Ejecución de código remoto en Web Help Desk de SolarWinds
Fecha 16/08/2024
Importancia 5 - Crítica
Recursos Afectados
Web Help Desk: versiones 12.4, 12.5, 12.6, 12.7 y 12.8.
Descripción
SolarWinds ha publicado un parche para corregir una vulnerabilidad crítica que afectaría a Web Help Desk.
SolarWinds agradece a Inmarsat Government y Viasat su ayuda en esta vulnerabilidad.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-de-codigo-remoto-en-web-help-desk-de-solarwinds
Fecha 16/08/2024
Importancia 5 - Crítica
Recursos Afectados
Web Help Desk: versiones 12.4, 12.5, 12.6, 12.7 y 12.8.
Descripción
SolarWinds ha publicado un parche para corregir una vulnerabilidad crítica que afectaría a Web Help Desk.
SolarWinds agradece a Inmarsat Government y Viasat su ayuda en esta vulnerabilidad.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/ejecucion-de-codigo-remoto-en-web-help-desk-de-solarwinds
www.incibe.es
Ejecución de código remoto en Web Help Desk de SolarWinds
SolarWinds ha publicado un parche para corregir una vulnerabilidad crítica que afectaría a Web Help De
WHD 12.8.3 Hotfix 1
All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed.
Aug 16, 2024•Success Center
First Published Date
8/13/2024 10:12 PM
Last Published Date
8/16/2024 8:30 PM
Overview
For your protection and to quickly deliver SolarWinds customers a secure version of WHD, we applied an aggressive security patch in WHD 12.8.3 Hotfix 1 on August 13, 2024. In a few cases, this approach impacted product functionality such as SSO. See the known issues for WHD 12.8.3 Hotfix 1.
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed.
Aug 16, 2024•Success Center
First Published Date
8/13/2024 10:12 PM
Last Published Date
8/16/2024 8:30 PM
Overview
For your protection and to quickly deliver SolarWinds customers a secure version of WHD, we applied an aggressive security patch in WHD 12.8.3 Hotfix 1 on August 13, 2024. In a few cases, this approach impacted product functionality such as SSO. See the known issues for WHD 12.8.3 Hotfix 1.
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Solarwinds
WHD 12.8.3 Hotfix 1
All versions of Web Help Desk (WHD) should be upgraded to WHD 12.8.3, and then the hotfix should be installed.
Múltiples vulnerabilidades en Moodle
Fecha 20/08/2024
Importancia 5 - Crítica
Recursos Afectados
Versiones anteriores que no reciban soporte actualmente y, además:
Versiones 4.4 a 4.4.1;
Versiones 4.3 a 4.3.5;
Versiones 4.2 a 4.2.8;
Versiones 4.1 a 4.1.11.
Descripción
Moodle ha publicado correcciones para 16 vulnerabilidades, 8 de ellas críticas. Su explotación podría permitir ejecución de código remoto, acceso a la información e inyección de código, entre otros.
Dichas vulnerabilidades fueron reportadas por los investigadores: RedTeam Pentesting GmbH, TaiYou, Andrew Lyons, Paul Holden y TeHoFu.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-moodle-5
Fecha 20/08/2024
Importancia 5 - Crítica
Recursos Afectados
Versiones anteriores que no reciban soporte actualmente y, además:
Versiones 4.4 a 4.4.1;
Versiones 4.3 a 4.3.5;
Versiones 4.2 a 4.2.8;
Versiones 4.1 a 4.1.11.
Descripción
Moodle ha publicado correcciones para 16 vulnerabilidades, 8 de ellas críticas. Su explotación podría permitir ejecución de código remoto, acceso a la información e inyección de código, entre otros.
Dichas vulnerabilidades fueron reportadas por los investigadores: RedTeam Pentesting GmbH, TaiYou, Andrew Lyons, Paul Holden y TeHoFu.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-moodle-5
www.incibe.es
Múltiples vulnerabilidades en Moodle
Moodle ha publicado correcciones para 16 vulnerabilidades, 8 de ellas críticas.
Control de acceso inadecuado en SonicOS de SonicWall
Fecha 26/08/2024
Importancia 5 - Crítica
Recursos Afectados
SOHO (5.ª generación): 5.9.2.14-12o y versiones anteriores.
Gen6 Firewalls (SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, modelos: SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W): 6.5.4.14-109n y versiones anteriores.
Gen7 Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700: versión de compilación de SonicOS 7.0.1-5035 y versiones anteriores.
Descripción
SonicWall ha publicado una vulnerabilidad podría provocar un acceso no autorizado a recursos y, en condiciones específicas, provocar el bloqueo del firewall.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/control-de-acceso-inadecuado-en-sonicos-de-sonicwall
Fecha 26/08/2024
Importancia 5 - Crítica
Recursos Afectados
SOHO (5.ª generación): 5.9.2.14-12o y versiones anteriores.
Gen6 Firewalls (SOHOW, TZ 300, TZ 300W, TZ 400, TZ 400W, TZ 500, TZ 500W, TZ 600, NSA 2650, NSA 3600, NSA 3650, NSA 4600, NSA 4650, NSA 5600, NSA 5650, NSA 6600, NSA 6650, SM 9200, SM 9250, modelos: SM 9400, SM 9450, SM 9600, SM 9650, TZ 300P, TZ 600P, SOHO 250, SOHO 250W, TZ 350, TZ 350W): 6.5.4.14-109n y versiones anteriores.
Gen7 Firewalls: TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700: versión de compilación de SonicOS 7.0.1-5035 y versiones anteriores.
Descripción
SonicWall ha publicado una vulnerabilidad podría provocar un acceso no autorizado a recursos y, en condiciones específicas, provocar el bloqueo del firewall.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/control-de-acceso-inadecuado-en-sonicos-de-sonicwall
www.incibe.es
Control de acceso inadecuado en SonicOS de SonicWall
SonicWall ha publicado una vulnerabilidad podría provocar un acceso no autorizado a recursos y, en con
VMSA-2024-0018:VMware Fusion update addresses a code execution vulnerability (CVE-2024-38811)
Advisory ID: VMSA-2024-0018
Advisory Severity: Important
CVSSv3 Range: 8.8
Synopsis: VMware Fusion update addresses a code-execution vulnerability (CVE-2024-38811)
Issue date: 2024-09-03
CVE(s): CVE-2024-38811
Impacted Products
VMware Fusion
Introduction
A code-execution vulnerability in VMware Fusion was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
Advisory ID: VMSA-2024-0018
Advisory Severity: Important
CVSSv3 Range: 8.8
Synopsis: VMware Fusion update addresses a code-execution vulnerability (CVE-2024-38811)
Issue date: 2024-09-03
CVE(s): CVE-2024-38811
Impacted Products
VMware Fusion
Introduction
A code-execution vulnerability in VMware Fusion was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware product.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.
https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.
https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/
BleepingComputer
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
BleepingComputer
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
Veeam Security Bulletin (September 2024)
KB ID: 4649
Product: Veeam Backup & Replication
Veeam ONE
Veeam Service Provider Console
Veeam Agent for Linux
Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Published: 2024-09-04
Last Modified: 2024-09-05
https://www.veeam.com/kb4649
KB ID: 4649
Product: Veeam Backup & Replication
Veeam ONE
Veeam Service Provider Console
Veeam Agent for Linux
Veeam Backup for Nutanix AHV
Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization
Published: 2024-09-04
Last Modified: 2024-09-05
https://www.veeam.com/kb4649
Veeam Software
KB4649: Veeam Security Bulletin (September 2024)
Microsoft September 2024 Security Updates
https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep
https://msrc.microsoft.com/update-guide/releaseNote/2024-Sep
Cisco Releases Security Updates for Cisco Smart Licensing Utility
Release DateSeptember 10, 2024
Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisory and apply the necessary updates:
Cisco Smart Licensing Utility Vulnerabilities
https://www.cisa.gov/news-events/alerts/2024/09/10/cisco-releases-security-updates-cisco-smart-licensing-utility
Bug ID(s): CSCwi41731
CVE ID: CVE-2024-20439
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
Bug ID(s): CSCwi47950
CVE ID: CVE-2024-20440
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Release DateSeptember 10, 2024
Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisory and apply the necessary updates:
Cisco Smart Licensing Utility Vulnerabilities
https://www.cisa.gov/news-events/alerts/2024/09/10/cisco-releases-security-updates-cisco-smart-licensing-utility
Bug ID(s): CSCwi41731
CVE ID: CVE-2024-20439
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
Bug ID(s): CSCwi47950
CVE ID: CVE-2024-20440
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Cisco
Cisco Security Advisory: Cisco Smart Licensing Utility Vulnerabilities
Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running.
Cisco has released…
Cisco has released…
Security Advisory EPM September 2024 for EPM 2024 and EPM 2022
Primary Product
Endpoint Manager
Created Date
10-Sep-2024 13:47:00
CVE-2024-37397 8.2 (High)
CVE-2024-8191 7.8 (High)
CVE-2024-32840 9.1 (Critical)
CVE-2024-32842 9.1 (Critical)
CVE-2024-32843 9.1 (Critical)
CVE-2024-32845 9.1 (Critical)
CVE-2024-32846 9.1 (Critical)
CVE-2024-32848 9.1 (Critical)
CVE-2024-34779 9.1 (Critical)
CVE-2024-34783 9.1 (Critical)
CVE-2024-34785 9.1 (Critical)
CVE-2024-8320 5.3 (Medium)
CVE-2024-8321 5.8 (Medium)
CVE-2024-8322 4.3 (Medium)
CVE-2024-29847 10.0 (Critical)
CVE-2024-8441 6.7 (Medium)
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
Primary Product
Endpoint Manager
Created Date
10-Sep-2024 13:47:00
CVE-2024-37397 8.2 (High)
CVE-2024-8191 7.8 (High)
CVE-2024-32840 9.1 (Critical)
CVE-2024-32842 9.1 (Critical)
CVE-2024-32843 9.1 (Critical)
CVE-2024-32845 9.1 (Critical)
CVE-2024-32846 9.1 (Critical)
CVE-2024-32848 9.1 (Critical)
CVE-2024-34779 9.1 (Critical)
CVE-2024-34783 9.1 (Critical)
CVE-2024-34785 9.1 (Critical)
CVE-2024-8320 5.3 (Medium)
CVE-2024-8321 5.8 (Medium)
CVE-2024-8322 4.3 (Medium)
CVE-2024-29847 10.0 (Critical)
CVE-2024-8441 6.7 (Medium)
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022
Ivanti
Security Advisory EPM September 2024 for EPM 2024 and EPM 2022
<p><span style="font-size: 18px;"><strong>Summary </strong></span></p>
<p>Ivanti has released updates for Ivanti Endpoint Manager which addresses medium and high vulnerabilities. Successful exploitation could lead to unauthorized access to the EPM core server. </p>…
<p>Ivanti has released updates for Ivanti Endpoint Manager which addresses medium and high vulnerabilities. Successful exploitation could lead to unauthorized access to the EPM core server. </p>…
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)
Created Date
10-Sep-2024 14:00:02
CVE-2024-8190 7.2 (High)
Affected Versions
Ivanti Cloud Services Appliance (CSA)
CSA 4.6 (All versions before Patch 519)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
Created Date
10-Sep-2024 14:00:02
CVE-2024-8190 7.2 (High)
Affected Versions
Ivanti Cloud Services Appliance (CSA)
CSA 4.6 (All versions before Patch 519)
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190
Ivanti
Security Advisory Ivanti Cloud Service Appliance (CSA) (CVE-2024-8190)
<p>Summary </p>
<p>Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with eth0 as…
<p>Ivanti has released a security update for Ivanti CSA 4.6 which addresses a high severity vulnerability. Successful exploitation could lead to unauthorized access to the device running the CSA. Dual-homed CSA configurations with eth0 as…
Security Advisory Ivanti Workspace Control (IWC)
Created Date
10-Sep-2024 14:04:02
CVE-2024-8012 7.8 (High)
CVE-2024-44105 8.2 (High)
CVE-2024-44104 8.8 (High)
CVE-2024-44107 8.8 (High)
CVE-2024-44103 8.8 (High)
CVE-2024-44106 8.8 (High)
Affected Versions
Ivanti IWC 10.18.0.0 and below
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC
Created Date
10-Sep-2024 14:04:02
CVE-2024-8012 7.8 (High)
CVE-2024-44105 8.2 (High)
CVE-2024-44104 8.8 (High)
CVE-2024-44107 8.8 (High)
CVE-2024-44103 8.8 (High)
CVE-2024-44106 8.8 (High)
Affected Versions
Ivanti IWC 10.18.0.0 and below
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-IWC
Ivanti
Security Advisory Ivanti Workspace Control (IWC)
<p><strong>Summary </strong></p>
<p>Ivanti has released a version of a new product architecture for Ivanti Workspace Control (IWC) which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral…
<p>Ivanti has released a version of a new product architecture for Ivanti Workspace Control (IWC) which addresses high and critical vulnerabilities. Successful exploitation could lead to an escalation of privileges and lateral…
Actualización de seguridad de SAP de septiembre de 2024
Fecha 10/09/2024
Importancia 3 - Media
Recursos Afectados
SAP Production y Revenue Accounting;
SAP S/4HANA eProcurement;
SAP NetWeaver Application Server para ABAP y ABAP Platform;
SAP NetWeaver AS para Java;
SAP Commerce Cloud;
SAP BusinessObjects Business Intelligence Platform;
SAP NetWeaver Enterprise Portal;
SAP Business Warehouse;
SAP NetWeaver BW;
SAP S/4 HANA;
SAP for Oil & Gas.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-septiembre-de-2024
Fecha 10/09/2024
Importancia 3 - Media
Recursos Afectados
SAP Production y Revenue Accounting;
SAP S/4HANA eProcurement;
SAP NetWeaver Application Server para ABAP y ABAP Platform;
SAP NetWeaver AS para Java;
SAP Commerce Cloud;
SAP BusinessObjects Business Intelligence Platform;
SAP NetWeaver Enterprise Portal;
SAP Business Warehouse;
SAP NetWeaver BW;
SAP S/4 HANA;
SAP for Oil & Gas.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/actualizacion-de-seguridad-de-sap-de-septiembre-de-2024
www.incibe.es
Actualización de seguridad de SAP de septiembre de 2024
SAP ha publicado varias actualizaciones de seguridad en diferentes productos en su comunicado mensual.
SysAdmin 24x7
[Actualización 01/08/2024] regreSSHion: vulnerabilidad RCE en servidor OpenSSH Fecha 02/07/2024 Importancia 4 - Alta Recursos Afectados Versiones de OpenSSH afectadas por esta vulnerabilidad: anteriores a 4.4p1, a menos que estén parcheadas para CVE-2006…
www.incibe.es
[Actualización 10/09/2024] regreSSHion: vulnerabilidad RCE en servidor OpenSSH
El equipo de Qualys Threat Research Unit (TRU) ha descubierto una vulnerabilidad que posibilitaría la
Vulnerabilidad RCE en SolarWinds Access Rights Manager
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
Access Rights Manager (ARM), versiones 2024.3 y anteriores.
Descripción
Piotr Bazydlo (@chudypb), investigador de Trend Micro ZDI, ha reportado una vulnerabilidad crítica detectada en Access Rights Manager (ARM) de SolarWinds.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-rce-en-solarwinds-access-rights-manager-0
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
Access Rights Manager (ARM), versiones 2024.3 y anteriores.
Descripción
Piotr Bazydlo (@chudypb), investigador de Trend Micro ZDI, ha reportado una vulnerabilidad crítica detectada en Access Rights Manager (ARM) de SolarWinds.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/vulnerabilidad-rce-en-solarwinds-access-rights-manager-0
www.incibe.es
Vulnerabilidad RCE en SolarWinds Access Rights Manager
Piotr Bazydlo (@chudypb), investigador de Trend Micro ZDI, ha reportado una vulnerabilidad crítica det
Múltiples vulnerabilidades en GitLab CE/EE
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
Ediciones Gitlab Community y Enterprise, versiones 17.3.1, 17.2.4, 17.1.6 y anteriores.
Descripción
Gitlab ha publicado la última actualización para las ediciones de Gitlab Community (CE) y Enterprise (EE), que soluciona 17 vulnerabilidades: una de severidad crítica, 3 altas y el resto medias y bajas. Estas vulnerabilidades podrían permitir una denegación de servicio (DoS), una inyección de código y acceso sin autorización, entre otros.
Solución
Actualizar los productos afectados a las versiones 17.3.2, 17.2.5 y 17.1.7.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-gitlab-ceee
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
Ediciones Gitlab Community y Enterprise, versiones 17.3.1, 17.2.4, 17.1.6 y anteriores.
Descripción
Gitlab ha publicado la última actualización para las ediciones de Gitlab Community (CE) y Enterprise (EE), que soluciona 17 vulnerabilidades: una de severidad crítica, 3 altas y el resto medias y bajas. Estas vulnerabilidades podrían permitir una denegación de servicio (DoS), una inyección de código y acceso sin autorización, entre otros.
Solución
Actualizar los productos afectados a las versiones 17.3.2, 17.2.5 y 17.1.7.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-gitlab-ceee
www.incibe.es
Múltiples vulnerabilidades en GitLab CE/EE
Gitlab ha publicado la última actualización para las ediciones de Gitlab Community (CE) y Enterprise (
Múltiples vulnerabilidades en productos D-Link
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
COVR-X1870: v1.02 y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores.
Descripción
El investigador TWCERT ha informado de 5 vulnerabilidades: 3 de severidad crítica y dos altas que podrían permitir al atacante ejecutar código arbitrario o iniciar sesión y ejecutar comandos del sistema.
Solución
COVR-X1870: versión 1.03B01.
DIR-X4860: versión 1.04B05.
DIR-X4860: DIR-X5460A1_V1.11B04.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-d-link
Fecha 16/09/2024
Importancia 5 - Crítica
Recursos Afectados
COVR-X1870: v1.02 y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores;
DIR-X4860: v1.04B04_Hot-Fix y anteriores.
Descripción
El investigador TWCERT ha informado de 5 vulnerabilidades: 3 de severidad crítica y dos altas que podrían permitir al atacante ejecutar código arbitrario o iniciar sesión y ejecutar comandos del sistema.
Solución
COVR-X1870: versión 1.03B01.
DIR-X4860: versión 1.04B05.
DIR-X4860: DIR-X5460A1_V1.11B04.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-productos-d-link
www.incibe.es
Múltiples vulnerabilidades en productos D-Link
El investigador TWCERT ha informado de 5 vulnerabilidades: 3 de severidad crítica y dos altas que podr
Múltiples vulnerabilidades en Scriptcase
Fecha 17/09/2024
Importancia 5 - Crítica
Recursos Afectados
Scriptcase, versión 9.4.019.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-scriptcase
Fecha 17/09/2024
Importancia 5 - Crítica
Recursos Afectados
Scriptcase, versión 9.4.019.
https://www.incibe.es/incibe-cert/alerta-temprana/avisos/multiples-vulnerabilidades-en-scriptcase
www.incibe.es
Múltiples vulnerabilidades en Scriptcase
INCIBE ha coordinado la publicación de 3 vulnerabilidades de severidad crítica que afectan a Scriptcas
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Advisory ID: VMSA-2024-0019
Severity: Critical
CVSSv3 Range: 7.5-9.8
Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Issue date: 2024-09-17
CVE(s) CVE-2024-38812, CVE-2024-38813
Impacted Products
VMware vCenter Server
VMware Cloud Foundation
Introduction
A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Advisory ID: VMSA-2024-0019
Severity: Critical
CVSSv3 Range: 7.5-9.8
Synopsis: VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
Issue date: 2024-09-17
CVE(s) CVE-2024-38812, CVE-2024-38813
Impacted Products
VMware vCenter Server
VMware Cloud Foundation
Introduction
A heap-overflow vulnerability and a privilege escalation vulnerability in vCenter Server were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968