Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-330.07.31.20: TT-CSIRT ADVISORY- BIG-IP EDGE CLIENT FOR WINDOWS VULNERABILITY

A use-after-free memory vulnerability exists in the BIG-IP Edge Client Windows ActiveX component This vulnerability allows an attacker to trigger memory corruption to the browser or execute code from the browser when the attacker crafts a malicious webpage and loads it into the Internet Explorer browser by BIG-IP Edge Client users. To determine if your …

TTCSIRT-329.07.30.20: TT-CSIRT ADVISORY- GRUB2 BOOTLOADER IS VULNERABLE TO BUFFER OVERFLOW

The GRUB2 boot loader is vulnerable to buffer overflow, which results in arbitrary code execution during the boot process, even when Secure Boot is enabled. The impact of this results in an authenticated, local attacker being able to modify the contents of the GRUB2 configuration file to execute arbitrary code that bypasses signature verification. This …

TTCSIRT-328.07.27.20: TT-CSIRT ADVISORY- POTENTIAL LEGACY RISK FROM MALWARE TARGETING QNAP NAS DEVICES

The United States Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC); are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.   All QNAP NAS devices are potentially vulnerable to …

TTCSIRT-327.07.23.20: TT-CSIRT ADVISORY- CISCO ONLY PATH TRAVERSAL VULNERABILITY

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP …

TTCSIRT-326.07.20.20: TT-CSIRT ADVISORY-PERFORMANCEPOINT SERVICES REMOTE CODE EXECUTION VULNERABILITY

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. To exploit this vulnerability, an attacker …

TTCSIRT-325.07.17.20: TT-CSIRT ADVISORY-CISCO RELEASES SECURITY UPDATES FOR MULTIPLE PRODUCTS

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. The following are affected appliances along with links detailing its respective vulnerability: Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability cisco-sa-rv110w-static-cred-BMTWBWTy Small Business RV110W, RV130, RV130W, …

TTCSIRT-324.07.17.20: TT-CSIRT ADVISORY-APT29 TARGETS COVID-19 VACCINE DEVELOPMENT

APT29 (also known as ‘the Dukes’ or ‘Cozy Bear’) is a suspected Russian Intelligence Cyber Espionage Group. The United Kingdom’s National Cyber Security Centre issued detection and mitigation advice for organisations involved in coronavirus vaccine development with custom malware by APT29. The report goes into detail regarding recent Tactics, Techniques and Procedures (TTPs) of the …

TTCSIRT-323.07.14.20: TT-CSIRT ADVISORY- Vulnerability in Windows DNS

Microsoft has released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are …

TTCSIRT-322.07.08.20: TT-CSIRT ADVISORY- PALOALTO OS COMMAND INJECTION VULNERABILITY

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue This issue cannot be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier …

TTCSIRT-321.07.08.20: TT-CSIRT ADVISORY- CITRIX MULTIPLE VULNERABILITIES

Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could result in a number of security issues including: Attacks that are limited to the management interface System compromise by an unauthenticated user on the management network. System compromise through Cross …