ISHACK AI BOT

Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518) Disclosed 10/31/2023 Created 12/18/2023 Description This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator. This module uses the administrator account to install a malicious .jsp servlet plugin which the user can trigger to gain code execution on the target in the context of the of the user running the confluence server. Author(s) Atlassian jheysel-r7 Development Source Code History

Red Hat: CVE-2023-3961: samba: smbd allows client access to unix domain sockets on the file system as root (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/31/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-3961 RHSA-2023:6209 RHSA-2023:6744 RHSA-2023:7371 RHSA-2023:7408 RHSA-2023:7464 RHSA-2023:7467 View more

pfSense: pfSense-SA-23_09.webgui: XSS vulnerability in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/31/2023 Created 11/08/2023 Added 11/07/2023 Modified 11/08/2023 Description A potential Cross-Site Scripting (XSS) vulnerability was found in status_logs_filter_dynamic.php, a component of the pfSense Plus and pfSense CE software GUI. The page does not always validate or sanitize the value of the "interface" variable from user input when using RAW mode ("filtersubmit=1"), which then may be printed without encoding inside a block of JavaScript code. This problem is present on pfSense Plus version 23.05.1, pfSense CE version 2.7.0, and earlier versions of both. Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised. The user must be logged in and have sufficient privileges to access status_logs_filter_dynamic.php. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_09.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/14548

Red Hat: CVE-2023-4091: samba: SMB clients can truncate files with read-only permissions (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 10/31/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/30/2025 Description A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-4091 RHSA-2023:6209 RHSA-2023:6744 RHSA-2023:7371 RHSA-2023:7408 RHSA-2023:7464 RHSA-2023:7467 View more

FreeBSD: VID-A1E27775-7A61-11EE-8290-A8A1599412C6 (CVE-2023-5480): chromium -- multiple vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/31/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5480

FreeBSD: VID-A1E27775-7A61-11EE-8290-A8A1599412C6 (CVE-2023-5855): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/31/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5855

FreeBSD: VID-A1E27775-7A61-11EE-8290-A8A1599412C6 (CVE-2023-5852): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/31/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5852

FreeBSD: VID-4F370C80-79CE-11EE-BE8E-589CFC0F81B0 (CVE-2023-5863): phpmyfaq -- multiple vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/31/2023 Created 11/07/2023 Added 11/03/2023 Modified 01/28/2025 Description Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Solution(s) freebsd-upgrade-package-phpmyfaq-php80 freebsd-upgrade-package-phpmyfaq-php81 freebsd-upgrade-package-phpmyfaq-php82 freebsd-upgrade-package-phpmyfaq-php83 References CVE-2023-5863

FreeBSD: VID-A1E27775-7A61-11EE-8290-A8A1599412C6 (CVE-2023-5856): chromium -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/31/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5856

Debian: CVE-2023-3955: kubernetes -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/31/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. Solution(s) debian-upgrade-kubernetes References https://attackerkb.com/topics/cve-2023-3955 CVE - 2023-3955

Amazon Linux AMI 2: Security patch for containerd (ALASECS-2023-017) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/31/2023 Created 03/06/2024 Added 03/05/2024 Modified 03/05/2024 Description Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Solution(s) amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress References AL2/ALASECS-2023-017

pfSense: pfSense-SA-23_10.webgui: Authenticated Command Execution in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/31/2023 Created 11/08/2023 Added 11/07/2023 Modified 11/08/2023 Description A potential authenticated arbitrary command execution vulnerability was found in interfaces_gif_edit.php and interfaces_gre_edit.php, components of the pfSense Plus and pfSense CE software GUI. When creating or editing a GIF interface on interfaces_gif_edit.php or a GRE interface on interfaces_gre_edit.php, the submitted POST "gifif" or "greif" value is not validated. Subsequently, the value is passed to another function where the submitted value is used in shell commands. This problem is present on pfSense Plus version 23.05.1, pfSense CE version 2.7.0, and earlier versions of both. Due to a lack of escaping on commands in the functions being called, it is possible to execute arbitrary commands with a properly formatted submission value for "gifif" or "greif" in POST operations. The user must be logged in and have sufficient privileges to access either interfaces_gif_edit.php or interfaces_gre_edit.php. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_10.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/14549

FreeBSD: VID-4F370C80-79CE-11EE-BE8E-589CFC0F81B0 (CVE-2023-5865): phpmyfaq -- multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/31/2023 Created 11/07/2023 Added 11/03/2023 Modified 01/28/2025 Description Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Solution(s) freebsd-upgrade-package-phpmyfaq-php80 freebsd-upgrade-package-phpmyfaq-php81 freebsd-upgrade-package-phpmyfaq-php82 freebsd-upgrade-package-phpmyfaq-php83 References CVE-2023-5865

FreeBSD: VID-A1E27775-7A61-11EE-8290-A8A1599412C6 (CVE-2023-5858): chromium -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/31/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-5858

Red Hat: CVE-2023-42669: samba: "rpcecho" development server allows denial of service via sleep() call on AD DC (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/31/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/30/2025 Description A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-42669 RHSA-2023:6209 RHSA-2023:6744 RHSA-2023:7371 RHSA-2023:7408 RHSA-2023:7464 RHSA-2023:7467 View more

Huawei EulerOS: CVE-2023-46361: jbig2dec security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/31/2023 Created 11/27/2024 Added 11/26/2024 Modified 01/28/2025 Description Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. Solution(s) huawei-euleros-2_0_sp12-upgrade-jbig2dec huawei-euleros-2_0_sp12-upgrade-jbig2dec-help References https://attackerkb.com/topics/cve-2023-46361 CVE - 2023-46361 EulerOS-SA-2024-2928

Cisco ASA: CVE-2023-20247: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Multiple Certificate Authentication Bypass Vulnerability Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 11/01/2023 Created 11/10/2023 Added 11/07/2023 Modified 12/02/2024 Description A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile. Solution(s) cisco-asa-update-latest References https://attackerkb.com/topics/cve-2023-20247 CVE - 2023-20247 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-multi-cert-dzA3h5PT cisco-sa-asaftd-multi-cert-dzA3h5PT

Huawei EulerOS: CVE-2023-5178: kernel security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/01/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-5178 CVE - 2023-5178 EulerOS-SA-2023-3275

Cisco FTD: CVE-2023-20270: Cisco Firepower Threat Defense Software SMB Protocol Snort 3 Detection Engine Bypass and Denial of Service Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20270 CVE - 2023-20270 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-smbsnort3-dos-pfOjOYUV cisco-sa-ftd-smbsnort3-dos-pfOjOYUV

Google Chrome Vulnerability: CVE-2023-5857 Inappropriate implementation in Downloads Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5857 CVE - 2023-5857 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

CentOS Linux: CVE-2023-3972: Important: insights-client security update (CESA-2023:6795) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). Solution(s) centos-upgrade-insights-client References CVE-2023-3972

OS X update for iCloud Photo Library (CVE-2022-46710) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 11/01/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet. Solution(s) apple-osx-upgrade-13_1 References https://attackerkb.com/topics/cve-2022-46710 CVE - 2022-46710 https://support.apple.com/kb/HT213532

Microsoft Edge Chromium: CVE-2023-5480 Inappropriate implementation in Payments Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/01/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-5480 CVE - 2023-5480 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5480

Oracle Linux: CVE-2023-46724: ELSA-2024-0046:squid:4 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 01/06/2024 Added 01/04/2024 Modified 01/07/2025 Description Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid oracle-linux-upgrade-squid-migration-script oracle-linux-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-46724 CVE - 2023-46724 ELSA-2024-0046 ELSA-2024-1787 ELSA-2024-0071

Cisco FTD: CVE-2023-20244: Cisco Firepower Threat Defense Software for Cisco Firepower 2100 Series Firewalls Inspection Rules Denial of Service Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/01/2023 Created 02/07/2025 Added 01/29/2025 Modified 02/12/2025 Description A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state. Solution(s) cisco-ftd-upgrade-latest References https://attackerkb.com/topics/cve-2023-20244 CVE - 2023-20244 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-intrusion-dos-DfT7wyGC cisco-sa-ftd-intrusion-dos-DfT7wyGC