ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3586
         New Security Updates for Microsoft Windows Codecs Library
                          and Visual Studio Code
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows Codecs Library
                   Microsoft Visual Studio Code
                   Microsoft Dynamics 365 Commerce
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-17023 CVE-2020-17022 CVE-2020-16943

Reference:         ASB-2020.0167

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943

Comment: This bulletin contains three (3) Microsoft security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: October 15, 2020
**************************************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2020-16943
* CVE-2020-17022
* CVE-2020-17023
 

Revision Information:
=====================

* CVE-2020-16943

 - CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943
 - Version 2.0
 - Reason for Revision: In the Security Updates table, removed the Article and Download
   links because an update is not yet available for Dynamics 365 Commerce. Customers
   will be notified via a revision to this CVE information when an update becomes
   available.
 - Originally posted: October 13, 2020
 - Updated: October 13, 2020
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17022

 - CVE-2020-17022 | Remote Desktop Services Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17023

 - CVE-2020-17023 | Visual Studio JSON Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at .

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl+I3HUACgkQbMczVWaP
e3WVbwf9EJfqNYIskGIpqS+sI3mTBlNiZTfnCR7w2fhrz0trvcq5I4gxwqzdswrN
ChRP8ZSRVcTmnvnAVyMI0pUfB6cz/42yf/K8byzVZgqNIDtIoKwaKvL0QN/sGzU2
CMsUJU09eP+YPamQ9w/7iyU91RpKzj/kd4nnQEmJAy8nEBUzWZkSUxgnV7qJVRmN
8Yse5jxVDDIYnUzuYCY2cV/oiBkuN4ZhhFl20iKlXaLq+etCRQY/r8Ll2lJAz7Ub
OuFmKlWqZhuuVBEfJAXWM82bg3ztdI5hSOD5CdBsflwSMvK3DBN0LFw5SUhI7aT/
Qh5NZxuuAOGP88OSwJGO5Ao8NlWDEA==
=UDkC
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX40vHeNLKJtyKPYoAQhuHg/9F7Yd21vIcWySblo6xW9xxNZ9yPWpukos
MoAv3JU75SOjoFZE6gRIJQ7PzGt+V2AEZkbfeLYQzC7DenkVvC36QJUl3YBKWY/c
ewHJT88lnRj/UHh0zl7YZ+UeNV9mkiRFpgrMJo6QGg3biNR7P4wqPwtckCAfoCFr
uLRS24XK+SNpd0sjnQJDwyNbsbybELU9pPhFACOGyE7RXO8dgi8gWqQCQxHMsz13
OjDMo3p6dNBC4chl9P7ACJWRqN2Q2xD6uqbeRq91E82hjo96QQB2r8lqDUuXjYv3
vUt1SiyHofSW6VzD2kB4ozHW/OXvTwDvyfmObZUCCISRwOKFwRVNgm7L9Njr8rQA
qYoxgEU2COi9Luwn7JYECiIkGsSlOjqwnfeEIlfq8dngh7EG0emczwbVRqTnkRwl
GA1CZYBQFUR4rQOljtaBAbSDQFua6v0tTHiJ1fytM0fjEZdDkU5XObFPj8WOmOMj
syxwEm1Ixw6kYoLwL35sKHyORm8u/MqWMakV1DyNLzEO+xGEEhGtLnDoJ7XurLZ4
5S1MkrGyynqOGQ6th7ErMTCleSjiFcd7FeqhzJRJovgK3ZyjeBKDREsgBJwXb1DN
pCVv2gj3q2ZsAGRablXrpVHG7V7Qou9AByMJ8Gr7j4WqBDFhGufXLs9detDtyewh
kNb4nv+fkNA=
=BD5Q
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities

ISC Stormcast For Monday, October 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7214, (Mon, Oct 19th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, October 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7214, (Mon, Oct 19th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/isc-stormcast-for-monday-october-19th-2020-https-isc-sans-edu-podcastdetail-htmlid7214-mon-oct-19th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-october-19th-2020-https-isc-sans-edu-podcastdetail-htmlid7214-mon-oct-19th

ASB-2020.0168.2 – UPDATED ALERT [Win][Mac] Microsoft Office, Microsoft Office Services and Web Apps: Multiple vulnerabilities

Member only content. Please view on site after logging in.
Read More

The post ASB-2020.0168.2 – UPDATED ALERT [Win][Mac] Microsoft Office, Microsoft Office Services and Web Apps: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/asb-2020-0168-2-updated-alert-winmac-microsoft-office-microsoft-office-services-and-web-apps-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2020-0168-2-updated-alert-winmac-microsoft-office-microsoft-office-services-and-web-apps-multiple-vulnerabilities

ESB-2020.3328.2 – UPDATE [Ubuntu] Firefox: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3328.2
                    USN-4546-1: Firefox vulnerabilities
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Firefox
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15678 CVE-2020-15677 CVE-2020-15676
                   CVE-2020-15675 CVE-2020-15674 CVE-2020-15673

Reference:         ESB-2020.3290
                   ESB-2020.3287
                   ESB-2020.3246
                   ESB-2020.3245

Original Bulletin: 
   https://usn.ubuntu.com/4546-1/
   https://usn.ubuntu.com/4546-2/

Comment: This bulletin contains two (2) Ubuntu security advisories.

Revision History:  October   19 2020: USN-4546-2 addresses regressions 
                                      introduced in USN-4546-1
                   September 29 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4546-2: Firefox regressions
15 October 2020

USN-4546-1 caused some minor regressions in Firefox.
Releases

  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Packages

  o firefox - Mozilla Open Source web browser

Details

USN-4546-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, conduct cross-site
scripting (XSS) attacks, spoof the site displayed in the download dialog,
or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o firefox - 81.0.2+build1-0ubuntu0.20.04.1

Ubuntu 18.04

  o firefox - 81.0.2+build1-0ubuntu0.18.04.1

Ubuntu 16.04

  o firefox - 81.0.2+build1-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

  o https://launchpad.net/bugs/1900032

- --------------------------------------------------------------------------------

USN-4546-1: Firefox vulnerabilities
28 September 2020

Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Releases

  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS

Packages

  o firefox - Mozilla Open Source web browser

Details

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, conduct cross-site
scripting (XSS) attacks, spoof the site displayed in the download dialog,
or execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.04

  o firefox - 81.0+build2-0ubuntu0.20.04.1

Ubuntu 18.04

  o firefox - 81.0+build2-0ubuntu0.18.04.1

Ubuntu 16.04

  o firefox - 81.0+build2-0ubuntu0.16.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

  o CVE-2020-15673
  o CVE-2020-15674
  o CVE-2020-15675
  o CVE-2020-15676
  o CVE-2020-15677
  o CVE-2020-15678

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX40ENuNLKJtyKPYoAQitXRAAny/SKSTrA/u5pu85VgIIiz9rcv0dikHw
T9cCgpQce66C3gju++EZTRYkONMyP2C1sXHwS3oylFN2aPuVDnJt7yKVCakEhpaU
WsurQrszhBj5SuISRfM0A506LlGqJfiUh/jVTGyxug8/hBveGpZi2Khn6klWFCgX
SRZrvjwc6j0mmsgGoLUaURDSt0eYPDmtWq8vTHZ5/2Ci4s5noKNQa4cNKqv631hc
J0biKcRgamPW8l1MG5LS6lqQ9STvql+z50CCuT2+FTn6MrusXVVdu7qLMp/ZoW+2
ZQOAmEfR4QiYj7pan85Dflt9VisNeQuuQq4frqhc24Jc5xH9wR9JvkynVg4yGxC8
63H2NcbXCWcB25TxN+cqTt5I20GFb2Y+hSuVR6zoqtwo4xdQddc/FNS8dtrxpr2b
hB0uAtHc1Wg/sJ/9XIBWIgMMBbx8y/JxEMGv/+647z0GRc8LXfTlyxiTPT88u1XJ
HAXuA9YObtwDHvZKR6Glxq47VWUDybdSna/LMchnfQAxwswWgpVu8swIWvLwy3X2
/Yu0dA6hjWC839+q1W2Rp/3+gvag4QQ/c56nXiBiOPF2zyo/LTDogmwHtN3DG6t0
e5cSWTu3DSHkQ98SNLg45oz2gJby8wO8rt6Frn1/+r5tVSLtWix1SQQhmTfHRe9X
omXYOrXlc/M=
=KbdJ
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3328.2 – UPDATE [Ubuntu] Firefox: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2020-3328-2-update-ubuntu-firefox-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3328-2-update-ubuntu-firefox-multiple-vulnerabilities

ESB-2019.1636.3 – UPDATE [Appliance] F5 Products: Increased privileges – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.1636.3
            K00854051:Linux kernel vulnerability CVE-2018-13405
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 Products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Increased Privileges     -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Mitigation
CVE Names:         CVE-2018-13405  

Reference:         ASB-2019.0002
                   ESB-2019.1213
                   ESB-2018.3020
                   ESB-2018.2716

Original Bulletin: 
   https://support.f5.com/csp/article/K00854051

Revision History:  October 19 2020: Fixed versions added to advisory
                   May     14 2019: Added heuristic information for BIG-IP iHealth
                   May     10 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K00854051:Linux kernel vulnerability CVE-2018-13405

Security Advisory

Original Publication Date: 10 May, 2019

Latest   Publication Date: 16 Oct, 2020

Security Advisory Description

The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4
allows local users to create files with an unintended group ownership, in a
scenario where a directory is SGID to a certain group and is writable by a user
who is not a member of that group. Here, the non-member can trigger creation of
a plain file whose group ownership is that group. The intended behavior was
that the non-member can trigger creation of a directory (but not a plain file)
whose group ownership is that group. The non-member can escalate privileges by
making the plain file executable and SGID. (CVE-2018-13405)

Impact

Local users are able to create files with an unintended group ownership,
allowing attackers to escalate privileges and obtain sensitive information that
may aid in further attacks.

Security Advisory Status

F5 Product Development has assigned ID 778049 (BIG-IP and BIG-IQ), and ID
CPF-25082 and CPF-25083 (Traffix SDC) to this vulnerability. Additionally,
BIG-IP iHealth may list Heuristic H00854051 on the Diagnostics > Identified >
Medium page.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases or hotfixes that
address the vulnerability, refer to the following table. For more information
about security advisory versioning, refer to K51812227: Understanding Security
Advisory versioning.

+---------------------+------+----------+----------+--------+------+----------+
|                     |      |Versions  |Fixes     |        |CVSSv3|Vulnerable|
|Product              |Branch|known to  |introduced|Severity|score^|component |
|                     |      |be        |in        |        |1     |or feature|
|                     |      |vulnerable|          |        |      |          |
+---------------------+------+----------+----------+--------+------+----------+
|                     |16.x  |16.0.0    |None      |        |      |          |
|                     +------+----------+----------+        |      |          |
|                     |15.x  |15.1.0    |15.1.1    |        |      |          |
|                     |      |15.0.0    |15.0.1.4  |        |      |          |
|                     +------+----------+----------+        |      |          |
|BIG-IP (LTM, AAM,    |14.x  |14.0.0 -  |None      |        |      |          |
|AFM, Analytics, APM, |      |14.1.0    |          |        |      |Linux     |
|ASM, DNS, Edge       +------+----------+----------+Medium  |4.4   |kernel    |
|Gateway, FPS, GTM,   |13.x  |13.0.0 -  |None      |        |      |(BaseOS)  |
|Link Controller, PEM,|      |13.1.1    |          |        |      |          |
|WebAccelerator)      +------+----------+----------+        |      |          |
|                     |12.x  |12.1.0 -  |None      |        |      |          |
|                     |      |12.1.4    |          |        |      |          |
|                     +------+----------+----------+        |      |          |
|                     |11.x  |11.5.2 -  |None      |        |      |          |
|                     |      |11.6.4    |          |        |      |          |
+---------------------+------+----------+----------+--------+------+----------+
|                     |      |          |          |        |      |Linux     |
|Enterprise Manager   |3.x   |3.1.1     |None      |Medium  |4.4   |kernel    |
|                     |      |          |          |        |      |(BaseOS)  |
+---------------------+------+----------+----------+--------+------+----------+
|                     |6.x   |6.0.0 -   |None      |        |      |          |
|BIG-IQ Centralized   |      |6.1.0     |          |        |      |Linux     |
|Management           +------+----------+----------+Medium  |4.4   |kernel    |
|                     |5.x   |5.0.0 -   |None      |        |      |(BaseOS)  |
|                     |      |5.4.0     |          |        |      |          |
+---------------------+------+----------+----------+--------+------+----------+
|                     |      |          |          |        |      |Linux     |
|F5 iWorkflow         |2.x   |2.3.0     |None      |Medium  |4.4   |kernel    |
|                     |      |          |          |        |      |(BaseOS)  |
+---------------------+------+----------+----------+--------+------+----------+
|                     |      |5.0.0 -   |          |        |      |Linux     |
|Traffix SDC          |5.x   |5.1.0     |None      |Medium  |4.4   |kernel    |
|                     |      |          |          |        |      |(BaseOS)  |
+---------------------+------+----------+----------+--------+------+----------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager

To mitigate this vulnerability, you should permit connectivity access to the
affected F5 products only over a secure network and restrict access for the
affected systems to only trusted users. For more information, refer to the
following articles:

  o K13309: Restricting access to the Configuration utility by source IP
    address (11.x - 14.x)
  o K13092: Overview of securing access to the BIG-IP system
  o K31401771: Restricting access to the BIG-IQ or F5 iWorkflow user interface
    by source IP address
  o K39403510: Managing the port lockdown configuration on the BIG-IQ system

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 13.x)
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix and point release matrix
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents
  o K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4z7sONLKJtyKPYoAQinwA/9EDmu81/ueKBrmYLbN1z7MLh2H45hfY3U
nOfjr0A+6/8xwe6E2GDlU7c+Wj9rSjplvy2N4NUVYSNzZahNGfJklc7etT/C5jR7
eCHVZwbblFHj0FRSFDXk17uh4wuQ3rQl5SOIc5vR/pxZtMu0lmJUxNFzbFyDlGfK
0HGAbQDmcTTgFbUZMTsSIXUq73ftcsuJtV1edICC6KbeBmq0DOor3hFVdITEewoj
2L/PDPV5PNgUWFo00fFYCL7GQqB0AlCXN85UA96nRMh2nSwlS6vgSA3feYNTH4rq
gpf/Hu5GwQ97lXZ1HYXponO7FYj0qh/4p4DAuXJefJnQeyMIAzlRBmyFku4pQlq7
Nk8tJ454RLQZRC7+Nk0qMJ+5GcThacIWUBaYBl4YmjiXQFmr1y/MqE62oSniMi4H
UQYjzrCdNJYNPizw3xoPSdy2bGP67UQNC0q1arUhmWZXIGCdZlXBnyF9taPiITC6
uIXWQdqrIpLQCCV/DtpsdMmNDXoEEBrtlxOmX+fA5YmbDFY6WBEVo04Ynj1n+jpT
+dBgkq/bEQ59v4LAZ0oYeJLV/Epewcd5SBHvoP0ikpusyScnKjV+RSl6X1UVE9gh
Z+o3RN2/Mj/80BjE55p2n+Ig1YSEmdFUmjYnlN6gVCrLDl/+MgTiHsYk4dhNBBp1
oIAtjofTkB8=
=hVf6
-----END PGP SIGNATURE-----

Read More

The post ESB-2019.1636.3 – UPDATE [Appliance] F5 Products: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2019-1636-3-update-appliance-f5-products-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2019-1636-3-update-appliance-f5-products-increased-privileges-existing-account

ESB-2019.3442.3 – UPDATE [Appliance] F5 BIG-IP products: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.3442.3
                  Wireshark vulnerability CVE-2019-12295
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 BIG-IP products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-12295  

Original Bulletin: 
   https://support.f5.com/csp/article/K06725231

Revision History:  October   19 2020: Fixed version added to advisory
                   September 25 2020: Minor advisory update
                   September 11 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K06725231:Wireshark vulnerability CVE-2019-12295

Security Advisory

Original Publication Date: 11 Sep, 2019

Latest   Publication Date: 16 Oct, 2020

Security Advisory Description

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the
dissection engine could crash. This was addressed in epan/packet.c by
restricting the number of layers and consequently limiting recursion. (
CVE-2019-12295)

Impact

An attacker can leverage this issue to stop the affected application and deny
service to legitimate users.

Security Advisory Status

F5 Product Development has assigned ID 818177 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding Security Advisory versioning.

+-------------------+------+----------+----------+----------+------+----------+
|                   |      |Versions  |Fixes     |          |CVSSv3|Vulnerable|
|Product            |Branch|known to  |introduced|Severity  |score^|component |
|                   |      |be        |in        |          |1     |or feature|
|                   |      |vulnerable|          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |16.x  |None      |16.0.0    |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |      |15.1.0    |15.1.1    |          |      |          |
|                   |15.x  |15.0.0 -  |None      |          |      |          |
|                   |      |15.0.1    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|BIG-IP (LTM, AAM,  |      |14.1.0 -  |          |          |      |          |
|AFM, Analytics,    |14.x  |14.1.2    |14.1.2.8  |          |      |          |
|APM, ASM, DNS, Edge|      |14.0.0.3 -|None      |          |      |Wireshark/|
|Gateway, FPS, GTM, |      |14.0.1    |          |Low       |2.0   |tshark    |
|Link Controller,   +------+----------+----------+          |      |          |
|PEM,               |13.x  |13.1.1.2 -|None      |          |      |          |
|WebAccelerator)    |      |13.1.3    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |12.x  |12.1.3.6 -|None      |          |      |          |
|                   |      |12.1.5    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |11.x  |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Enterprise Manager |3.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |7.x   |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
|                   +------+----------+----------+          |      |          |
|BIG-IQ Centralized |6.x   |None      |Not       |Not       |None  |None      |
|Management         |      |          |applicable|vulnerable|      |          |
|                   +------+----------+----------+          |      |          |
|                   |5.x   |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|F5 iWorkflow       |2.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Traffix SDC        |5.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

To mitigate this vulnerability:

  o When analyzing tcpdump files on the BIG-IP system, only analyze files from
    trusted sources.
  o Analyze tcpdump files on a non-F5 host.

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 15.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zwieNLKJtyKPYoAQhXEw//a3DR0wH6jCKmyXqQnUkMozDpYKTbYvin
JSkJ6h1sysRPnQ8YuoWsIxASuDVEAfB3rIshbs8U8ck1c7GcEncPEllM5NWWFrME
eihPbFMeEzNNn6pTjQIHpOCbNVMLreWxazX7y6fE21xr1pC8xf93eLxCamXhAvBN
St7wl7j7EfsOQp6SGU8cvp9bBcSpsSsEUzKEUbpqHVqwi/OK6y1/FG9xBjuuz5JV
R3XSQBx54SyfJmRSytXIbgijfphEFcy1WIiNidplPbJVb2xiDkyrNlYap9HRw6aR
aPe/rhZHXr5WFFw7dMuI8IIR+x8ZkiF3hI6dW5Uru51tngVH/JyCTIUYqeRRpdYa
2bUCAolBOOq29eAlCkpUE/QDr5HmLjbRB0LLuL+444ljjsfM5jldvtdqyDuhlAaS
NJLdFvXwhz176aeo5m7GZSbtZ4FEoNlleDQ7c9xrokXe/NxXK0o63vinOqP8yZDI
Z97AFM04Nc/bqv1vuAhmKjO+FKWROylTGSc5o+KvXfAApV7yxkHWt2IHJiX0Ld/l
t+MTtFk2TBcT5iR16hNbYsPWv3IEZ1UFbSfBY4weBhqUTD9dYrV79191yOyr4Qrd
dN02QlvtwO2Tc8q/XiEL/GQ0WGt6IOzcKhj7DDwmGWfPc7IjnO3f45uzb66YgC3N
dDqEYtTmW+Y=
=uVnC
-----END PGP SIGNATURE-----

Read More

The post ESB-2019.3442.3 – UPDATE [Appliance] F5 BIG-IP products: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2019-3442-3-update-appliance-f5-big-ip-products-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2019-3442-3-update-appliance-f5-big-ip-products-denial-of-service-remote-unauthenticated

ESB-2020.3584 – [Win] Advantech WebAccess/SCADA: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3584
          ICS Advisory (icsa-20-289-01) Advantech WebAccess/SCADA
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Advantech WebAccess/SCADA
Publisher:         ICS-CERT
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25161  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-289-01)

Advantech WebAccess/SCADA

Original release date: October 15, 2020

Legal Notice

All information products included in https://us-cert.gov/ics are provided"as
is" for informational purposes only. The Department of Homeland Security (DHS)
does not provide any warranties of any kind regarding any information contained
within. DHS does not endorse any commercial product or service, referenced in
this product or otherwise. Further dissemination of this product is governed by
the Traffic Light Protocol (TLP) marking in the header. For more information
about TLP, see https://www.us-cert.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 8.8
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: Advantech
  o Equipment: WebAccess/SCADA
  o Vulnerability: External Control of File Name or Path

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to
execute remote code as an administrator.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of WebAccess/SCADA, a browser-based SCADA software
package, are affected:

  o WebAccess/SCADA Versions 9.0 and prior

3.2 VULNERABILITY OVERVIEW

3.2.1 EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73

The WADashboard component of WebAccess/SCADA may allow an attacker to control
or influence a path used in an operation on the filesystem and remotely execute
code as an administrator.

CVE-2020-25161 has been assigned to this vulnerability. A CVSS v3 base score of
8.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:L/UI:N/S:U/
C:H/I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and
    Wastewater Systems
  o COUNTRIES/AREAS DEPLOYED: East Asia, Europe, United States
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

Sivathmican Sivakumaran of Trend Micro's Zero Day Initiative reported this
vulnerability to CISA.

4. MITIGATIONS

Advantech recommends users update to Version 9.0.1 or later.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov . Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zubeNLKJtyKPYoAQgSvQ/9EuDkRMFINXfGqFwLaQ7+nQImpwsKVwnb
tOJD+3+ldHL8Ft7kZg1cWLmWpVsIpvmvxNj6XzAqNVa6MVkcoSlBWBR7ojCDEXac
ZPkUfTpG64p04XaVbex4O99Ecmo16nCmeURta5jLf1M07lTsKSNo04t88Cnla+XA
6V1zSeJgPzfD9m9+UsyU79eyxac/WDKuUPAcykqT8Uc9W5y4hITelllCDB4gAYsB
L2yy3SS4gXHzy1yesbdITyU0doA/wOrgqCjgY2ggSOsHgpbIU2tb+6GdB0GUDAKO
GrGR0BACK4ggCyZjNbpp3talj0VPXRR4/2iGBfe9Qrr8FXx9C6snIksLftGfVsma
Qw8SzC7pHzuwmZlFwvEpHWiB1+Il7Enm4cuCTMCn8McmjigLIk/9qX1skQEx1lc3
dGuuoY7p3zHDA1vln1OQDuo2XY7xIcmgFhHMmuXHDeziFVz02ejsXJmQlwVuwb0A
qhoJz9Ej3b4O43iWT4QRfVIBrK9f8hGlQ2kpJ+DxJJKpK0Kvqe9PEbiNpuxfsfjQ
cBULw/AFP39/O8pSjHiSHP48kQzkb61HwkMFA/jpSGy8XIg8WvpQ+7E1WNJnXMxB
roDJyViJRiM4OaTqnKFhxd8g1tL8PFEYyphPJ/h0OcN6HZ+VUWtwxz++h5flrTbg
K23h9cNbjC0=
=s4O5
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3584 – [Win] Advantech WebAccess/SCADA: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2020-3584-win-advantech-webaccess-scada-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3584-win-advantech-webaccess-scada-execute-arbitrary-code-commands-existing-account

ESB-2019.3310.2 – UPDATE [Appliance] F5 BIG-IP products: Access privileged data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.3310.2
                 Linux kernel vulnerability CVE-2019-10639
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 BIG-IP products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2019-10639  

Reference:         ESB-2019.3117
                   ESB-2019.3084
                   ESB-2019.3010

Original Bulletin: 
   https://support.f5.com/csp/article/K32804955

Revision History:  October   19 2020: Fixed version added to advisory
                   September  2 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K32804955:Linux kernel vulnerability CVE-2019-10639

Security Advisory

Original Publication Date: 31 Aug, 2019

Latest   Publication Date: 16 Oct, 2020

Security Advisory Description

The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows
Information Exposure (partial kernel address disclosure), leading to a KASLR
bypass. Specifically, it is possible to extract the KASLR kernel image offset
using the IP ID values the kernel produces for connection-less protocols (e.g.,
UDP and ICMP). When such traffic is sent to multiple destination IP addresses,
it is possible to obtain hash collisions (of indices to the counter array) and
thereby obtain the hashing key (via enumeration). This key contains enough bits
from a kernel address (of a static variable) so when the key is extracted (via
enumeration), the offset of the kernel image is exposed. This attack can be
carried out remotely, by the attacker forcing the target device to send UDP or
ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a
server to send UDP traffic is trivial if the server is a DNS server. ICMP
traffic is trivial if the server answers ICMP Echo requests (ping). For client
targets, if the target visits the attacker's web page, then WebRTC or gQUIC can
be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this
attack against KASLR became viable in 4.1 because IP ID generation was changed
to have a dependency on an address associated with a network namespace. (
CVE-2019-10639)

Impact

This vulnerability can result in leaking information to a remote user and
potentially defeating KASLR.

Security Advisory Status

F5 Product Development has assigned ID 818213 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding Security Advisory versioning.

+-------------------+------+----------+----------+----------+------+----------+
|                   |      |Versions  |Fixes     |          |CVSSv3|Vulnerable|
|Product            |Branch|known to  |introduced|Severity  |score^|component |
|                   |      |be        |in        |          |1     |or feature|
|                   |      |vulnerable|          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |      |15.1.0    |15.1.1    |          |      |          |
|                   |15.x  |15.0.0 -  |None      |          |      |          |
|                   |      |15.0.1    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|BIG-IP (LTM, AAM,  |14.x  |14.0.0 -  |None      |          |      |          |
|AFM, Analytics,    |      |14.1.2    |          |          |      |          |
|APM, ASM, DNS, Edge+------+----------+----------+          |      |          |
|Gateway, FPS, GTM, |13.x  |13.1.0 -  |None      |Low       |3.7   |Kernel    |
|Link Controller,   |      |13.1.3    |          |          |      |          |
|PEM,               +------+----------+----------+          |      |          |
|WebAccelerator)    |12.x  |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |11.x  |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Enterprise Manager |3.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |7.x   |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
|                   +------+----------+----------+          |      |          |
|BIG-IQ Centralized |6.x   |None      |Not       |Not       |None  |None      |
|Management         |      |          |applicable|vulnerable|      |          |
|                   +------+----------+----------+          |      |          |
|                   |5.x   |None      |Not       |          |      |          |
|                   |      |          |applicable|          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|F5 iWorkflow       |2.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Traffix SDC        |5.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

To mitigate this vulnerability, you should restrict management access to the
BIG-IP system only over a secure network and restrict command line access for
affected systems to only trusted users. For more information, refer to K13309:
Restricting access to the Configuration utility by source IP address (11.x -
15.x) and K13092: Overview of securing access to the BIG-IP system.

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 15.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zth+NLKJtyKPYoAQgNtA/+IFveEVfAVsx+3V6R7D5+XLVgKMIbWeIY
9evvJO5EVjKfwml78Cx9KQZm9xct0wIIktpvTAabUU1RuNNrIZOdw4jqY7fFC3+T
bqzRh9vVxo9tY771kANXTkG1fM4qUYa88QznBF4bGLae5bUTx7q3qWJUlGM/ItPg
yf9fIpfhNcfaB28DPMFMHL2Jk6B7hnLmjvyUGSm/RFXiUIKrresdFwfvpLOz7eEX
U/eOURc9X9IXixNWSrKhgRM5X1mzhk61pMXzufclrp+Uhm6LHRfqw/BwLwgX8EAE
B3+CV1S/3aJgMYeX/wpH/XiglqXtmCkOcrymUI0lmMGdzv0thUIDPt02PU4A08sN
RPP+S1M5SoPx67cBTKNU1Aw53vfDQDJ9C9q5auO+mcosjNuZl3NJavioqWkjDbQj
LcQZYpECrenYX/ONpbLHS8+1tCjJGV8FVXHVhbGWaCC0eGaeeeTO2Q//bQ6JqOw0
2hLdm1RsdOr4cJIDctCppllXoiEa+w8sE+emwhWGXyqZZOey7omW+2VGha9tXdO9
PR8oVBGShlbVSGf4qgPjYqg1Pqsi4BCb+4lw0fQczOK/QpYhnRLruGcBXah9O408
6b/nVcZLU/F8mXV5uc69Fst2bFdJVt9/P33JcGz62BBnzeC4r03ZeAlDo8uWUERH
q4sQi5On8Mw=
=HsS2
-----END PGP SIGNATURE-----

Read More

The post ESB-2019.3310.2 – UPDATE [Appliance] F5 BIG-IP products: Access privileged data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2019-3310-2-update-appliance-f5-big-ip-products-access-privileged-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2019-3310-2-update-appliance-f5-big-ip-products-access-privileged-data-remote-unauthenticated

ESB-2020.3585 – [Win][Linux] Advantech R-SeeNet: Access confidential data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3585
             ICS Advisory (icsa-20-289-02) Advantech R-SeeNet
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Advantech R-SeeNet
Publisher:         ICS-CERT
Operating System:  Windows
                   Linux variants
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25157  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-289-02

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-289-02)

Advantech R-SeeNet

Original release date: October 15, 2020

Legal Notice

All information products included in https://us-cert.gov/ics are provided"as
is" for informational purposes only. The Department of Homeland Security (DHS)
does not provide any warranties of any kind regarding any information contained
within. DHS does not endorse any commercial product or service, referenced in
this product or otherwise. Further dissemination of this product is governed by
the Traffic Light Protocol (TLP) marking in the header. For more information
about TLP, see https://www.us-cert.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.5
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: Advantech
  o Equipment: R-SeeNet
  o Vulnerability: SQL Injection

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow remote attackers to
retrieve sensitive information from the R-SeeNet database.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of R-SeeNet, a monitoring application, are affected:

  o R-SeeNet Versions 1.5.1 through 2.4.10

3.2 VULNERABILITY OVERVIEW

3.1.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USE IN AN SQL COMMAND ('SQL
INJECTION') CWE-89

The R-SeeNet webpage suffers from SQL injection, which allows a remote attacker
to invoke queries on the database and retrieve sensitive information.

CVE-2020-25157 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:N/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and
    Wastewater Systems
  o COUNTRIES/AREAS DEPLOYED: East Asia, Europe, Middle East, South America,
    United States
  o COMPANY HEADQUARTERS LOCATION: Taiwan

3.4 RESEARCHER

rgod working with Trend Micro's Zero Day Initiative reported this vulnerability
to CISA.

4. MITIGATIONS

Advantech recommends updating to Version 2.4.11 or later. See Advantech Czech's
security advisory for more information.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.gov . Several recommended practices are available
for reading and download, including Improving Industrial Control Systems
Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zut+NLKJtyKPYoAQhIaQ/+OYGg3Lhr8xgr0/X2kKV/ucXMwN6O1Qz3
7izQSRDAs3S+1di8lbC8AHTLn4bP9m5R3/TRwX08qBlfyykynfF6c5rfDb5MhBPg
m18jIGe0X8ea2cjNMs5/O9EhYQ5F+hVt3P1McH+PVvnj2Li3NhgbJNt32oM0wGmQ
QpdKjxAr6TY4SdNBjGm9ar09TcqESSxLM/k8oCQcfXYl5N5dTNk0EiiVoFpYHEen
D6q5boZ4VfB1ZqMtlZ511Yg1WeNPdty7EkzOKKeDi6g0w+Znn3eyQPAgTa81r/ji
eQveBp5wzCQDHlVIk+xutlzG8a7pTDYa3KQIIx/LM1hvt2sKG/rAlq4Hr0mh95tT
VcOoCmhDOa1+7yq3l2RyBNlFG8jtuAOoAHMA7dVVnVsbVRuCFAOEiUWfjxfNFWz+
9JwNqvMO/2hdQ/Bf2SwBdkT2I3ykQFz9z2cI6u+sc5XlgjQfnRustL5dmfq++MC4
Q4QUBTjxb5s69+VhJ155xOwFudUyBprkiCmxRfx2oQvGLnVbf1iz7sE56kXzmrki
eYlzikhpeVT+igw1j508654CxtIssYqDGNTc4sLscE6tizUJEC/fvrZLp4s/S3HS
mMmdePNgHJLtCaQKfPZcuT9ab0p2U39V+1/JPShp7GvnvZuARwngXiWKKvx730zn
YvB/94w908U=
=75iS
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3585 – [Win][Linux] Advantech R-SeeNet: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2020-3585-winlinux-advantech-r-seenet-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3585-winlinux-advantech-r-seenet-access-confidential-data-remote-unauthenticated

ESB-2019.4290.4 – UPDATE [Appliance] F5 Products: Execute arbitrary code/commands – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.4290.4
                lodash library vulnerability CVE-2019-10744
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5 Products
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-10744  

Reference:         ESB-2019.3809

Original Bulletin: 
   https://support.f5.com/csp/article/K47105354

Revision History:  October  19 2020: Fixed versions added to advisory
                   May      15 2020: Vendor updated fixed version details
                   April    23 2020: Fixes introduced for BIG-IP products
                   November 14 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K47105354:Lodash library vulnerability CVE-2019-10744

Security Advisory

Original Publication Date: 14 Nov, 2019

Latest   Publication Date: 16 Oct, 2020

Security Advisory Description

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties
of Object.prototype using a constructor payload. (CVE-2019-10744)

Impact

An attacker can use Function inside of vulnerable versions of lodash to execute
malicious code using the Traffic Management User Interface (TMUI) or iControl
REST API.

Security Advisory Status

F5 Product Development has assigned ID 838677 (BIG-IP), ID 846917 (F5
Analytics, ID 831789 (BIG-IQ), and ID 839453 (iControl REST) to this
vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding Security Advisory versioning.

+---------------+------+----------+----------+----------+------+--------------+
|               |      |Versions  |Fixes     |          |CVSSv3|Vulnerable    |
|Product        |Branch|known to  |introduced|Severity  |score^|component or  |
|               |      |be        |in        |          |1     |feature       |
|               |      |vulnerable|          |          |      |              |
+---------------+------+----------+----------+----------+------+--------------+
|               |16.x  |None      |16.0.0    |          |      |              |
|               +------+----------+----------+          |      |              |
|               |      |15.1.0    |15.1.0.2  |          |      |              |
|               |15.x  |15.0.0 -  |15.0.1.4  |          |      |              |
|BIG-IP (LTM,   |      |15.0.1    |          |          |      |              |
|AAM, AFM, APM, +------+----------+----------+          |      |              |
|ASM, DNS, Edge |14.x  |14.1.0 -  |14.1.2.5  |          |      |              |
|Gateway, FPS,  |      |14.1.2    |          |          |      |TMUI          |
|GTM, Link      +------+----------+----------+High      |8.1   |(Configuration|
|Controller,    |13.x  |13.1.0 -  |13.1.3.4  |          |      |utility)      |
|PEM,           |      |13.1.3    |          |          |      |              |
|WebAccelerator)+------+----------+----------+          |      |              |
|               |12.x  |None      |Not       |          |      |              |
|               |      |          |applicable|          |      |              |
|               +------+----------+----------+          |      |              |
|               |11.x  |None      |Not       |          |      |              |
|               |      |          |applicable|          |      |              |
+---------------+------+----------+----------+----------+------+--------------+
|               |16.x  |None      |16.0.0    |          |      |              |
|               +------+----------+----------+          |      |              |
|               |15.x  |15.0.0 -  |15.1.1    |          |      |              |
|               |      |15.1.0    |          |          |      |              |
|BIG-IP (LTM,   +------+----------+----------+          |      |              |
|AVR, AAM, AFM, |14.x  |14.1.0 -  |14.1.2.5  |          |      |              |
|APM, ASM, DNS, |      |14.1.2    |          |          |      |              |
|Edge Gateway,  +------+----------+----------+High      |8.1   |iControl REST |
|FPS, GTM, Link |13.x  |13.1.0 -  |None      |          |      |services      |
|Controller,    |      |13.1.3    |          |          |      |              |
|PEM,           +------+----------+----------+          |      |              |
|WebAccelerator)|12.x  |12.1.0 -  |12.1.5.2  |          |      |              |
|               |      |12.1.5    |          |          |      |              |
|               +------+----------+----------+          |      |              |
|               |11.x  |None      |Not       |          |      |              |
|               |      |          |applicable|          |      |              |
+---------------+------+----------+----------+----------+------+--------------+
|               |16.x  |None      |16.0.0    |          |      |              |
|               +------+----------+----------+          |      |              |
|               |      |15.1.0    |15.1.0.2  |          |      |              |
|               |15.x  |15.0.0 -  |15.0.1.3  |          |      |              |
|               |      |15.0.1    |          |          |      |              |
|               +------+----------+----------+          |      |              |
|               |14.x  |14.1.0 -  |None      |          |      |              |
|BIG-IP (F5     |      |14.1.2    |          |          |      |TMUI          |
|Analytics)     +------+----------+----------+High      |8.1   |(Configuration|
|               |13.x  |13.1.0 -  |None      |          |      |utility)      |
|               |      |13.1.3    |          |          |      |              |
|               +------+----------+----------+          |      |              |
|               |12.x  |12.1.0 -  |None      |          |      |              |
|               |      |12.1.5    |          |          |      |              |
|               +------+----------+----------+          |      |              |
|               |11.x  |None      |Not       |          |      |              |
|               |      |          |applicable|          |      |              |
+---------------+------+----------+----------+----------+------+--------------+
|Enterprise     |3.x   |None      |Not       |Not       |None  |None          |
|Manager        |      |          |applicable|vulnerable|      |              |
+---------------+------+----------+----------+----------+------+--------------+
|               |7.x   |7.0.0     |None      |          |      |TMUI          |
|BIG-IQ         +------+----------+----------+          |      |(Configuration|
|Centralized    |6.x   |6.0.0 -   |None      |Medium    |4.8   |utility)      |
|Management     |      |6.1.0     |          |          |      |iControl REST |
|               +------+----------+----------+          |      |services      |
|               |5.x   |5.4.0     |None      |          |      |              |
+---------------+------+----------+----------+----------+------+--------------+
|               |      |          |          |          |      |TMUI          |
|               |      |          |          |          |      |(Configuration|
|F5 iWorkflow   |2.x   |2.3.0     |None      |Medium    |4.8   |utility)      |
|               |      |          |          |          |      |iControl REST |
|               |      |          |          |          |      |services      |
+---------------+------+----------+----------+----------+------+--------------+
|Traffix SDC    |5.x   |None      |Not       |Not       |None  |None          |
|               |      |          |applicable|vulnerable|      |              |
+---------------+------+----------+----------+----------+------+--------------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

None

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 15.x)
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix and point release matrix
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents
  o K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zvKeNLKJtyKPYoAQhZxw//TGDnCFh8v9miexgOi8VNrYztYCVhHIMY
SVB/1qnK4lgQV7kSrHkPBrSycWKriKiT3etRn40tnc4wgI+3NHHXgFMcbXtgljhi
PPZMAgN39KDk0IjDDRXsbgoyF6j8O2giim/IiGXNDxu1yRBqouYdPSJ+gcIba7w3
8+moczY+PoIdUjKw0Ptp/AzzXqzN+TcuwKBeegv4hNT7oNhyiGPBja9ftG6HxQTD
XZIatbMTdFonAxP3Oyn8RWosWKt+ukKaJdqBdR6dTPd4wGjTodGK9eWAj/M/MsPt
q0274rrU6Zidjle4uPm0BNg6ixCO0Y0xitlgym792aMknQp7bBeES4tqQ98z/n7L
L6XLKBmbZhhKxSmkUBBzUdzN2NWLYJiBhmPk0ZyEpOULWvc7P8qhC8nZQCZFfTaY
A/APhGxbFqKV1EmXaXyKtpIfAIeRtZg1nqF9kzb29p3H1zoyDBEGVtZDjXkK9V66
vKzspoyuwMILcHk7LGWWWoDs4hQ+v4tn12nntojZpYiSa5DvujbvVbdXhmw1fmP6
hK9NxaxTy6Vj2o7LStmPNLa1TgOXLbRJCXD1K6MSl3dVk1lE63+8SuZFNOqs5TIU
2nB+pGLerAGdfcR71poRmIj6mAW+a4b3TkylW4TxyyFPfFKqXFjsiDDKVhZuVw8G
f9JepzNe1PU=
=u2tS
-----END PGP SIGNATURE-----

Read More

The post ESB-2019.4290.4 – UPDATE [Appliance] F5 Products: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2019-4290-4-update-appliance-f5-products-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2019-4290-4-update-appliance-f5-products-execute-arbitrary-code-commands-remote-unauthenticated

ESB-2020.2923.2 – UPDATE [Appliance] BIG-IP AFM Configuration utility: Access confidential data – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2923.2
                  BIG-IP AFM vulnerability CVE-2020-5920
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP AFM Configuration utility
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-5920  

Original Bulletin: 
   https://support.f5.com/csp/article/K25160703

Revision History:  October 19 2020: Fixed versions added to advisory
                   August  26 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

K25160703:BIG-IP AFM vulnerability CVE-2020-5920

Security Advisory

Original Publication Date: 26 Aug, 2020

Latest   Publication Date: 16 Oct, 2020

Security Advisory Description

A vulnerability in the BIG-IP AFM Configuration utility may allow any
authenticated BIG-IP user to perform a read-only blind SQL injection attack. (
CVE-2020-5920)

Impact

An attacker may be able to extract table name enumeration and user account
names. All other data available through the injection is already available to
an attacker through normal mechanisms.

Security Advisory Status

F5 Product Development has assigned ID 852929 (BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding Security Advisory versioning.

+----------------+------+----------+----------+----------+------+-------------+
|                |      |Versions  |Fixes     |          |CVSSv3|Vulnerable   |
|Product         |Branch|known to  |introduced|Severity  |score^|component or |
|                |      |be        |in        |          |1     |feature      |
|                |      |vulnerable|          |          |      |             |
+----------------+------+----------+----------+----------+------+-------------+
|                |16.x  |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
|                +------+----------+----------+          |      |             |
|                |      |15.1.0    |15.1.1    |          |      |             |
|                |15.x  |15.0.0 -  |None      |          |      |             |
|                |      |15.0.1    |          |          |      |             |
|                +------+----------+----------+          |      |             |
|                |14.x  |14.1.0 -  |None      |          |      |             |
|BIG-IP AFM      |      |14.1.2    |          |Low       |3.8   |Configuration|
|                +------+----------+----------+          |      |utility      |
|                |13.x  |13.1.0 -  |None      |          |      |             |
|                |      |13.1.3    |          |          |      |             |
|                +------+----------+----------+          |      |             |
|                |12.x  |12.1.0 -  |12.1.5.2  |          |      |             |
|                |      |12.1.5    |          |          |      |             |
|                +------+----------+----------+          |      |             |
|                |11.x  |11.5.2 -  |11.6.5.2  |          |      |             |
|                |      |11.6.5    |          |          |      |             |
+----------------+------+----------+----------+----------+------+-------------+
|                |16.x  |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
|                +------+----------+----------+          |      |             |
|                |15.x  |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
|BIG-IP (LTM,    +------+----------+----------+          |      |             |
|AAM, Advanced   |14.x  |None      |Not       |          |      |             |
|WAF, Analytics, |      |          |applicable|Not       |      |             |
|APM, ASM, DDHD, +------+----------+----------+vulnerable|None  |None         |
|DNS, FPS, GTM,  |13.x  |None      |Not       |          |      |             |
|Link Controller,|      |          |applicable|          |      |             |
|PEM, SSLO)      +------+----------+----------+          |      |             |
|                |12.x  |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
|                +------+----------+----------+          |      |             |
|                |11.x  |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
+----------------+------+----------+----------+----------+------+-------------+
|                |7.x   |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
|BIG-IQ          +------+----------+----------+          |      |             |
|Centralized     |6.x   |None      |Not       |Not       |None  |None         |
|Management      |      |          |applicable|vulnerable|      |             |
|                +------+----------+----------+          |      |             |
|                |5.x   |None      |Not       |          |      |             |
|                |      |          |applicable|          |      |             |
+----------------+------+----------+----------+----------+------+-------------+
|Traffix SDC     |5.x   |None      |Not       |Not       |None  |None         |
|                |      |          |applicable|vulnerable|      |             |
+----------------+------+----------+----------+----------+------+-------------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

None

Acknowledgements

F5 would like to acknowledge Piotr Madej of Afine for bringing this issue to
our attention and for following the highest standards of coordinated
disclosure.

Supplemental Information

o K51812227: Understanding Security Advisory versioning
  o K41942608: Overview of Security Advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4zrMuNLKJtyKPYoAQgu9xAArSlxSz7b83cUvVf877s/V2s74Hig+Hoo
4/6Zx7/LlW9UGs/ir5KzjQm33iC0GiP6Bv6dN1sNBo52w/f07bkCoNVOT0LYgxsJ
YQOrNDJ4DEERxKqHiNwMDBqy3Fh4l54dd8M7h32TVOgMtIdw1w5zeceTwJprttMR
iLI+RteberQbyxFIOXIt1k4E6EHsdVwQ9q6lnRl2Oq2D3tI9PhaCiXnudxF8UYB0
OJaw9HQ7Kh7aJcXyk9E5wJQqVSVsq9a7pMvqKB43Js5xuOKe8cLvyvk3/2wTHpyc
TTr0Okms1fZ2TtmwWmSTdpM12DUUiKiXzodSeU09I8mItByGqM5YO4LuHUjny1hJ
bL0IA5avz//Lb20HtRnTTu/QA09NRkxAyaFY/q/HNCqOjrPGbWbCpSrX6k/joLQ2
nDULLDv5QfSht4QVhgPkp8mM9pcud5BEtqDoq9u3vQtMu7ZNJ/CBdI2nBLkuaWnu
TGhPxon4ypYTwuI7Sy9qjjjlqMrPN3HdWFwfhu/o8fu8G7cgcgBRQ5oFVAdQBuVW
zfBSbr10umJKVjc9TBygmhIHe1euDgw7+r01yWuLMYW3FS4XylnbvNirk2oevuWs
2Yb3+9mstijbGWKQsX6Q0/fGROmMBYbb8fMfsaVrrcsqyhACt9qMKU6aJeeUN1oN
5667kNmodRA=
=331+
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.2923.2 – UPDATE [Appliance] BIG-IP AFM Configuration utility: Access confidential data – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/esb-2020-2923-2-update-appliance-big-ip-afm-configuration-utility-access-confidential-data-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2923-2-update-appliance-big-ip-afm-configuration-utility-access-confidential-data-existing-account

Network Security News Summary for Monday October 19 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday October 19 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/18/network-security-news-summary-for-monday-october-19-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-october-19-2020