Archive for February, 2020

CVE-2020-6803

An open redirect is present on the gateway’s login page, which could cause a user to be redirected to a malicious site after logging in.
Source: NIST
CVE-2020-6803

CVE-2015-3006

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.
Source: NIST
CVE-2015-3006

CVE-2020-6804

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user’s authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
Source: NIST
CVE-2020-6804

CVE-2015-5361

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.​ Note that the ftps-extensions option is not enabled by default.
Source: NIST
CVE-2015-5361

CVE-2019-4301

BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
Source: NIST
CVE-2019-4301

CVE-2019-7007

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.
Source: NIST
CVE-2019-7007

New Trickbot Delivery Method Focuses on Windows 10

Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
Source: DarkReading
New Trickbot Delivery Method Focuses on Windows 10

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.
Source: NIST
CVE-2019-10805

CVE-2020-9459

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings.
Source: NIST
CVE-2020-9459

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The “cmdPrefix” argument in serialNumber function is used by the “exec” function without any validation.
Source: NIST
CVE-2019-10804