27 November 2020

Vulnerability summary for the week: November 27, 2020


Vulnerability summary for the week: November 27, 2020

The WebKitGTK and WPE WebKit team released updates to address several flaws in the server applications, four of which (CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-13584) are use-after-free, out-of-bounds-write, and type confusion vulnerabilities that can lead to remote code execution. The remaining vulnerability (CVE-2020-9952) is a cross-site scripting bug, which exists due to insufficient sanitization of user-supplied data in WebKit component in Apple Safari.

cPanel released patches to fix three vulnerabilities in cPanel & WebHost Manager (WHM), including one leading to two-factor authentication bypass. The 2FA bypass issue could allow attackers to perform brute-force attacks on cPanel & WHM. The issue affects cPanel & WHM builds before 11.86.0.32, 11.90.0.17, 11.92.0.2.

A couple of vulnerabilities were found in Intel AMT and ISM up to 14.0.45, 12.0.70, 11.22.80, 11.12.80, 11.8.80. Out-of-bounds write (CVE-2020-8754) in subsystem for Intel AMT, Intel ISM may allow a remote user to trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges. The second vulnerability (CVE-2020-8753) is rated as medium risk and could be exploited to gain access to sensitive data.

A high risk flaw was discovered in Zyxel firewalls and access points, which, if exploited, could allow a remote attacker to take over the system. The flaw impacts the following software versions:

  • VPN series: 4.30, 4.55, before 4.39 week38, 10.03 patch 1

  • USG series: 4.30, 4.55, before 4.39 week38

  • USG FLEX series: 4.30, 4.55, before 4.55 week38

  • Unified Pro series: before 6.10 patch 8

  • Unified series: before 6.10 patch 8

  • Standalone series: before 6.10 patch 8

The Drupal team patched two remote code execution bugs (CVE-2020-28949, CVE-2020-28948). The first one exists due to improper sanitization of the user-supplied input when processing URI handlers in filenames, while the latter stems from insecure input validation when processing serialized data, related to case sensitivity issues (e.g. "phar:" protocol is blocked, however "PHAR:" is not).

Systems running Windows 7 and Server 2008 R2 are vulnerable to a local privilege escalation issue related to incorrect permissions set for two registry keys for the RPC Endpoint Mapper and DNSCache services. A local user can modify keys and leverage behavior of other system services to load a malicious DLL and execute arbitrary code with SYSTEM privileges. The vulnerability affects Windows versions 7, 7 SP1, and Windows Server 2008, 2008 R2, 2008 R2 SP1, 2008 SP2.

Red Hat OpenShift Container Platform contains more than a dozen vulnerabilities, the most notable of which is CVE-2020-15999. The flaw affects Red Hat OpenShift Container Platform releases before 4.5.20 and allows a remote attacker to take control over the vulnerable system. Note, this vulnerability is being exploited in the wild.

A command injection vulnerability (CVE-2020-11830) was found in OPPO QualityProtect 2.0 solution, which allows a remote attacker to execute arbitrary shell commands on the target system. The vulnerability exists due to improper input validation in com.oppo.qualityprotect. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system. Additionally, OPPO OvoiceManager and OPPO com.coloros.codebook contain high risk flaws (CVE-2020-11831, CVE-2020-11829 accordingly), using which a remote attacker can elevate their privileges on the system.

Also, remote code execution vulnerabilities were reported in the Fuji Electric V-Server Lite (CVE-2020-25171) and Rockwell Automation FactoryTalk Linx (CVE-2020-27251) software.

Back to the list

Latest Posts

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

The attacks target users in organizations located in the United States, Canada, Austria, and Germany.
18 January 2021
EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA: Hackers leaked modified COVID-19 vaccine documents to undermine trust in vaccines

EMA said that COVID-19 vaccine documents stolen from its servers in a recent cyber attack have been manipulated.
18 January 2021
Joker’s Stash, the largest carding marketplace, will shut down next month

Joker’s Stash, the largest carding marketplace, will shut down next month

The Joker’s Stash operators said that all the data will be wiped out from their servers after February 15th, 2021.
18 January 2021