2018-JUL-25 FSL version 7.6.38 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 23889 - (HT208932) Apple iCloud Vulnerabilities Prior To 7.6 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE- 2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-4293 Description Multiple vulnerabilities are present in some versions of Apple iCloud. Observation Apple iCloud is a manager for the Apple's cloud-based storage service. Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain sensitive information, execute arbitrary code or cause a denial of service. 23893 - (HT208938) Apple iOS Multiple Vulnerabilities Prior To 11.4.1 Category: Wireless Assessment -> NonIntrusive -> iOS Risk Level: High CVE: CVE-2018-4248, CVE-2018-4260, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE- 2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4274, CVE-2018-4275, CVE-2018-4277, CVE-2018-4278, CVE-2018-4280, CVE-2018-4282, CVE-2018-4284, CVE-2018-4290, CVE-2018-4293 Description Multiple vulnerabilities are present in some versions of Apple iOS. Observation Apple iOS is the operating system used by Apple iPhone, iPad, and iPod touch. Multiple vulnerabilities are present in some versions of Apple iOS. The flaws lie in many components. Successful exploitation could allow an attacker to remotely execute arbitrary code, escalate privileges, disclose sensitive information or cause denial of service on the target. 23900 - (HPESBHF03856) HPE Intelligent Management Center Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2182, CVE-2016-6306, CVE-2016-6309, CVE- 2016-7052 Description Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center. Observation HPE Intelligent Management Center (iMC) is an enterprise-class network management platform. Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center. The flaws lie in OpenSSL component. Successful exploitation could allow an attacker to cause a denial of service or disclose private information. 23887 - (JSA10871) Juniper Junos OS RPD Daemon Denial Of Service Vulnerability Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-0037 Description A denial of service vulnerability is present in some versions of Juniper Junos. Observation Juniper Junos is an operating system used in Juniper device. A denial of service vulnerability is present in some versions of Juniper Junos. The flaw lies in junos RPD daemon. Successful exploitation could allow an attacker to cause a denial of service condition. 23850 - (K29154575) F5 BIG-IP ImageMagick Vulnerability Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2016-3717 Description A vulnerability is present in some versions of F5's BIG-IP products. Observation F5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System. A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in the ImageMagick's LABEL coder. Successful exploitation could allow a remote attacker to gain access to sensitive information. 23881 - VideoLAN VLC Media Player Remote Code Execution Vulnerability Prior To 3.0.2 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-11516 Description A vulnerability is present in some versions of VideoLAN VLC Media Player. Observation VideoLAN VLC Media Player is a popular open source media player. A vulnerability is present in some versions of VideoLAN VLC Media Player. The flaw lies in the vlc_demux_chained_Delete function. Successful exploitation could allow an attacker to cause a denial of service condition or execute arbitrary code on the target system. 23882 - (K13213573) F5 BIG-IP Linux Kernel Vulnerability Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2012-6701 Description A vulnerability is present in some versions of F5's BIG-IP products. Observation F5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System. A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in Linux kernel. Successful exploitation could allow a local attacker to cause a denial of service condition. 23884 - (HT208934) Apple Safari Vulnerabilities Prior To 11.1.2 Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes Risk Level: High CVE: CVE-2018-4260, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE- 2018-4267, CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4274, CVE-2018-4278, CVE-2018-4279, CVE-2018-4284 Description Multiple vulnerabilities are present in some versions of Apple Safari. Observation Apple Safari is a popular web browser. Multiple vulnerabilities are present in some versions of Apple Safari. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service condition, lead to remote code execution or address bar spoofing. 23885 - IBM DB2 Privilege Escalation Vulnerability (swg22016505) Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-1487 Description A vulnerability is present in some versions of IBM DB2. Observation IBM DB2 is a popular relational database management server. A vulnerability is present in some versions of IBM DB2. The flaw is due to loading libraries from an untrusted path. Successful exploitation could allow a local attacker to gain full access to the DB2 instance account. 23891 - IBM WebSphere Application Server Multiple Vulnerabilities (swg22016214) Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2012-1007, CVE-2014-0114, CVE-2016-1181, CVE-2016-1182 Description Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. Observation IBM WebSphere Application Server is a server engine for Java EE Web applications. Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. The flaws lie in Apache Struts and Apache Commons components. Successful exploitation could allow an attacker to retrieve sensitive data, bypass security access restrictions or execute arbitrary code on the target system. 23896 - IBM DB2 Multiple Untrusted Search Path Vulnerabilities (swg22016624) Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-1458 Description Multiple untrusted search path vulnerabilities are present in some versions of IBM DB2. Observation IBM DB2 is a popular relational database management server. Multiple untrusted search path vulnerabilities are present in some versions of IBM DB2. The flaw is due to untrusted search path in the DB2 Administration Server component. Successful exploitation could allow a local attacker to execute arbitrary code on target system with elevated privileges. 23899 - Oracle Secure Global Desktop Critical Patch Update July 2018 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-0739, CVE-2018-1000300, CVE-2018-1305 Description Multiple vulnerabilities are present in some versions of Oracle Secure Global Desktop. Observation Oracle Secure Global Desktop is a secure remote access solution. Multiple vulnerabilities are present in some versions of Oracle Secure Global Desktop. The flaws lie in the Curl, OpenSSL and Apache Tomcat Server components. Successful exploitation could allow an attacker to affect confidentiality, integrity and availability. 131160 - Debian Linux 9.0 DSA-4254-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2018-10995, CVE-2018-7033 Description The scan detected that the host is missing the following update: DSA-4254-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2018/dsa-4254 Debian 9.0 all slurm-llnl_16.05.9-1+deb9u2 146872 - SuSE Linux 42.3 openSUSE-SU-2018:2021-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-1116 Description The scan detected that the host is missing the following update: openSUSE-SU-2018:2021-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2018-07/msg00055.html SuSE Linux 42.3 i586 polkit-debugsource-0.113-14.3.1 libpolkit0-debuginfo-0.113-14.3.1 libpolkit0-0.113-14.3.1 typelib-1_0-Polkit-1_0-0.113-14.3.1 polkit-0.113-14.3.1 polkit-devel-debuginfo-0.113-14.3.1 polkit-devel-0.113-14.3.1 polkit-debuginfo-0.113-14.3.1 noarch polkit-doc-0.113-14.3.1 x86_64 polkit-debugsource-0.113-14.3.1 libpolkit0-debuginfo-0.113-14.3.1 libpolkit0-0.113-14.3.1 typelib-1_0-Polkit-1_0-0.113-14.3.1 libpolkit0-debuginfo-32bit-0.113-14.3.1 polkit-0.113-14.3.1 polkit-devel-debuginfo-0.113-14.3.1 polkit-devel-0.113-14.3.1 polkit-debuginfo-0.113-14.3.1 libpolkit0-32bit-0.113-14.3.1 146874 - SuSE Linux 42.3 openSUSE-SU-2018:2023-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-13346, CVE-2018-13347, CVE-2018-13348 Description The scan detected that the host is missing the following update: openSUSE-SU-2018:2023-1 Observation Updates often remediate critical security problems that should be quickly addressed.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages60 Page
-
File Size-