Category Archives: US-CERT

US-CERT Alerts – Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

SB15-222: Vulnerability Summary for the Week of August 3, 2015

Original release date: August 10, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chiyutw — bf-660c Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. 2015-07-31 7.5 CVE-2015-2871
CERT-VN
chiyutw — bf-630 Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. 2015-07-31 7.5 CVE-2015-5618
CERT-VN
cisco — ios_xe Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. 2015-07-31 7.8 CVE-2015-4291
CISCO
dell — bios The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. 2015-07-31 7.2 CVE-2015-2890
CONFIRM
CERT-VN
garrettcom — magnum_10k_firmware The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password. 2015-08-03 7.2 CVE-2015-3959
MISC
CONFIRM
gehealthcare — entegra_p&r_firmware GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2001-1594
MISC
MISC
CONFIRM
gehealthcare — millennium_mg GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) “service.” for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2002-2445
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — millennium_mg_firmware GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2002-2446
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — discovery_vh GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) “2” for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2003-1603
MISC
MISC
CONFIRM
gehealthcare — centricity_image_vault_firmware GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2004-2777
MISC
MISC
CONFIRM
gehealthcare — infinia_ii_firmware GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2006-7253
MISC
MISC
CONFIRM
gehealthcare — centricity_dms_firmware GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2007-6757
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
gehealthcare — discovery_530c_firmware GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2009-5143
MISC
MISC
CONFIRM
gehealthcare — optima_ct520_firmware GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2010-5306
MISC
MISC
CONFIRM
CONFIRM
CONFIRM
gehealthcare — optima_mr360_firmware The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2010-5307
MISC
MISC
CONFIRM
gehealthcare — optima_mr360_firmware GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. 2015-08-04 10.0 CVE-2010-5308
MISC
MISC
CONFIRM
gehealthcare — cadstream_server_firmware GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2010-5309
MISC
MISC
CONFIRM
gehealthcare — revolution_xq/i The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2010-5310
MISC
MISC
CONFIRM
gehealthcare — centricity_analytics_server GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2011-5322
MISC
MISC
CONFIRM
gehealthcare — centricity_pacs-iw GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2011-5323
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — centricity_pacs-iw The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2011-5324
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — precision_mpi GE Healthcare Precision MPi has a password of (1) orion for the serviceapp user, (2) orion for the clinical operator user, and (3) PlatinumOne for the administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2012-6660
MISC
MISC
CONFIRM
gehealthcare — centricity_pacs_server GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2012-6693
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — centricity_pacs_server GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. 2015-08-04 10.0 CVE-2012-6694
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — centricity_pacs_workstation GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2012-6695
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — discovery_nm_750b GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2013-7404
MISC
MISC
CONFIRM
gehealthcare — centricity_dms The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2013-7405
MISC
MISC
CONFIRM
gehealthcare — centricity_pacs_workstation GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. 2015-08-04 10.0 CVE-2013-7442
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — discovery_xr656 GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. 2015-08-04 10.0 CVE-2014-7232
MISC
MISC
CONFIRM
CONFIRM
gehealthcare — precision_thunis-800+ GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for “Setup and Activation” using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. 2015-08-04 10.0 CVE-2014-7233
MISC
MISC
CONFIRM
gehealthcare — centricity_clinical_archive_audit_trail_repository GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. 2015-08-04 10.0 CVE-2014-9736
MISC
MISC
CONFIRM
ibm — websphere_mq_light IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data. 2015-08-03 7.8 CVE-2015-1955
CONFIRM
ibm — websphere_mq_light IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987. 2015-08-03 7.8 CVE-2015-1956
CONFIRM
ibm — websphere_mq_light IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987. 2015-08-03 7.8 CVE-2015-1958
CONFIRM
ibm — websphere_mq_light IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958. 2015-08-03 7.8 CVE-2015-1987
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935. 2015-08-03 10.0 CVE-2015-4931
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935. 2015-08-03 10.0 CVE-2015-4932
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935. 2015-08-03 10.0 CVE-2015-4933
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935. 2015-08-03 10.0 CVE-2015-4934
CONFIRM
ibm — tivoli_storage_manager_fastback Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934. 2015-08-03 10.0 CVE-2015-4935
CONFIRM
openbsd — openssh The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. 2015-08-02 8.5 CVE-2015-5600
FULLDISC
MLIST
CONFIRM
CONFIRM
symantec — endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. 2015-07-31 7.5 CVE-2015-1486
CONFIRM
BID
symantec — endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. 2015-07-31 8.5 CVE-2015-1489
CONFIRM
BID
symantec — endpoint_protection_manager Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. 2015-07-31 8.5 CVE-2015-1492
CONFIRM
BID
timedoctor — timedoctor The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. 2015-08-06 9.3 CVE-2015-4674
FULLDISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chiyutw — bf-630 Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. 2015-07-31 4.3 CVE-2015-2870
CERT-VN
cisco — anyconnect_secure_mobility_client Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. 2015-07-31 6.4 CVE-2015-4289
CISCO
cisco — prime_central_for_hosted_collaboration_solution_assurance Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. 2015-07-31 4.3 CVE-2015-4292
CISCO
cisco — unified_communications_manager_im_and_presence_service Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. 2015-07-31 4.3 CVE-2015-4294
CISCO
cisco — unified_communications_manager The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. 2015-07-31 4.0 CVE-2015-4295
CISCO
garrettcom — magnum_10k_firmware Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2015-08-03 4.3 CVE-2015-3942
MISC
CONFIRM
garrettcom — magnum_10k_firmware The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. 2015-08-03 4.3 CVE-2015-3960
MISC
CONFIRM
ibm — websphere_extreme_scale Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. 2015-08-03 5.0 CVE-2015-4936
CONFIRM
AIXAPAR
linux — linux_kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. 2015-08-05 4.9 CVE-2015-3636
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
linux — linux_kernel The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. 2015-08-05 4.7 CVE-2015-4167
CONFIRM
CONFIRM
MLIST
CONFIRM
CONFIRM
openbsd — openssh The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. 2015-08-02 4.3 CVE-2015-5352
CONFIRM
CONFIRM
MLIST
schneider-electric — wonderware_system_platform_2014 Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2015-08-03 6.9 CVE-2015-3940
MISC
CONFIRM
siemens — ruggedcom_rugged_operating_system The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566. 2015-08-02 4.3 CVE-2015-5537
MISC
CONFIRM
symantec — endpoint_protection_manager The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. 2015-07-31 5.5 CVE-2015-1487
CONFIRM
BID
symantec — endpoint_protection_manager An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. 2015-07-31 4.0 CVE-2015-1488
CONFIRM
BID
symantec — endpoint_protection_manager Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. 2015-07-31 5.5 CVE-2015-1490
CONFIRM
BID
symantec — endpoint_protection_manager SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2015-07-31 6.0 CVE-2015-1491
CONFIRM
BID
windriver — vxworks Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. 2015-08-03 5.8 CVE-2015-3963
MISC
CONFIRM
wordpress — wordpress Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment. 2015-08-04 4.3 CVE-2015-3438
CONFIRM
CONFIRM
MISC
wordpress — wordpress Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as. 2015-08-05 4.3 CVE-2015-3439
CONFIRM
CONFIRM
CONFIRM
MISC
wordpress — wordpress Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. 2015-08-03 4.3 CVE-2015-3440
CONFIRM
MISC
CONFIRM
FULLDISC
CONFIRM
wordpress — wordpress WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php. 2015-08-03 4.0 CVE-2015-5623
CONFIRM
CONFIRM
CONFIRM
MLIST

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
garrettcom — magnum_10k_firmware The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. 2015-08-03 3.5 CVE-2015-3961
MISC
CONFIRM
ibm — business_process_manager IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. 2015-07-31 3.5 CVE-2015-1904
CONFIRM
AIXAPAR
ibm — websphere_datapower_xc10_appliance_firmware The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. 2015-08-03 2.1 CVE-2015-1970
CONFIRM
AIXAPAR
indusoft — web_studio Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. 2015-07-31 1.7 CVE-2015-1009
MISC
MISC
CONFIRM
siemens — simatic_wincc_sm@rtclient The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. 2015-08-02 2.1 CVE-2015-5084
MISC
CONFIRM
wordpress — wordpress Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. 2015-08-03 3.5 CVE-2015-5622
CONFIRM
CONFIRM
CONFIRM
MLIST

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: August 06, 2015

The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to read and steal sensitive local files on the victim’s computer.

Available updates include:

  • Firefox 39.0.3
  • Firefox ESR 38.1.1

US-CERT encourages users and administrators to review the Security Advisory for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

WordPress Releases Security Update

Original release date: August 04, 2015

WordPress 4.2.3 and prior versions contain critical cross-site scripting and potential SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.2.4.


This product is provided subject to this Notification and this Privacy & Use policy.

SB15-215: Vulnerability Summary for the Week of July 27, 2015

Original release date: August 03, 2015

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — ios The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733. 2015-07-24 7.1 CVE-2015-0681
CONFIRM
CISCO
cisco — application_policy_infrastructure_controller_(apic) Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. 2015-07-24 9.0 CVE-2015-4235
CISCO
cisco — unified_meetingplace_web_conferencing The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839. 2015-07-24 10.0 CVE-2015-4262
CISCO
isc — bind named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. 2015-07-29 7.8 CVE-2015-5477
CONFIRM
webservice-dic — yoyaku Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. 2015-07-29 7.5 CVE-2015-2977
JVNDB
JVN
webservice-dic — yoyaku Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2015-07-29 7.5 CVE-2015-2979
JVNDB
JVN

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — content_security_management_virtual_appliance Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. 2015-07-28 4.3 CVE-2015-0732
CISCO
cisco — unified_computing_system_central_software The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. 2015-07-29 5.0 CVE-2015-4286
CISCO
cisco — firepower_extensible_operating_system Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. 2015-07-28 5.0 CVE-2015-4287
CISCO
cisco — content_security_management_appliance The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. 2015-07-28 4.3 CVE-2015-4288
CISCO
cisco — anyconnect_secure_mobility_client The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. 2015-07-29 4.9 CVE-2015-4290
CISCO
cisco — ios_xe The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. 2015-07-30 5.0 CVE-2015-4293
CISCO
dhcpcd_project — dhcpcd The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message. 2015-07-29 6.8 CVE-2014-7912
CONFIRM
MISC
dhcpcd_project — dhcpcd The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. 2015-07-29 6.8 CVE-2014-7913
CONFIRM
ffmpeg — ffmpeg The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Motion JPEG data. 2015-07-26 6.8 CVE-2015-1872
CONFIRM
honeywell — tuxedo_touch Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. 2015-07-26 5.0 CVE-2015-2847
CERT-VN
honeywell — tuxedo_touch Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command. 2015-07-26 6.8 CVE-2015-2848
CERT-VN
ibm — maximo_anywhere Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application. 2015-07-26 5.0 CVE-2015-4945
CONFIRM
lemon-s_php — gazou_bbs_plus LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. 2015-07-28 5.0 CVE-2015-2974
JVNDB
JVN
CONFIRM
linux — linux_kernel The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. 2015-07-27 4.9 CVE-2015-4692
CONFIRM
CONFIRM
MLIST
CONFIRM
rack_project — rack lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. 2015-07-26 5.0 CVE-2015-3225
MLIST
CONFIRM
MLIST
research-artisan — research_artisan_lite Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors. 2015-07-26 5.0 CVE-2015-2975
CONFIRM
JVNDB
JVN
research-artisan — research_artisan_lite Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted URL that is mishandled during access-log analysis. 2015-07-25 4.3 CVE-2015-2976
CONFIRM
JVNDB
JVN
rubyonrails — jquery-rails jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value. 2015-07-26 5.0 CVE-2015-1840
MLIST
CONFIRM
CONFIRM
MLIST
rubyonrails — web_console request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client’s IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. 2015-07-26 4.3 CVE-2015-3224
MLIST
CONFIRM
MLIST
rubyonrails — ruby_on_rails Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. 2015-07-26 4.3 CVE-2015-3226
MLIST
MLIST
rubyonrails — ruby_on_rails The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. 2015-07-26 5.0 CVE-2015-3227
MLIST
MLIST
webservice-dic — yoyaku Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an “unintentional reservation.” 2015-07-29 5.0 CVE-2015-2978
JVNDB
JVN
welcart — welcart Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php. 2015-07-24 4.3 CVE-2015-2973
CONFIRM
CONFIRM
JVNDB
JVN

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations

Original release date: August 01, 2015

Systems Affected

Microsoft Windows Systems, Adobe Flash Player, and Linux

Overview

Between June and July 2015, the United States Computer Emergency Readiness Team (US-CERT) received reports of multiple, ongoing and likely evolving, email-based phishing campaigns targeting U.S. Government agencies and private sector organizations. This alert provides general and phishing-specific mitigation strategies and countermeasures.

Description

US-CERT is aware of three phishing campaigns targeting U.S. Government agencies and private organizations across multiple sectors. All three campaigns leveraged website links contained in emails; two sites exploited a recent Adobe Flash vulnerability (CVE-2015-5119) while the third involved the download of a compressed (i.e., ZIP) file containing a malicious executable file. Most of the websites involved are legitimate corporate or organizational sites that were compromised and are hosting malicious content.

Impact

Systems infected through targeted phishing campaigns act as an entry point for attackers to spread throughout an organization’s entire enterprise, steal sensitive business or personal information, or disrupt business operations.

Solution

Phishing Mitigation and Response Recommendations

  • Implement perimeter blocks for known threat indicators:
    • Email server or email security gateway filters for email indicators
    • Web proxy and firewall filters for websites or Internet Protocol (IP) addresses linked in the emails or used by related malware
    • DNS server blocks (blackhole) or redirects (sinkhole) for known related domains and hostnames
  • Remove malicious emails from targeted user mailboxes based on email indicators (e.g., using Microsoft ExMerge).
  • Identify recipients and possible infected systems:
    • Search email server logs for applicable sender, subject, attachments, etc. (to identify users that may have deleted the email and were not identified in purge of mailboxes)
    • Search applicable web proxy, DNS, firewall or IDS logs for activity the malicious link clicked.
    • Search applicable web proxy, DNS, firewall or IDS logs for activity to any associated command and control (C2) domains or IP addresses associated with the malware.
    • Review anti-virus (AV) logs for alerts associated with the malware.  AV products should be configured to be in quarantine mode. It is important to note that the absence of AV alerts or a clean AV scan should not be taken as conclusive evidence a system is not infected.
    • Scan systems for host-level indicators of the related malware (e.g., YARA signatures)
  • For systems that may be infected:
    • Capture live memory of potentially infected systems for analysis
    • Take forensic images of potentially infected systems for analysis
    • Isolate systems to a virtual local area network (VLAN) segmented form the production agency network (e.g., an Internet-only segment)
  • Report incidents, with as much detail as possible, to the NCCIC.

Educate Your Users

Organizations should remind users that they play a critical role in protecting their organizations form cyber threats. Users should:

  • Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.  Be particularly wary of compressed or ZIP file attachments.
  • Avoid clicking directly on website links in emails; attempts to verify web addresses independently (e.g., contact your organization’s helpdesk or sear the Internet for the main website of the organization or topic mentioned in the email).
  • Report any suspicious emails to the information technology (IT) helpdesk or security office immediately.

Basic Cyber Hygiene

Practicing basic cyber hygiene would address or mitigate the vast majority of security breaches handled by today’s security practitioners:

  • Privilege control (i.e., minimize administrative or superuser privileges)
  • Application whitelisting / software execution control (by file or location)
  • System application patching (e.g., operating system vulnerabilities, third-party vendor applications)
  • Security software updating (e.g., AV definitions, IDS/IPS signatures and filters)
  • Network segmentation (e.g., separate administrative networks from business-critical networks with physical controls and virtual local area networks)
  • Multi-factor authentication (e.g., one-time password tokens, personal identity verification (PIV cards)

Further Information

For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT Security Tip: Handling Destructive Malware to evaluate their capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies.

References

Revision History

  • August 1, 2015: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

IC3 Issues Alert on DDoS Extortion Campaigns

Original release date: July 31, 2015

The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a ransom. Businesses are warned against communicating directly with attackers and advised to use DDoS mitigation techniques instead.

Users and administrators are encouraged to review the IC3 Alert for details and US-CERT Security Tip ST04-015 for more information on DDoS attacks.


This product is provided subject to this Notification and this Privacy & Use policy.

Best Practices to Protect You, Your Network, and Your Information

Original release date: July 31, 2015

The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions.

During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices.

Cybersecurity is a risk management issue. Our experience demonstrates that individuals and organizations may reduce risk when they implement cybersecurity best practices. The following are examples of best practices you should consider implementing today as part of your cybersecurity strategy:

  1. Implement Two-Factor Authentication: Two-factor authentication works to significantly reduce or eliminate unauthorized access to your networks and information.
  2. Block Malicious Code: Activate application directory whitelisting to prevent non-approved applications from being installed on your network.
  3. Limit Number of Privileged Users: System administrators have privileged access that gives them the “keys to your kingdom.” Limit system administrator privileges only to those who have a legitimate need as defined by your management directives.
  4. Segment Your Network: Don’t put all your eggs in one basket by having a “flat network”. Use segmentation techniques so that if one part of your network is breached that the integrity of the rest of the network is protected.
  5. Lock Your Backdoors: Third parties that share network trust relationships with you may prove to be an Achilles heel by serving as an attack vector into your network. Take action to ensure that all network trust relationships are well-protected using best practices. Have a means to audit the effectiveness of these defenses. Consider terminating or suspending these relationships until sufficient controls are in place to protect your backdoors.

For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT Security Tip 13-003: Handling Destructive Malware to evaluate their capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 30, 2015

Cisco has released software updates to address a vulnerability in Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Original release date: July 28, 2015

ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.

Updates available include:

  • BIND 9-version 9.9.7-P2
  • BIND 9-version 9.10.2-P3

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

‘Stagefright’ Android Vulnerability

Original release date: July 28, 2015

Android devices running Android versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.

Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information. US-CERT recommends affected Android users contact their wireless carrier or device manufacturer for a software update.


This product is provided subject to this Notification and this Privacy & Use policy.