OpenSSL Releases Patch for High-Severity Bug that Could Lead to RCE Attacks
Description:
The maintainers of the OpenSSL project have released patches to address a high-severity bug in the cryptographic library that could potentially lead to remote code execution under certain scenarios.
The issue, identified as CVE-2022-2274, has been described as a case of heap memory corruption with RSA private key operation that was introduced in OpenSSL version 3.0.4.The flaw could lead to memory corruption during computation that could be weaponized by an attacker to trigger remote code execution on the machine performing the computation.
CVE_IDs:
- CVE-2022-2274
Source:
OpenSSL
Releases Patch for High-Severity Bug that Could Lead to RCE Attacks
Impact:
The flaw could lead to memory corruption during
computation which can be weaponized to trigger remote code execution.
Suggestions and Recommendations:
Users of the library are recommended to upgrade
to OpenSSL version 3.0.5 to mitigate any potential threats.
Cisco Release Security Patches for Multiple Products.
Description:
Cisco has rolled out patches for multiple security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks.
The issues tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. According to the CISCO the vulnerability is due to insufficient input validation of user-supplied command arguments
The flaw tracked as CVE-2022-20812 is concerns with a case of arbitrary file overwrite in the cluster database API. This requires the authenticated, remote attacker to have Administrator read-write privileges on the application so as to be able to mount path traversal attacks as a root user
The flaw tracked as CVE-2022-20813 has been described as a null byte poisoning flaw arising due to improper certificate validation. This could be weaponized by an attacker to stage a man-in-the-middle (MitM) attack and gain unauthorized access to sensitive data.CVE_IDs:
- CVE-2022-20812
- CVE-2022-20813
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Impact:Successful exploitation of the flaw could enable the adversary to overwrite arbitrary files on the underlying operating system.
Suggestions and Recommendations:
Cisco has released software updates that address this vulnerability. Users are recommended to apply the fixes.
Google Chrome Browser released Patch for New Zero-Day Exploit Detected in the Wild.Description:
A patch for high-severity zero-day
vulnerability has been released for Chrome web browser. The flaw tracked
as CVE-2022-2294 is related to a heap overflow flaw in
the WebRTC component that provides real-time audio and video
communication capabilities in browsers without the need to install plugins or
download native apps. Heap buffer overflows, also referred to as heap overrun
or heap smashing, occur when data is overwritten in the heap area of the
memory, leading to arbitrary code execution or a denial-of-service (DoS)
condition.
CVE_IDs:
- CVE-2022-2294
Source:
Update
Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild
(thehackernews.com)
Impact:
Successful exploitation of the flaw could lead
to arbitrary code execution or a denial-of-service (DoS) condition.
Suggestions and Recommendations:
Users are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.
Unrar Path Traversal Vulnerability affects Zimbra Mail.
Description:
A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw tracked as CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.
An attacker is able to create files outside of the target extraction directory when an application or victim user extracts an untrusted archive.
The vulnerability is related to a symbolic link attack in which a RAR archive is crafted such that it contains a symlink that's a mix of both forward slashes and backslashes (e.g., "..\..\..\tmp/shell") so as to bypass current checks and extract it outside of the expected directory.
An attacker can write arbitrary files anywhere on the target filesystem, including creating a JSP shell in Zimbra's web directory and execute malicious commands by taking the advantages of this behaviour.
The only requirement for this attack is that
UnRAR is installed on the server, which is expected as it is required for RAR
archive virus-scanning and spam-checking.
CVE_IDs:
-
CVE-2022-30333
Source:
New
UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers
(thehackernews.com)
Impact:
Successful exploitation of the flaw could allow
an attacker to write arbitrary files anywhere on the target filesystem,
including creating a JSP shell in Zimbra's web directory and execute malicious
commands.
Suggestions and Recommendations:
New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (thehackernews.com)