Posts

Top CVE's exploited in the wild

/in /by

SonicWALL Capture Labs Threat Research team observed the below vulnerabilities most exploited by hackers in the year 2019.

  • BlueKeep (CVE-2019-0708)
  • SharePoint Server (CVE-2019-0604)
  • Win32k (CVE-2019-0859)
  • ThinkPhp (CVE not assigned)
  • Atlassian Confluence (CVE-2019-3396)
  • Drupal (CVE-2019-6340)
  • Oracle WebLogic (CVE-2019-2725)
  • Exim Server (CVE-2019-10149)
  • Microsoft GDI (CVE-2019-0903)
  • Webmin Server (CVE-2019-15107)

BlueKeep (CVE-2019-0708)

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’.

Affected Products: Windows 7, Windows XP, Windows Server 2008 and  Windows Server 2003.

Reference: https://securitynews.sonicwall.com/xmlpost/rdp-vulnerability-cve-2019-0708/

 

SharePoint Server (CVE-2019-0604)

An insecure deserialization vulnerability has been reported in Microsoft SharePoint Server. This vulnerability is due to insufficient validation user-supplied data to EntityInstanceIdEncoder.

Affected Products
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2010 & 2013
Microsoft SharePoint Server 2010, 2013 & 2019

Reference: https://securitynews.sonicwall.com/xmlpost/microsoft-sharepoint-server-flaw-cve-2019-0604-is-actively-being-exploited/

 

Win32k (CVE-2019-0859)

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.

Affected Products
Microsoft Windows 7, 8.1, 10 & Rt 8.1
Microsoft Windows Server 2008, 2012, 2016 & 2019

Reference: https://securitynews.sonicwall.com/xmlpost/cve-2019-0859-exploits-active-in-the-wild/

 

ThinkPhp (CVE not assigned)

A command execution vulnerability exists in ThinkPHP CMS. The vulnerability is due to improper validation of the URL parameters in App.php.

Reference: https://securitynews.sonicwall.com/xmlpost/thinkphp-remote-code-execution-rce-bug-is-actively-being-exploited/

 

Atlassian Confluence (CVE-2019-3396)

A server side template injection vulnerability has been reported in Atlassian Confluence Server. This vulnerability is due to improper validation of the _template JSON parameter.

Affected Products:

Atlassian Confluence Server 6.14.x prior to 6.14.2
Atlassian Confluence Server 6.13.x prior to 6.13.3
Atlassian Confluence Server 6.12.x prior to 6.12.3
Atlassian Confluence Server 6.6.x prior to 6.6.12

 

Drupal (CVE-2019-6340)

A remote code execution vulnerability has been reported in the web services components of Drupal Core. The vulnerability is due to improper sanitization of data for certain Field Types from non-form sources prior to deserialization.

Affected Products:

Drupal Drupal 8.5.x prior to 8.5.11
Drupal Drupal 8.6.x prior to 8.6.10
Drupal Drupal 7.x

Oracle WebLogic (CVE-2019-2725)

An insecure deserialization vulnerability has been reported in Oracle Weblogic. This vulnerability is due to insufficient validation of XML data within the body of HTTP POST requests.

Affected Products

Oracle WebLogic Server 12.1.3.0.0
Oracle WebLogic Server 10.3.6.0.0

Reference: https://securitynews.sonicwall.com/xmlpost/oracle-weblogic-vulnerability-actively-being-exploited-in-the-wild/

 

Exim Server (CVE-2019-10149)

A remote command execution injection vulnerability has been reported in Exim server. This vulnerability is due to insufficient handling of recipient address in the deliver_message() function.

Affected Products: Exim versions 4.87 to 4.91

Reference: https://securitynews.sonicwall.com/xmlpost/exim-email-servers-are-still-under-attack/

 

Microsoft GDI (CVE-2019-0903)

A remote code execution vulnerability has been reported in the GDI component of Microsoft Windows. The vulnerability is due to the way that GDI handles objects in memory.

Affected Products:

Microsoft Windows 7, 8.1, 10
Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

Webmin Server (CVE-2019-15107)

A command injection vulnerability has been reported in Webmin. The vulnerability is due to improper validation of user supplied input within password_change.cgi.

Affected Products: Webmin prior to 1.930

Reference: https://securitynews.sonicwall.com/xmlpost/hackers-continue-to-mount-attacks-on-webmin-servers/

 

Microsoft Security Bulletin Coverage for May 2019

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability
ASPY5495:Malformed-File exe.MP.72
CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0734 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0758 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
ASPY5496:Malformed-File exe.MP.73
CVE-2019-0864 .NET Framework Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability
ASPY5497:Malformed-File exe.MP.74
CVE-2019-0882 Windows GDI Information Disclosure Vulnerability
ASPY1114:Malformed-File emf.TL.10
CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability
IPS14210:Scripting Engine Memory Corruption Vulnerability (MAY 19) 3
CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability
ASPY5493:Malformed-File bmp.MP.3
CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0892 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0903 GDI+ Remote Code Execution Vulnerability
ASPY5494:Malformed-File ttf.MP.26
CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability
IPS14206:Scripting Engine Memory Corruption Vulnerability (May 19) 1
CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability
IPS14207:Scripting Engine Memory Corruption Vulnerability (May 19) 2
CVE-2019-0921 Internet Explorer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability
IPS14208:Microsoft Edge Memory Corruption Vulnerability (May 19) 2
CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability
IPS14209:Internet Explorer Information Disclosure Vulnerability (May 19) 1
CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0932 Skype for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0936 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability
IPS14203:Microsoft Edge Elevation of Privilege (May 19) 1
CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability
IPS14202:Microsoft Edge Memory Corruption Vulnerability (May 19) 1
CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0961 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0976 NuGet Package Manager Tampering Vulnerability
There are no known exploits in the wild.
CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0980 .NET Framework and .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0982 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1000 Microsoft Azure AD Connect Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass
There are no known exploits in the wild.