by CIRT Team
Critical Alert: A Vulnerability in Adobe Flash Player Could Allow for Remote Code Execution (APSA18-01)
Description: A vulnerability has been discovered in Adobe Flash Player that could allow for remote code execution. This vulnerability occurs due to a use-after-free error (CVE-2018-4878). Adobe is scheduled to release a patch to address this vulnerability during the week of February 5th, 2018. In the meantime, Adobe has provided mitigation steps that are listed in the recommendations section below. Impact: Successful exploitation of this...
Read More
by CIRT Team
A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution (CVE-2018-5124)
Description: A vulnerability has been identified in Mozilla Firefox, which could allow for arbitrary code execution. A Content Security Policy (CSP) is not properly enforced on chrome-privileged documents, which are used by extensions in Mozilla FireFox. An attacker could exploit this vulnerability by enticing a user running a vulnerable version of the application to follow a specially crafted link designed to trigger this issue. Impact:...
Read More
by CIRT Team
ISC BIND announced CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash
Description: CVE-2017-3145 is a denial-of-service vector which can potentially be exploited against ISC BIND servers, causing them to crash. The underlying flaw has existed since BIND 9.0.0 but is not known to be reachable in any version prior to those containing the fix for CVE-2017-3137 [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1], and...
Read More
by CIRT Team
Cisco Unified Customer Voice Portal Denial of Service Vulnerability (CVE-2018-0086)
Description: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP...
Read More
by CIRT Team
Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability (CVE-2018-0095)
Description: A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration...
Read More
by CIRT Team
Cisco NX-OS Software Pong Packet Denial of Service Vulnerability (CVE-2018-0102)
Description: A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from...
Read More
by CIRT Team
Critical Alert: A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution (CVE-2017-2741)
Description: A vulnerability has been discovered in HP products, which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. Impact: This vulnerability could potentially be exploited to execute arbitrary code. System affected : HP PageWide Managed MFP P57750dw, J9V82A, J9V82B, J9V82C,...
Read More
by CIRT Team
Critical Alert: Cisco Adaptive Security Appliance RCE and Denial of Service Vulnerability (CVE-2018-0101)
Description: A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Impact: The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An...
Read More
by CIRT Team
Mozilla Releases Security Update!
Description: Mozilla! has released security updates to address multiple vulnerabilities for the following software : Firefox ESR 52.6 Firefox 58 Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
by CIRT Team
Apple Releases Security Updates !
Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : Safari 11.0.3 watchOS 4.2.2 iOS 11.2.5 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan tvOS 11.2.5 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory...
Read More
