Transcription
TeraVM Cybersecurity Update #63Application and Network Security IntelligenceThe most important thing we build is trustGlobal Threat LevelThreat Activity: HighAssessment of vulnerablesystems is recommended.Security applications should beupdated.SymantecMcAfeeTrend MicroF-SecureCybersecurity IntelligenceSecurity threats constantly evolvewith new vulnerabilities discoveredweekly.Attackers continue todevelop new methods to findundiscovered holes in the mostadvanced network defenses.Security testing and validationmust reflect the latest and mostrelevant security threats to ensurenetwork security devices willperform and protect the networkinfrastructure from the mostadvanced attacks.TeraVM’s Cybersecurity Databaseidentifies and provides the latestsecurity threats and attacks tokeep your network current andresilient.Cobham Wireless – TeraVM Cybersecurity2 Elevated2 Elevated2 Elevated1 QuietTeraVM delivers a complete andcurrent threat database withregular updates.users to pinpoint where theweaknesses are in their securitycounter measures.TeraVM’s Cybersecurity Databasedelivers newly-discovered attacks,malware, and other threats fromproprietary research and strategicpartnerships with security researchorganization, including veritableinternet threats from CommonVulnerability and Exposures (CVE)repositories.Cybersecurity DatabaseSecurity HardeningBy emulating the latest securitythreat and exploit profiles, users ofTeraVMcanassesssecurityvulnerabilities in a safe andcontrolled manner. TeraVM enablesTeraVM’s Cybersecurity Databasedelivers a comprehensive resourcefor proactively protecting andhardening the most advancenetworks. TeraVM CybersecurityDatabase is frequently updated asnew threats are discovered andvalidated.Release #63 Available New threats:200 (View)Total threats: 11469Access by contacting: CobhamWireless Supportwww.cobham.com/wireless
TeraVM Cybersecurity Update #63Cybersecurity Database Update OverviewTeraVM delivers a comprehensive cybersecurity database of up to 12k unique threats. Each and every one of theseunique threats has violated an application or service and are independently researched, verified and packaged to providethe most comprehensive coverage of real world exposures.60% of the threats are tracked CVE vulnerabilities. Significantly many of the newly researched threats (as beingdelivered in this release) have yet to be CVE classified. This unique foresight enables the opportunity to validate securitywith the latest and current threat activity.% of TeraVM threats with addressable CVEclassification40%60%CVE classifiedYet to be classifiedNearly half of the total threats in the TeraVM Cybersecurity Database have a Common Vulnerability Scoring System(CVSS) in excess of 7 (with 10 being the most severe). CVSS is an open industry standard which approximates the easeof exploit and the impact of exploit.TeraVM CSDB CVSS Rating Ratio2%49%High (CVSS greater than 7)Cobham Wireless – TeraVM Cybersecurity49%Medium (CVSS greater than 4)Low (CVSS up to 4)www.cobham.com/wireless
TeraVM Cybersecurity Update #63TeraVM Cybersecurity Database uses a wide range of protocols and ports to deliver threat types.Delivery 600070008000900010000Number of ThreatsTeraVM enables a variance of attack profiles to expose vulnerabilities in a range of application and servicetypes.Attack ProfileUnknownSql InjectionSpoofingScript InjectionProtocolPolicy BypassOtherInformation DisclosureDenial Of ServiceData ManipulationCross-site ScriptingCross-site Request ForgeryCommand ExecutionBypass MBER OF THREATSCobham Wireless – TeraVM Cybersecuritywww.cobham.com/wireless
TeraVM Cybersecurity Update #63Cybersecurity Database Update #63Stay protected. See below example of new high severity threats. For more information, contact Cobham Wireless.VulnerabilityHTTP eClinicalWorks (CCMR) - Add User CSRF (From Server)HTTP eClinicalWorks (CCMR) - Add User CSRF (To Server)HTTP NETGEAR ProSafe Network Management System NMS300Konica Minolta FTP Utility 1.00 CWD Command Overflow VulnerabilityHTTP Adobe Flash Blur Filter Processing Out-of-Bounds Memset VulnerabilityHTTP Adobe Flash Use-After-Free CVE-2015-8635 VulnerabilityHTTP Manage Engine Event Log Analyzer 4.0 - 10 - Privilege EscalationHTTP Manage Engine Event Log Analyzer 4.0 - 10 - Privilege EscalationKeePass Password Safe Classic 1.29 Denial Of Service VulnerabilityHTTP iScripts Easy Create 3.0 - Edit Profile CSRF (From Server)HTTP iScripts Easy Create 3.0 - Edit Profile CSRF (To Server)HTTP Symphony CMS 2.6.3 - email SQL InjectionHTTP Symphony CMS 2.6.3 - save SQL InjectionHTTP Symphony CMS 2.6.3 - username SQL InjectionHTTP Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow VulnerabilityHTTP UliCMS 9.8.1 - country blacklist SQL InjectionAttack SeverityCVSS ighHighHighHighHighInstallationTo install the latest Cybersecurity updates, you need to have TeraVM 11.4 or later installed.Download the upgrade file from Cobham Wireless SupportFor 11.4 users: In your web browser, go to the Administration Interface of your current TVM-C: http:// Controller IPAddress .For 12.01.2.3.4.5.release onwards: In your web browser, go to: http:// Controller IP AddressLog in and click on Utilities.Click on the Administration Home tab, and enter: Username: diverAdmin; Password: diversifEye.Click Upgrade System.Click Choose File and find the file you downloaded from the Cobham support site.Click Upload.When the upload is complete, click Upgrade. This will take approximately fifteen minutes.Help and SupportTeraVM user documentation, online training guides and videos are available on the documentation portal:http://ats.aeroflex.com/login-accountFor support queries, please log a call on the Cobham Wireless Support Portalhttps://support.aeroflex.com/For help on using the support portal, download the Cobham Wireless Customer Support Portal User Guide.For accounts, please contact your local Cobham Wireless Representative.You can also contact support using the mail alias for your x.comCobham Wireless – TeraVM CybersecurityChinaEMEANorth .39.39.09.07.87.57.57.57.57.57.27.1
TeraVM Cybersecurity Update #63200 New Exploits ReleasedAdobe Digital Editions .pdf CVE-2016-0954 Memory Corruption VulnerabilityAdobe Flash BitmapData.drawWithQuality Heap Overflow CVE-2016-0964 VulnerabilityAdobe Flash Sound.loadPCMFromByteArray Dangling Pointer CVE-2016-0984 VulnerabilityAdobe Flash TextField Constructor CVE-2016-0985 Type Confusion VulnerabilityAvast Authenticode Parsing Memory Corruption VulnerabilityCore FTP Server 1.2 Buffer Overflow VulnerabilityCrouzet em4 soft 1.1.04 Integer Division By Zero VulnerabilityHTTP Adobe Flash ATF Processing Heap Overflow CVE-2016-0971 VulnerabilityHTTP Adobe Flash H264 File Stack Corruption CVE-2016-0967 VulnerabilityHTTP Adobe Flash H264 File Stack Corruption CVE-2016-0967 Vulnerability 1HTTP Adobe Flash H264 Parsing Out-of-Bounds Read VulnerabilityHTTP Adobe Flash LoadVars.decode CVE-2016-0974 Use-After-Free VulnerabilityHTTP Adobe Flash LoadVars.decode CVE-2016-0974 Use-After-Free Vulnerability 1HTTP Adobe Flash Out-of-Bounds Image Read CVE-2016-0965 VulnerabilityHTTP Adobe Flash Player and AIR CVE-2015-8644 Type Confusion RCE VulnerabilityHTTP Adobe Flash Player and AIR CVE-2015-8644 Type Confusion RCE Vulnerability 1HTTP Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code ExecutionHTTP BES12 12.4 Self-Service index.jsp Reflected XSS VulnerabilityHTTP BES12 12.4 Self-Service loggedOut.jsp Reflected XSS VulnerabilityHTTP BlackBerry Enterprise Service 12.4 Self-Service SQL Injection VulnerabilityHTTP Bluethrust Clan Scripts v4 R17 CSRF and PHP Shell Upload VulnerabilityHTTP Chamilo LMS Cross Site Scripting VulnerabilityHTTP Crouzet em4 soft 1.1.04 - .pm4 Integer Division By ZeroHTTP D-Link Cross Site Scripting VulnerabilityHTTP D-Link Cross Site Scripting Vulnerability 1HTTP D-Link Cross Site Scripting Vulnerability 2HTTP D-Link Cross Site Scripting Vulnerability 3HTTP Dell OpenManage Server Administrator Directory Traversal VulnerabilityHTTP File Replication Pro 7.2.0 - 'configuration' Remote File Disclosure (Perc Enc)HTTP File Replication Pro 7.2.0 - 'configuration' Remote File DisclosureHTTP File Replication Pro 7.2.0 - 'properties' Remote File DisclosureHTTP File Replication Pro 7.2.0 - Directory TraversalHTTP Freeproxy Internet Suite 4.10 - Denial of ServiceHTTP Infor CRM 8.2.0.1136 - 'description' POST HTML Script InjectionHTTP Infor CRM 8.2.0.1136 - 'description' PUT HTML Script InjectionHTTP Infor CRM 8.2.0.1136 - 'location' POST HTML Script InjectionHTTP Infor CRM 8.2.0.1136 - 'longnotes' POST HTML Script InjectionHTTP InstantCoder 1.0 iOS - Directory TraversalHTTP JMX2 Email Tester - (save email.php) Web Shell UploadHTTP JSN PowerAdmin Joomla! Extension XSS VulnerabilityHTTP Kaltura Community Edition Arbitrary File Upload VulnerabilityHTTP Kaltura Community Edition Server-Side Request Forgery VulnerabilityHTTP Kaltura Community Edition Server-Side Request Forgery Vulnerability 1HTTP Kaltura Community Edition Unauthorized File Read VulnerabilityHTTP Kaltura Community Edition Unserialize Code Execution VulnerabilityHTTP ManageEngine Firewall Analyzer 8.5 - 'addDevCrd' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'createAnomaly.nms' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'createProfile.do' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'customizeReportAction.nms' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'index2.do' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'ResolveDNSConfig.nms' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'runquery.do' SQL InjectionHTTP ManageEngine Firewall Analyzer 8.5 - 'searchAction.do' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'uniquereport.do' XSS (Perc Enc)HTTP ManageEngine Firewall Analyzer 8.5 - 'uniquereport.do' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'userIPConfig.nms' XSSHTTP ManageEngine Firewall Analyzer 8.5 - 'viewListPageAction.nms' XSSHTTP ManageEngine Firewall Analyzer 8.5 - Change Admin CSRFHTTP ManageEngine Firewall Analyzer XSS VulnerabilityCobham Wireless – TeraVM Cybersecuritywww.cobham.com/wireless
TeraVM Cybersecurity Update ageEngine Firewall Analyzer XSS Vulnerability 1ManageEngine Firewall Analyzer XSS Vulnerability 10ManageEngine Firewall Analyzer XSS Vulnerability 11ManageEngine Firewall Analyzer XSS Vulnerability 12ManageEngine Firewall Analyzer XSS Vulnerability 2ManageEngine Firewall Analyzer XSS Vulnerability 3ManageEngine Firewall Analyzer XSS Vulnerability 4ManageEngine Firewall Analyzer XSS Vulnerability 5ManageEngine Firewall Analyzer XSS Vulnerability 6ManageEngine Firewall Analyzer XSS Vulnerability 7ManageEngine Firewall Analyzer XSS Vulnerability 8ManageEngine Firewall Analyzer XSS Vulnerability 9ManageEngine Network Configuration Management Build 11000 - Privilege EscalationManageEngine OPutils 8.0 - 'actionForm' XSS (From Server)ManageEngine OPutils 8.0 - 'actionForm' XSS (To Server)ManageEngine OPutils 8.0 - 'alertMsg' XSS (From Server)ManageEngine OPutils 8.0 - 'alertMsg' XSS (To Server)ManageEngine OPutils 8.0 - 'hostName' XSS (From Server)ManageEngine OPutils 8.0 - 'hostName' XSS (To Server)ManageEngine OPutils 8.0 - 'ipOrHost' XSS (From Server)ManageEngine OPutils 8.0 - 'ipOrHost' XSS (To Server)ManageEngine OPutils 8.0 - 'oidString' XSS (From Server)ManageEngine OPutils 8.0 - 'oidString' XSS (To Server)ManageEngine OPutils 8.0 - 'RouterName' XSS (From Server)ManageEngine OPutils 8.0 - 'RouterName' XSS (To Server)ManageEngine OPutils 8.0 - 'selectedSwitchTab' XSS (From Server)ManageEngine OPutils 8.0 - 'selectedSwitchTab' XSS (To Server)ManageEngine OPutils 8.0 - 'switchID' XSS (From Server)ManageEngine OPutils 8.0 - 'switchID' XSS (To Server)ManageEngine OPutils 8.0 - Access Control VulnerabilityManageEngine OPutils 8.0 - Privilege EscalationMS IE Memory Corruption (MS16-023) CVE-2016-0108 VulnerabilityNetwork Scanner Version 4.0.0.0 - SEH Crash POCNetwrix Auditor 7.1.322.0 ActiveX Buffer Overflow VulnerabilityNetwrix Auditor 7.1.322.0 ActiveX Buffer Overflow Vulnerability 1OpenAM 9 10 Cross Site Scripting VulnerabilityOpenAM Open Redirect VulnerabilityOpenCms Cross Site Scripting Vulnerabilityperfact mpa Cross Site Request Forgery Vulnerability (From Server)perfact mpa Cross Site Request Forgery Vulnerability (To Server)perfact mpa Open Redirect VulnerabilityPulse CMS 4.5.2 Local File Inclusion VulnerabilityPulse CMS 4.5.2 Local File Inclusion Vulnerability 1Redaxo CMS SQL Injection VulnerabilityRedaxo CMS XSS VulnerabilityRozBlog Weblog Service CSRF Vulnerability (From Server)RozBlog Weblog Service CSRF Vulnerability (To Server)RozBlog Weblog Service CSRF Vulnerability 1 (From Server)RozBlog Weblog Service CSRF Vulnerability 1 (To Server)RozBlog Weblog Service XSS Vulnerability (From Server)RozBlog Weblog Service XSS Vulnerability (To Server)SAP HANA hdbindexserver CVE-2015-7986 Memory Corruption VulnerabilitySOLIDserver 5.0.4 - 'config file' Local File Inclusion VulnerabilitySOLIDserver 5.0.4 - 'report filename' Local File Inclusion Vulnerability (Perc Enc)SOLIDserver 5.0.4 - 'report filename' Local File Inclusion VulnerabilitySolr 3.5.0 - Arbitrary Data DeletionSolr 3.5.0 - Information DisclosureSophos UTM Cross Site Scripting VulnerabilitySTIMS Buffer - Buffer Overflow SEH - DoSSTIMS Cutter - Buffer Overflow DoSTeamPass 2.1.24 CVE-2015-7563 CSRF VulnerabilityCobham Wireless – TeraVM Cybersecuritywww.cobham.com/wireless
TeraVM Cybersecurity Update #63HTTP Thomson Router CSRF Vulnerability (From Server)HTTP Thomson Router CSRF Vulnerability (To Server)HTTP Thomson Router XSS VulnerabilityHTTP Thomson Router XSS Vulnerability 1HTTP Thomson Router XSS Vulnerability 2HTTP Thomson Router XSS Vulnerability 3HTTP Thru Managed File Transfer Portal SQL Injection VulnerabilityHTTP Timeclock Software 0.995 - 'period id' SQL InjectionHTTP Timeclock Software 0.995 - 'time id' SQL Injection (Percent Encoded)HTTP Timeclock Software 0.995 - 'time id' SQL InjectionHTTP Timeclock Software 0.995 - 'type id' SQL InjectionHTTP Timeclock Software 0.995 - 'user id' SQL InjectionHTTP Tiny Tiny RSS SQL Injection Vulnerability (From Server)HTTP Tiny Tiny RSS SQL Injection Vulnerability (To Server)HTTP Ubiquiti Networks UniFi CSRF Vulnerability (From Server)HTTP Ubiquiti Networks UniFi CSRF Vulnerability (To Server)HTTP Viscomsoft Calendar Active-X 2.0 - 'daycaptionfont' Crash PoCHTTP Viscomsoft Calendar Active-X 2.0 - 'daytextfont' Crash PoCHTTP Viscomsoft Calendar Active-X 2.0 - 'month' Crash PoCHTTP Viscomsoft Calendar Active-X 2.0 - 'monthyearfont' Crash PoCHTTP Viscomsoft Calendar Active-X 2.0 - 'monthyearforecolor' Crash PoCHTTP Viscomsoft Calendar Active-X 2.0 - 'settext' Crash PoCHTTP VLC Media Player 2.2.1 - .mp4 Heap Memory CorruptionHTTP WebSVN Cross Site Scripting VulnerabilityHTTP WordPress Advanced Importer Cross Site Scripting VulnerabilityHTTP Wordpress Booking Calendar Contact Form Plugin 1.1.23 - SQL injectionHTTP WordPress Bulk Delete Plugin 5.5.3 - 'delete pages by status' CSRFHTTP WordPress Bulk Delete Plugin 5.5.3 - 'delete posts by post type' CSRFHTTP WordPress Bulk Delete Plugin 5.5.3 - 'delete users by meta' CSRFHTTP WordPress CP Polls Plugin 1.0.8 - 'cv text enter valid captcha' XSSHTTP WordPress CP Polls Plugin 1.0.8 - 'form structure' XSSHTTP WordPress CP Polls Plugin 1.0.8 - 'poll text seeres' XSSHTTP WordPress CP Polls Plugin 1.0.8 - 'vs text submitbtn' XSSHTTP WordPress CSV Import Cross Site Scripting VulnerabilityHTTP WordPress Import Woocommerce Cross Site Scripting VulnerabilityHTTP WordPress More Fields Plugin CSRF Vulnerability (From Server)HTTP WordPress More Fields Plugin CSRF Vulnerability (To Server)HTTP WordPress More Fields Plugin CSRF Vulnerability 1 (From Server)HTTP WordPress More Fields Plugin CSRF Vulnerability 1 (To Server)HTTP WordPress Ocim MP3 Plugin SQL Injection VulnerabilityHTTP Yeager Cross Site Scripting VulnerabilityHTTP Yeager SQL Injection VulnerabilityHTTP Yeager SQL Injection Vulnerability 1HTTP Zimbra Mail CVE-2015-6541 Multiple CSRF Vulnerabilityinnovaphone IP222 and IP232 Denial Of Service Vulnerabilitylibquicktime 1.2.4 CVE-2016-2399 Integer Overflow VulnerabilityMalware Web Request connected with PayPal Phishing (dashlinen.testing-domain-live.co.uk)Malware Web Request connected with PayPal Phishing (inclusivediversity.co.uk)Malware Web Request to Domain connected with Banload Trojan (jktdc.in)Malware Web Request to Domain connected with Banload Trojan (www.proascolcolombia.com)Malware Web Request to Domain connected with Dridex Trojan (backup.terra5llc.com)Malware Web Request to Domain connected with Locky Ransomware (afive.net)Malware Web Request to Domain connected with Locky Ransomware (avp-mech.ru)Malware Web Request to Domain connected with Locky Ransomware (killerjeff.free.fr)Malware Web Request to Domain connected with Locky Ransomware (premium34.tmweb.ru)Malware Web Request to Domain connected with Locky Ransomware (softworksbd.com)Malware Web Request to Domain connected with Locky Ransomware (uponor.otistores.com)Malware Web Request to Domain connected with Locky Ransomware (wechselkur.de)Malware Web Request to Domain connected with Locky Ransomware (www.bag-online.com)Malware Web Request to Domain connected with MasterCard Phishing (zt.tim-taxi.com)Malware Web Request to Domain connected with Teslacrypt Ransomware (grosirkecantikan.com)Cobham Wireless – TeraVM Cybersecuritywww.cobham.com/wireless
TeraVM Cybersecurity Update #63Malware Web Request to Domain connected with Teslacrypt Ransomware (holishit.in)Malware Web Request to Domain connected with Teslacrypt Ransomware (jeansowghbqq.com)Malware Web Request to Domain connected with Teslacrypt Ransomware (vtc360.com)Malware Web Request to Domain connected with the Windows Support Scam (gamma01.website)Malware Web Request to Domain connected with Trojan Activity (deleondeos.com)Malware Web Request to Domain connected with Trojan Activity (gov.f3322.net)Malware Web Request to Domain connected with Trojan Activity (izzy-cars.nl)Malware Web Request to Domain connected with Trojan Activity (lhs-mhs.org)Malware Web Request to Domain connected with Trojan Activity (marialorena.com.br)Malware Web Request to Domain connected with Trojan Activity (ohelloguyqq.com)Malware Web Request to Domain connected with Trojan Activity (reclamus.com)Malware Web Request to Domain connected with Trojan Activity (srv20.ru)Malware Web Request to Domain connected with Trojan Activity (stopmeagency.free.fr)Malware Web Request to Domain connected with Trojan Activity (www.cerquasas.it)Malware Web Request to Domain connected with Trojan Activity (www.gold-city.it)Nitro Pro and Nitro Reader Heap Memory Corruption VulnerabilityQuick Tftp Server Pro 2.3 TFTP mode Remote Overflow VulnerabilityXM Easy Personal FTP Server 5.8 - (HELP) Remote DoS VulnerabilityZortam Mp3 Media Studio 20.15 SEH Overflow DoS VulnerabilityAbout TeraVMTeraVM is an application emulation and security performance solution, delivering comprehensive test coverage forapplication services, wired and wireless networks. TeraVM is offered as a virtualized solution enabling the flexibility torun anywhere - lab, datacenter and the cloud, with consistent performance coverage, ensuring that highly optimizednetworks and services can be delivered with minimal risk. www.cobhamwireless.comFor more details on the latest threat coverage available in the TeraVM Cybersecurity Database, please contact your localsales representative.Cobham Wireless – TeraVM Cybersecuritywww.cobham.com/wireless
Cobham Wireless - TeraVM Cybersecurity www.cobham.com/wireless The most important thing we build is trust TeraVM Cybersecurity Update #63 Application and Network .
