Lucene search

K
ibmIBMD860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135
HistoryOct 30, 2020 - 4:18 p.m.

Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities

2020-10-3016:18:45
www.ibm.com
20

0.059 Low

EPSS

Percentile

93.5%

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID:CVE-2020-11868
**DESCRIPTION:**NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with a spoofed source IP address, a remote attacker could exploit this vulnerability to block unauthenticated synchronization resulting in a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-13817
**DESCRIPTION:**NTP is vulnerable to a denial of service, caused by an issue when relying on unauthenticated IPv4 time sources in ntpd. By predicting transmit timestamps for use in spoofed packets, a remote attacker could exploit this vulnerability to cause the daemon to crash or system time change.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183494 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2020-12049
**DESCRIPTION:**D-Bus is vulnerable to a denial of service, caused by an error in _dbus_read_socket_with_unix_fds. By sending specially crafted messages, a local attacker could exploit this vulnerability to cause the system dbus-daemon (dbus-daemon --system) to leak file descriptors.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182955 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-8177
**DESCRIPTION:**cURL could allow a remote attacker to overwrite arbitrary files on the system, caused by the improper handling of certain parameters when using -J (โ€“remote-header-name) and -I (โ€“include) in the same command line. An attacker could exploit this vulnerability to overwrite a local file.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183931 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-19527
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/hid/usbhid/hiddev.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172524 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-10757
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw when mremap a mmaped DAX nvdimm to a mmaped anonymous memory region. By executing a specially-crafted program, a local attacker could exploit this vulnerability to cause corrupted page table resulting in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182919 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-12653
**DESCRIPTION:**Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an incorrect memcpy and buffer overflow in the mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181449 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-12654
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181450 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-10713
**DESCRIPTION:**GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system. By injecting a malicious payload, an attacker could exploit this vulnerability to bypass Secure Boot protections and execute arbitrary code within GRUB. Note: This vulnerability is also known as BootHole.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186056 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-14308
**DESCRIPTION:**GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the grub_malloc function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186057 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-14309
**DESCRIPTION:**GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_squash_read_symlink. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186058 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2020-14310
**DESCRIPTION:**GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in read_section_from_string. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186059 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2020-14311
**DESCRIPTION:**GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_ext2_read_link. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186060 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2020-15705
**DESCRIPTION:**GNU GRUB2 could allow a local authenticated attacker to bypass security restrictions, caused by improper validation of kernel signature when booted directly without shim. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass secure boot to perform arbitrary actions.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186061 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-15706
**DESCRIPTION:**GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in the grub_script_function_create function when redefining a function during execution. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186062 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-15707
**DESCRIPTION:**GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_cmd_initrd and grub_initrd_init. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186063 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)

Affected Products and Versions

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 3

IBM QRadar Network Packet Capture 7.4.0 - 7.4.1 GA

Remediation/Fixes

IBM QRadar Network Packet Capture 7.3.3 Patch 4

IBM QRadar Network Packet Capture 7.4.1 Patch 1

Workarounds and Mitigations

None