NSFOCUS Weekly Cybersecurity Report (ID: 201827)

NSFOCUS Weekly Cybersecurity Report (ID: 201827)

July 18, 2018 | Adeline Zhang

(Report ID: 201827)

 

Internet Threat Status

CVE Statistics

The number of new CVE IDs increased considerably last week.

Threat Review

XXE in WeChat Pay Sdk|WeChat leave a backdoor on merchant websites (07-01-2018)

A payment security researcher found an XXE vulnerability in the JAVA version SDK. The attacker can build malicious payload towards the notification URL to steal any information of the merchant server as he or she wants. Once the attacker gets the crucial security key (md5-key and merchant-Id etc.) of the merchant , he can even make purchase without paying by just sending forged info to deceive the merchants. http://seclists.org/fulldisclosure/2018/Jul/3

WordPress 4.9.7 Security and Maintenance Release (07-05-2018)

WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory.Now it has been fixed by in WorldPress 4.9.7. Users are strongly advised to update their sites immediately. https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/

Google July 2018 Android patches fixes critical vulnerabilities (07-06-2018)
Last week,Google released the July 2018 Android patches that address a total of 11 vulnerabilities, including three Critical issues and 8 High-risk flaws that affect the framework, media framework, and system. The most severe vulnerability affecting the Framework (CVE-2018-9433) could be exploited by a remote attacker using a specially crafted pac file to execute arbitrary code within the context of a privileged process. Affected Android versions are Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. https://securityaffairs.co/wordpress/74230/security/google-july-2018-android-patches.html

Researchers Create Attacks That Compromise LTE Data Communication (07-02-2018)

Newly devised attacks on the Long Term Evolution (LTE) high-speed wireless
standard break the confidentiality and privacy of communication, a team of
researchers claim. https://www.securityweek.com/researchers-create-attacks-compromise-lte-data-communication

Flaws Expose Siemens Central Plant Clocks to Attacks (07-03-2018)
Siemens informed customers on Tuesday that some of its SICLOCK central
plant clocks are affected by several vulnerabilities, including ones that have been
rated “critical.”  https://www.securityweek.com/flaws-expose-siemens-central-plant-clocks-attacks

(Compiled by: NSFOCUS TI & Cybersecurity Lab)

Vulnerability Research

Updates of NSFOCUS’s Vulnerability Database

As of 6 July 2018, there have been 40,314 vulnerabilities in NSFOCUS’s vulnerability database. Among 92 vulnerabilities that were newly-added last week, 18 were high-risk ones, 40 were of medium severity, and 34 were low-risk vulnerability.

 

Mozilla Firefox/Firefox ESR Integer Overflow Vulnerability (CVE-2018-12361)
Severity: Critical
CVE ID: CVE-2018-12361

Mozilla Firefox/Firefox ESR Same-origin Policy Bypass Vulnerability (CVE-2018-12358)
Severity: Critical
BID: 104562
CVE ID: CVE-2018-12358

Mozilla Firefox/Firefox ESR Security Bypass Vulnerability (CVE-2018-12370)
Severity: Low
BID: 104562
CVE ID: CVE-2018-12370

Mozilla Firefox/Firefox ESR Security Bypass Vulnerability (CVE-2018-12367)
Severity: Medium
BID: 104561
CVE ID: CVE-2018-12367

Mozilla Firefox/Firefox ESR Security Bypass Vulnerability (CVE-2018-12369)
Severity: Medium
BID: 104561
CVE ID:CVE-2018-12369

Mozilla Firefox/Firefox ESR Integer Overflow Vulnerability (CVE-2018-12371)
Severity: Medium
CVE ID: CVE-2018-12371

Mozilla Firefox/Firefox ESR Denial of Service Vulnerability (CVE-2018-5156)
Severity: Critical
CVE ID: CVE-2018-5156

Mozilla Firefox/Firefox ESR Use After Free Vulnerability(CVE-2018-12360)
Severity: Critical
BID: 104555
CVE ID: CVE-2018-12360

Mozilla Firefox/Firefox ESR Use After Free Vulnerability (CVE-2018-12359)
Severity: Critical
BID: 104555
CVE ID: CVE-2018-12359

Mozilla Firefox/Firefox ESR Arbitray Code Execution Vulnerability (CVE-2018-12368)
Severity: Medium
BID: 104560
CVE ID: CVE-2018-12368

Mozilla Firefox/Firefox ESR Information Disclosure Vulnerability (CVE-2018-12366)
Severity: Medium
BID: 104560
CVE ID: CVE-2018-12366

Mozilla Firefox/Firefox ESR Information Disclosure Vulnerability(CVE-2018-12365)
Severity: Medium
BID: 104560
CVE ID: CVE-2018-12365

Mozilla Firefox/Firefox ESR Cross Site Request Forgery Vulnerability (CVE-2018-12364)
Severity: Critical
BID: 104560
CVE ID: CVE-2018-12364

Mozilla Firefox/Firefox ESR Use After Free Vulnerability (CVE-2018-12363)
Severity: Critical
BID: 104560
CVE ID: CVE-2018-12363

Mozilla Firefox/Firefox ESR Integer Overflow Vulnerability (CVE-2018-12362)
Severity: Critical
BID: 104560
CVE ID: CVE-2018-12362

Mozilla Firefox/Firefox ESR Memory Corruption Vulnerability (CVE-2018-5186)
Severity: Critical
BID: 104557
CVE ID: CVE-2018-5186

Mozilla Firefox/Firefox ESR Memory Corruption Vulnerability (CVE-2018-5187)
Severity: Critical
BID: 104556
CVE ID: CVE-2018-5187

Mozilla Firefox/Firefox ESR Memory Corruption Vulnerability(CVE-2018-5188)
Severity: Critical
BID: 104555
CVE ID: CVE-2018-5188

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1715)
Severity: Low
CVE ID: CVE-2017-1715

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1717)
Severity: Low
CVE ID: CVE-2017-1717

IBM RQM/RCLM Information Disclosure Vulnerability (CVE-2017-1691)
Severity: Low
CVE ID: CVE-2017-1691

ImageMagick Denial of Service Vulnerability (CVE-2018-11656)
Severity: Medium
CVE ID: CVE-2018-11656

ImageMagick Denial of Service Vulnerability (CVE-2018-11251)
Severity: Medium
CVE ID: CVE-2018-11251

ImageMagick Denial of Service Vulnerability (CVE-2018-11655)
Severity: Medium
CVE ID: CVE-2018-11655

ImageMagick Denial of Service Vulnerability (CVE-2017-18273)
Severity: Medium
CVE ID: CVE-2017-18273

ImageMagick Denial of Service Vulnerability (CVE-2017-18271)
Severity: Medium
CVE ID: CVE-2017-18271

ImageMagick Denial of Service Vulnerability (CVE-2017-18272)
Severity: Medium
CVE ID: CVE-2017-18272

ImageMagick Denial of Service Vulnerability (CVE-2017-17914)
Severity: Medium
CVE ID: CVE-2017-17914

ImageMagick Memory Leak Vulnerability (CVE-2017-17887)
Severity: Medium
CVE ID: CVE-2017-17887

ImageMagick Memory Leak Vulnerability (CVE-2017-17886)
Severity: Medium
CVE ID:CVE-2017-17886

ImageMagick Memory Leak Vulnerability (CVE-2017-17885)
Severity: Medium
CVE ID: CVE-2017-17885

ImageMagick Denial of Service Vulnerability (CVE-2017-17884)
Severity: Medium
CVE ID: CVE-2017-17884

ImageMagick Denial of Service Vulnerability (CVE-2017-17881)
Severity: Medium
CVE ID: CVE-2017-17881

ImageMagick Denial of Service Vulnerability (CVE-2017-17882)
Severity: Medium
CVE ID: CVE-2017-17882

ImageMagick Denial of Service Vulnerability (CVE-2017-17883)
Severity: Medium
CVE ID: CVE-2017-17883

ImageMagick Heap Buffer Overflow Vulnerability (CVE-2017-17504)
Severity: Medium
CVE ID:CVE-2017-17504

GraphicsMagick Buffer Overflow Vulnerability (CVE-2017-17912)
Severity: Medium
CVE ID: CVE-2017-17912

GraphicsMagick Buffer Overflow Vulnerability (CVE-2017-17783)
Severity: Medium
CVE ID: CVE-2017-17783

GraphicsMagick Buffer Overflow Vulnerability (CVE-2017-17782)
Severity: Medium
CVE ID: CVE-2017-17782

GraphicsMagick Buffer Overflow Vulnerability (CVE-2017-17915)
Severity: Medium
CVE ID: CVE-2017-17915

Medtronic MyCareLink Patient Monitor Debug Function Privilege Escalation Vulnerability(CVE-2018-8868)
Severity: Medium
CVE ID: CVE-2018-8868

Linux kernel fs/xfs/libxfs/xfs_attr_leaf.c Denial of Service Vulnerability (CVE-2018-13094)
Severity: Medium
CVE ID: CVE-2018-13094

Linux kernel lookup_slow() Denial of Service Vulnerability (CVE-2018-13093)
Severity: Low
CVE ID: CVE-2018-13093

Linux kernel fs/f2fs/super.c Denial of Service Vulnerability(CVE-2018-13096)
Severity: Low
CVE ID: CVE-2018-13096

Linux kernel fs/xfs/libxfs/xfs_inode_buf.c Denial of Service Vulnerability (CVE-2018-13095)
Severity: Medium
CVE ID: CVE-2018-13095

Medtronic MyCareLink Patient Monitor Hardcoded Password Vulnerability (CVE-2018-8870)
Severity: Medium
CVE ID: CVE-2018-8870

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1592)
Severity: Low
CVE ID: CVE-2017-1592

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1250)
Severity: Low
CVE ID: CVE-2017-1250

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1277)
Severity: Low
CVE ID: CVE-2017-1277

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1275)
Severity: Low
CVE ID: CVE-2017-1275

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1281)
Severity: Low
CVE ID: CVE-2017-1281

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1280)
Severity: Low
CVE ID: CVE-2017-1280

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1293)
Severity: Low
CVE ID: CVE-2017-1293

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1294)
Severity: Low
CVE ID: CVE-2017-1294

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1313)
Severity: Low
CVE ID: CVE-2017-1313

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1312)
Severity: Low
CVE ID: CVE-2017-1312

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1306)
Severity: Low
CVE ID: CVE-2017-1306

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1299)
Severity: Low
CVE ID: CVE-2017-1299

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1314)
Severity: Low
CVE ID: CVE-2017-1314

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1315)
Severity: Low
CVE ID: CVE-2017-1315

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1316)
Severity: Low
CVE ID: CVE-2017-1316

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1317)
Severity: Low
CVE ID: CVE-2017-1317

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1561)
Severity: Low
CVE ID: CVE-2017-1561

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1564)
Severity: Low
CVE ID: CVE-2017-1564

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1562)
Severity: Low
CVE ID: CVE-2017-1562

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1565)
Severity: Low
CVE ID: CVE-2017-1565

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1568)
Severity: Low
CVE ID: CVE-2017-1568

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1608)
Severity: Low
CVE ID: CVE-2017-1608

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1690)
Severity: Low
CVE ID: CVE-2017-1690

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1652)
Severity: Low
CVE ID: CVE-2017-1652

IBM RQM/RCLM Cross-site Scripting Vulnerability (CVE-2017-1651)
Severity: Low
CVE ID: CVE-2017-1651

SICLOCK TC100/TC400 Arbitray Code Execution Vulnerability (CVE-2018-4853)
Severity: Critical
CVE ID: CVE-2018-4853

SICLOCK TC100/TC400 Denial of Service Vulnerability (CVE-2018-4851)
Severity: Critical
CVE ID: CVE-2018-4851

SICLOCK TC100/TC400 Security Bypass Vulnerability (CVE-2018-4852)
Severity: Critical
CVE ID: CVE-2018-4852

SICLOCK TC100/TC400 Information Disclosure Vulnerability (CVE-2018-4855)
Severity: Critical
CVE ID: CVE-2018-4855

SICLOCK TC100/TC400 Arbitray Code Execution Vulnerability (CVE-2018-4854)
Severity: Critical
CVE ID: CVE-2018-4854

SICLOCK TC100/TC400 Access Control Vulnerability(CVE-2018-4856)
Severity: Low
CVE ID: CVE-2018-4856

Schneider Electric U.motion Builder Xmlserver SQL Injection Vulnerability (CVE-2018-7769)
Severity: Medium
CVE ID: CVE-2018-7769

Schneider Electric U.motion Builder Loadtemplate SQL Injection / Remote Code Execution Vulnerability (CVE-2018

-7768)
Severity: Medium
CVE ID: CVE-2018-7768

Schneider Electric U.motion Builder Editobject SQL Injection / Remote Code Execution Vulnerability (CVE-2018-

7767)
Severity: Medium
CVE ID: CVE-2018-7767

Schneider Electric U.motion Builder Track_getdata SQL Injection / Remote Code Execution Vulnerability(CVE-2018

-7766)
Severity: Medium
CVE ID: CVE-2018-7766

Schneider Electric U.motion Builder Track_import_export SQL Injection Vulnerability (CVE-2018-7765)
Severity: Critical
CVE ID: CVE-2018-7765

Schneider Electric U.motion Builder Runscript Directory Traversal Vulnerability / Information Disclosure

Vulnerability(CVE-2018-7764)
Severity: Low
CVE ID: CVE-2018-7764

Schneider Electric U.motion Builder Css.inc Directory Traversal Vulnerability / Information Disclosure

Vulnerability(CVE-2018-7763)
Severity: Low
CVE ID: CVE-2018-7763

Schneider Electric U.motion Builder sendmail.php Information Disclosure Vulnerability (CVE-2018-7770)
Severity: Medium
CVE ID: CVE-2018-7770

Schneider Electric U.motion Builder Editscript Directory Traversal Vulnerability (CVE-2018-7771)
Severity: Medium
CVE ID: CVE-2018-7771

Schneider Electric U.motion Builder HTTP Cookie SQL Injection /Remote Code Execution Vulnerability(CVE-2018-7772)
Severity: Medium
CVE ID: CVE-2018-7772

Schneider Electric U.motion Builder Nfcserver SQL Injection / Remote Code Execution Vulnerability (CVE-2018-7773)
Severity: Medium
CVE ID: CVE-2018-7773

Schneider Electric U.motion Builder Localize SQL Injection / Remote Code Execution Vulnerability (CVE-2018-7774)
Severity: Medium
CVE ID: CVE-2018-7774

Schneider Electric U.motion Builder error.php Information Disclosure Vulnerability(CVE-2018-7775)
Severity: Medium
CVE ID: CVE-2018-7775

Schneider Electric U.motion Builder Remote Code Execution Vulnerability(CVE-2018-7777)
Severity: Critical
CVE ID: CVE-2018-7777

Schneider Electric U.motion Builder update_file Information Disclosure Vulnerability(CVE-2018-7776)
Severity: Medium
CVE ID: CVE-2018-7776

(Source:NSFOCUS Security Research & Product Groups)

 

Vulnerability in the Spotlight

Mozilla Firefox Integer Overflow Vulnerability

NSFOCUS ID: 40237

CVE ID: CVE-2018-12362

Affected Versions:Mozilla Firefox < 61

Comments:

Firefox is an open-source Web browser.An integer overflow vulnerability was found during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler. With this vulnerability, an attacker could use a specially crafted website to execute arbitrary code or cause denail of service. The vendor has released patches to fix it. Users are advised to download the patches at the vendor’s website.

(Source:NSFOCUS Security Research & Product Groups)