August 9, SecurityWeek – (International) Vulnerabilites found in several Fortinet products. Vulnerability Lab released the details of several flaws affecting the Web interface of the Fortinet FortiManager and FortiAnalyzer security management and reporting appliances including a vulnerability that can be exploited by a remote attacker with access to a low-privileged user account to inject arbitrary code into the application if a victim clicks on a link or visits a Webpage containing the malicious code, a filter bypass issue, and multiple persistent cross-site scripting (XSS) flaws in the FortiVoice enterprise phone systems that can be exploited by a remote, authenticated attacker, among other security flaws. Fortinet released patches for all of the vulnerabilities and advised users to update their Fortinet product installations. Source
August 8, SecurityWeek – (International) Serious flaws found in Netgear, NUUO network video recorders. U.S. Computer Emergency Readiness Team (CERT) Coordination Center researchers warned that select network video recorders from NUUO Inc., and Netgear, Inc., were plagued by seven vulnerabilities including two input validation issues that could allow unauthenticated attackers to execute arbitrary code with root or admin privileges, an information disclosure bug that could allow a remote, unauthenticated attacker to view details on system processes, available memory and filesystem status by accessing a hidden page with a hardcoded username and password, and two flaws that can be leveraged to carry out arbitrary operating system (OS) commands and arbitrary code by any remote attacker who obtains admin privileges, among other flaws. Source
August 8, Help Net Security – (International) New vulnerabilities affect over 900 million Android devices, enable complete control of devices. Security researchers from Check Point reported four vulnerabilities, dubbed QuadRooter were affecting the software drivers in Qualcomm chipsets used in over 900 million Android smartphones and tablets and could trigger privilege escalations and gain root access to a device, allowing an attacker to change or remove system-level files, delete or add apps, and access the device’s screen, among other privileges, if any one of the four vulnerabilities is exploited. Check Point released a free QuadRooter scanner app that allows Android users to determine if their device is vulnerable, and advised Android users to download and install the latest software updates, among other practices, in order to avoid attacks. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report