Ixia ATI Update 2019-07 (357298)

Defects Resolved

Ticket Info
DE10345 Strike E13-33r01 was modified to add a leading slash to the URL.
DE10401 Strike E12-30101 was updated with correct year and variant counts. Strike E16-5dl0 had meta data updated with BID.
DE10405 The login response header was malformed in strike E17-m91t2. This was fixed.

New Strikes (13)

CVSS ID References Category Info
10.0 E19-mar01 BID-102994
CVE-2018-4895
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
SECURITYTRACKER-1040364
URL
Exploits This strike exploits an integer overflow vulnerability in Adobe Acrobat Reader ImageConversion component. The vulnerability is due to improper parsing of EmfPlusDrawString data records in an EMF file. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash.
10.0 E19-zhq61 BID-61900
CVE-2013-1710
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a vulnerability in Mozilla Firefox. It is possible to craft Javascript in such a way that allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting attack when calling the crypto.generateCRMFRequest function. This can lead to remote code execution on the victim's machine.
9.3 E19-0r4d1 BID-106402
CVE-2019-0541
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
EXPLOITDB-46536
Exploits This strike exploits a vulnerability in the Microsoft mshtml Engine. The vulnerability is due to improper filtering of the "edit" parameter. An attacker could exploit this vulnerability by enticing the victim to click a malicious link and download the malicious html file. Successful exploitation may lead to remote code execution on the client.
8.3 E19-0v621 CVE-2019-5786
CVSS-8.3 (AV:N/AC:M/AU:N/C:C/I:P/A:P)
URL
Exploits This strike replicates a use-after-free exploit for Chromium browser engine. The vulnerability can be triggered via the FileReader JS API by creating two array references to the same file reader result then using another mechanism to free the underlying memory. By successfully exploiting this flaw, an attacker can execute arbitrary code in the context or the Chrome's 'renderer' process.
7.5 E19-p08m1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike emulates a SQL injection attack on Magento e-commerce platform. The vulnerable code resides in 'vendor/magento/framework/DB/Adapter/Pdo/Mysql.php' and the flaw is due to the way the request parameters are parsed. By exploiting the '/catalog/product_frontend_action/synchronize' endpoint, a remote unauthenticated attacker could access the database and even leverage the vulnerability to obtain administrator privileges and remote code execution.
7.5 E19-0r6q1 BID-106887
CVE-2019-0626
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A memory corruption vulnerability exists in the 'dhcpssvc.dll' component of Windows DHCP Server. The vulnerability is triggered when the DHCP server parses a DHCP DISCOVER packet containing an altered 'Vendor Specific Information' header field. By exploiting the vulnerability, an attacker may be able to execute arbitrary code with SYSTEM privileges.
6.8 E19-0vwa1 CVE-2019-6730
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
ZDI-19-136
Exploits This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of freed objects in the JavaScript popUpMenu method. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
6.8 E19-0vhz1 BID-106691
CVE-2019-6215
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
EXPLOITDB-46448
GOOGLE-1723
Exploits This strike exploits a vulnerability in Apple Safari Webkit. It is possible to craft Javascript in such a way that will cause type confusion to occur when using a CustomGetterSetter object linked to regExpConstructorInput. This can lead to a denial of service in the browser or potentially allow for remote code execution to occur.
6.8 E19-0uyi1 BID-107637
CVE-2019-5514
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a vulnerability in the VMWare fusion. The vulnerability is due to lack of access control under WebSocket service. An attacker could exploit this vulnerability by enticing the victim to click a malicious link and execute the malicious web page. Successful exploitation may lead to remote command execution on the guest virtual machine.
6.4 E19-0wk51 CVSS-6.4 (AV:N/AC:L/AU:N/C:P/I:N/A:P)
EXPLOITDB-37237
EXPLOITDB-37241
EXPLOITDB-42197
Exploits This strike emulates remote DNS hijack attacks for several D-LINK routers. The vulnerability resides in the 'dnscfg.cgi' script and is due to lack of authentication on server-side. A remote unauthenticated attacker may change the DNS configuration of the router which can result in man-in-the-middle attacks and information disclosure.
5.0 E19-0zyy1 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-46618
Exploits This strike exploits a local file inclusion vulnerability in WordPress Plugin Anti-Malware and Brute-Force Firewall 4.18.63. The vulnerability is due to improper sanitization of the base64 encoded GOTMLS_scan parameter. By successfully exploiting this vulnerability, an authenticated attacker could retrieve arbitrary files from the target server.
4.3 E19-0rao1 CVE-2019-0768
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
GOOGLE-1738
Exploits This strike exploits a vulnerability in Microsoft Internet Explorer. By utilizing VBScript.Encode it is possible to bypass the MSHTML Security Zone security policy that is put in place to allow or restrict VBScript from execution.
2.6 E19-0sld1 BID-106597
CVE-2019-2449
CVSS-2.6 (AV:N/AC:H/AU:N/C:N/I:N/A:P)
Exploits This strike exploits an arbitrary file deletion vulnerability in Oracle SE 8. The vulnerability is due to improper filtering of jlnp URL variable. An attacker can entice the victim to click the malicious link. Successful exploitation may lead to file deletion on client side.