Showing posts with label risk medium. Show all posts
Showing posts with label risk medium. Show all posts

Ajay Verma , , 02:19
Severity Rating: Medium 
Systems Affected 
•All Bluetooth devices supporting BR/EDR Core Configurations version 5.2
and prior
Overview 
A vulnerability has been reported in Bluetooth protocol, which could be
exploited by an adjacent attacker to perform a spoofing attack(BIAS)
impersonating the address of a previously paired remote device. 

Description
Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are
used for low-power short-range communications. To establish an encrypted
connection, two Bluetooth devices must pair with each other using a link
key. 
An attacker with physical access to the Bluetooth connection could perform
a spoofing attack impersonating the address of a previously paired remote
device. This attack may result in the attacking device completing the
authentication procedure successfully despite not possessing the link key. 

This vulnerability in turn, could permit an attacker to initiate the
Bluetooth Key Negotiation (KNOB) attack more efficiently, potentially
gaining full access as the remote paired device.

Solution 
It is highly recommended that the end users apply the latest update.
Bluetooth host and controller suppliers should refer to the Bluetooth SIG
for guidance on updating their products.   
oth-security/bias-vulnerability/ 

References

oth-security/bias-vulnerability/
devices-bias-attacks/

CVE Name
CVE-2020-10135
Read more [..]

Ajay Verma , , , 02:08
Severity Rating: MEDIUM
Systems Affected 
•XiaomiMIUI V11.0.5.0.QFAEUXM

Overview 
Multiple Vulnerabilities have been reported in Xiaomi MIUI devices which
could allow a remote attacker to obtain sensitive information or install
apps on targeted device. 

Description
1.  Information Disclosure Vulnerability ( CVE-2020-9530   ) 

This vulnerability exists in Xiaomi MIUI devices due to the mishandling of
opening other components by the component GetApps (com.xiaomi.mipicks).An
attacker could exploit this vulnerability by persuading a victim to visit a
specially-crafted website.
Successful exploitation of this vulnerability could allow a remote attacker
to obtain sensitive information from the targeted device. 

2.  Code Execution Vulnerability ( CVE-2020-9531   ) 

This vulnerability exists in Xiaomi MIUI devices due to improper
verification of the local web pages parameters by GetApps. An adjacent
attacker could install apps and obtain sensitive information from targeted
unlocked device. 

Solution
Upgrade to Xiaomi MIUI2001122 or later 

Vendor Information
Xiaomi

References
Xiaomi
F-Secure

CVE Name
CVE-2020-9530
CVE-2020-9531
Read more [..]

Ajay Verma , , , 02:06
Severity Rating: MEDIUM

Software Affected 
•Microsoft Edge (Chromium-based) versions prior to 83.0.478.37

Overview 
A vulnerability has been reported in Microsoft Edge (Chromium-based) that
could allow a remote attacker to gain elevated privileges on a targeted
system. 
Description
This vulnerability exists in the affected software due to improper
validation of input by the Feedback extension.
Successful exploitation of this vulnerability could allow the attacker to
write files to arbitrary locations and gain elevated privileges on the
targeted system . 

Note: This vulnerability only exists in Chromium-based versions of
Microsoft Edge (which use Blink engine) and not the Edge HTML engine based
versions. 

Solution
Update to version 83.0.478.37 as mentioned at 
- -1195

Vendor Information
Microsoft
- -1195

References
Microsoft
- -1195
CyberSecurityHelp

CVE Name
Chromium-based)
Read more [..]

Ajay Verma , , , 02:04
Severity Rating: MEDIUM
Software Affected 
•Drupal 7.69
•Drupal 8.7.13
•Drupal  8.8. 5

Overview 
Multiple vulnerabilities have been reported in Drupal that could allow a
remote attacker to execute cross-site scripting and open redirect attacks
on the targeted system. 

Description
1. Cross Site Scripting Vulnerabilities ( CVE-2020-11022   CVE-2020-11023  
These vulnerabilities exist in Drupal core due to improper validation of
user-supplied input by the jQuery DOM manipulation methods. A remote
attacker could exploit this vulnerability by executing script in a
victim¿s Web browser within the security context of the hosting Web site. 
Successful exploitation of this Vulnerability could allow the attacker to
steal the victim¿s cookie-based authentication credential. 

2. Open Redirect Vulnerability 
This vulnerability exist in Drupal core due to insufficient validation of
the destination query parameter in the drupal_goto() function. A remote
attacker could exploit this vulnerability by using a destination query
string in a specially-crafted URL. 
Successful exploitation of this Vulnerability could allow the attacker to
conduct phishing attacks on the targeted system. 

Solution
Apply appropriate updates as mentioned in following URLs: 


Vendor Information
Drupal

References
Drupal

CVE Name
CVE-2020-11022
CVE-2020-11023
Read more [..]

Ajay Verma , , , , 01:55
Severity Rating: MEDIUM
Software Affected
Docker Desktop Community version 2.3.0.2
Overview
A vulnerability has been reported in Windows Docker Desktop Service that
could allow an attacker to gain elevated privileges on a targeted system.

Description
This vulnerability exists in the Docker Desktop for Windows when
communicating as a client to child processes. An attacker could exploit
this vulnerability by connecting the affected software to a named pipe
which is set up by a malicious lower privilege process.

Successful exploitation of this vulnerability could allow the attacker to
impersonate the Docker Desktop Service account (SYSTEM) and execute
arbitrary system commands with the highest level privileges.

Solution
Apply updates as available on

Vendor Information
Docker

References
Docker

Zdnet
- -docker-desktop-for-windows/

CVE Name
CVE-2020-11492
Read more [..]

Ajay Verma , , 01:42

Severity Rating: MEDIUM
Software Affected
Open Connect VPN Client: 3.99, 4.00, 4.01, 4.02, 4.03, 4.04, 4.05, 4.06,
4.07, 4.08, 4.99, 5.00, 5.01, 5.02, 5.03, 5.99, 6.00, 7.00, 7.01, 7.02,
7.03, 7.04, 7.05, 7.06, 7.07, 7.08, 8.00, 8.01, 8.02, 8.03, 8.04, 8.05,
8.06, 8.07, 8.08, 8.09
Overview
A vulnerability has been reported in Open Connect VPN Client which could
allow an attacker to execute arbitrary code on the targeted system.

Description
This Vulnerability exists in Open Connect VPN Client due to a boundary
within the get_cert_name() function in gnutls.c file by the. A remote
attacker could exploit this vulnerability by tricking the victim into
connecting to a malicious VPN server, thereby triggering buffer overflow
and crashing the client or executing arbitrary code on the targeted system.

Successful exploitation of this vulnerability may result in complete
compromise of vulnerable system.

Solution
Apply appropriate patches as mentioned in Open Connect VPN Client Bulletin:

References
Cyber Security Help

Debian

CVE Name
CVE-2020-12823
Read more [..]

Ajay Verma , , , , 01:35

Severity Rating: Medium
Software Affected:            
·         Docker Engine before 19.03.11
Overview:
A vulnerability has been reported in Docker Engine which could allow an
attacker to obtain sensitive information, or cause a denial of service
condition on the targeted system.
Description
This Vulnerability exists in Docker Engine due to improper handling of the
Configuration in the Docker Engine software. A remote attacker could
exploit this vulnerability by sending the rogue router advertisements with
CAP_NET_RAW capability to the attacker-controlled malicious container and
reconfigure the host to redirect the traffic of the host of the attacker
controlled container. 
Successful exploitation of this vulnerability may result to obtain
sensitive information, or cause a denial of service to conduct
man-in-the-middle (MitM) attacks.

Solution
Apply appropriate patches as mentioned in Docker Engine Bulletin:

References:
Vendor Information
Docker Docs
Openwall

CVE Name
CVE-2020-13401

Read more [..]

Ajay Verma , , , 01:07

Severity rating: Meduim
Software affected

GnuTLS version prior to 3.6.14

Overview
A vulnerability has been reported in GnuTLS which could be exploited by a
remote attacker to perform Man-in-the-Middle (MitM) to bypass
authentication or recover previous conversations.

Description
The vulnerability exists in GnuTLS 3.6.x before 3.6.14 due to regression,
introduced into the TLS protocol implementation.  This caused the TLS
server to not securely construct a session ticket encryption key generated
by gnutls_session_ticket_key_generate() function considering the
application supplied secret.

Successful exploitation of this vulnerability could allow a
Man-in-the-Middle (MitM) attacker to bypass authentication in TLS 1.3 and
recover previous conversations in TLS 1.2.

Solution
Upgrade to GnuTLS 3.6.14 or later versions to fix this vulnerability.

Vendor information

GnuTLS

References

GnuTLS


NVD


CVE Name
CVE-2020-13777

Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top