellite broadband services in Europe, including Ukraine, and 5,800 wind turbines in Europe were knocked offline.Also, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a joint advisory on March 17th, 2022, warning of cyberattacks on U.S. and international satellite communication (SATCOM) networks. What Happened?According to the statement released by Viasat, a provider of KA-SAT satellite broadband services, the attack occurred in two phases.1. On February 24th, 2022, “malicious traffic were detected emanating from several SurfBeam2 and SurfBeam 2+ modems and/or associated customer premise equipment (CPE) physically located within Ukraine and serviced by one of the KA-SAT consumer-oriented network partitions. This targeted denial of service attack made it difficult for many modems to remain online.” 2. Then, the company started to observe a gradual decline of the connected modems. Subsequently, a large number of additional modems across much of Europe exited the network and they did not re-enter to the network. The statement continues as saying that the attacker gained remote access to the trusted management segment of the KA-SAT network through a misconfigured VPN appliance. The threat actor moved laterally through the network and ultimately sent “legitimate, targeted management commands on a large number of residential modems simultaneously. Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”The belief is that “these destructive commands” refer to AcidRain wiper malware.What is VPNFilter malware?VPNFilter is a IoT malware that was first reported in mid-2018 and targeted home and Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices. The malware is not only capable of performing data exfiltration but also rendering devices completely inoperable.FortiGuard Labs published a research blog series on VPNFilter malware in 2018. See the Appendix for a link to “VPNFilter Malware – Critical Update” and “VPNFilter Update – New Attack Modules Documented”.What is the threat actor Sofacy?Sofacy is a threat actor who is believed to operate for Russian interests. The threat actor has been in operation since at least 2007 and targets a wide range of sectors including government, military and security organizations.One of the most infamous activities carried out by the Sofacy group is their alleged involvement in hacking “networks and endpoints associated with the U.S. election” in 2016, in which the FBI the US Department of Homeland Security (DHS) released a join advisory on December 29th, 2016.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against AcidRain wiper malware believed to have been used in the attack:ELF/AcidRain.A!tr
podman-4.0.3-1.fc36
FEDORA-2022-2067702f06
Packages in this update:
podman-4.0.3-1.fc36
Update description:
Security fix for CVE-2022-27649, CVE-2022-21698
fribidi-1.0.11-3.fc34
FEDORA-2022-764c8c6b1c
Packages in this update:
fribidi-1.0.11-3.fc34
Update description:
This release contains security fixes.
fribidi-1.0.11-3.fc35
FEDORA-2022-d230620a58
Packages in this update:
fribidi-1.0.11-3.fc35
Update description:
This release contains security fixes.