Cyber Security Weekly Briefing, 29 April – 5 May

Telefónica Tech    5 May, 2023

Critical vulnerability in Zyxel firewalls

Network equipment manufacturer Zyxel has released security patches for a critical vulnerability affecting its firewalls. The vulnerability, which was discovered and reported by the TRAPA Security team, has been classified as CVE-2023-28771 and with CVSS of 9.8. It allows an unauthenticated attacker to execute some operating system commands remotely by sending manipulated packets to an affected device.

The security flaw affects firmware versions of ATP (ZLD V4.60 to V5.35, patched in ZLD V5.36); USG FLEX (ZLD V4.60 to V5.35, patched in ZLD V5.36) VPN (ZLD V4.60 to V5.35, patched in ZLD V5.36), ZyWALL/USG (ZLD V4.60 to V4.73, patched in ZLD V4.73).

The vulnerability is not known to have been exploited so far; however, Zyxel recommends that firewalls be upgraded to the latest available version.

More info

Google releases Chrome 113 with 15 security updates

Google has released to the stable channel version 113 of Google Chrome for Windows, macOS and Linux, which fixes up to 15 vulnerabilities, 10 of them reported to Google through its bug bounty program.

None of the vulnerabilities now fixed are of high criticality, being the most relevant the one cataloged as CVE-2023-2459, still without CVSS, but for which Google has paid 7,500 dollars to the researcher Rong Jian.

This is an inappropriate implementation issue in Prompts, its severity is considered medium and would allow a remote attacker to bypass permission restrictions through a manipulated HTML page. This latest iteration of the browser is now deployed as Chrome version 113.0.5672.63 for Linux and macOS, and as Chrome versions 113.0.5672.63/.64 for Windows.

More info

Vulnerabilities in BGP protocol allow attackers to carry out DoS attacks

Researchers at Forescout Vedere Labs have published a report detailing new vulnerabilities in the BGP protocol. The vulnerabilities, already patched and with a CVSS of 6.5, have been classified as CVE-2022-40302, CVE-2022-40318 and CVE-2022-43681.

The flaws would be related to parsing of BGP messages found in the FRRouting implementation that could be exploited to achieve a denial of service on vulnerable BGP peers. The DoS condition can be prolonged indefinitely by repeatedly sending malicious packets.

It should be noted that two of these issues (CVE-2022-40302 and CVE-2022-43681) can be triggered before FRRouting validates the BGP Identifier and ASN fields.

More info → 

​Critical Vulnerability in Cisco Phone Adapters

Cisco has issued a security advisory warning of a critical vulnerability in Cisco SPA112 two-port phone adapters. The security flaw in particular, has been logged as CVE-2023-20126, CVSSv3 of 9.8, and is due to a flaw in the authentication process within the firmware update feature.

Exploiting this vulnerability could allow an attacker to execute arbitrary code on the affected device with full privileges, and, consequently, could help a threat actor move laterally in a network. However, it is estimated that most of these are not exposed to the Internet, making these flaws susceptible to exploitation from the local network.

It should be noted that Cisco has indicated that the affected model has reached the end of its useful life, so it will not receive any security updates and recommends replacing the adapter with the ATA 190 series model.

More info

​​Fleckpe: new Android malware that subscribes victims to premium services

Securelist has found a new Android malware called Fleckpe spread through at least 11 apps available on Google Play that together accumulate more than 620,000 downloads. Fleckpe, in particular, subscribes victims, without their permission, to different premium premium services with special pricing, which deliver part of the proceeds to the threat actors.

According to Securelist, Fleckpe has been active since 2022 and has been spread through 11 apps (already removed from the market by Google), most of them image editors. Fleckpe works by receiving from C2 the URL where it must subscribe the victim, opens it in invisible mode and copies the confirmation code of the notifications. Once the process is completed, the app works normally, thus avoiding raising suspicions on the part of the victim.

More info

Leave a Reply

Your email address will not be published. Required fields are marked *