Lucene search

K
ibmIBME6D65E19FE6BA4F3BA2E46E5AB80627BF4D5A00C79C005BB82AEB4F3D67208B0
HistoryOct 10, 2023 - 1:37 p.m.

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

2023-10-1013:37:16
www.ibm.com
38
ibm qradar
network packet capture
openssh
zlib
mozilla nss
linux kernel
cve
vulnerabilities

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.058

Percentile

93.5%

Summary

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs.

Vulnerability Details

**CVEID:**CVE-2023-38408 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the forwarded ssh-agent. By sending specially crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232849 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**CVE-2023-0767 DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an arbitrary memory write. By constructing a PKCS 12 cert bundle in such a way, a remote attacker could exploit this vulnerability using PKCS 12 Safe Bag attributes to allow for arbitrary memory writes and execute arbitrary code on the vulnerable system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247260 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2022-4378 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow in the __do_proc_dointvec function. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242006 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2022-42703 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw related to leaf anon_vma double reuse in mm/rmap.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238058 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

**CVEID:**CVE-2023-22809 DESCRIPTION: Sudo could allow a local authenticated attacker to gain elevated privileges on the system, caused by mishandling extra arguments passed in the user-provided environment variables. By appending arbitrary entries to the list of files to process, an attacker could exploit this vulnerability to achieve privilege escalation.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245036 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar Network Packet Capture 7.5.0 - 7.5.0 Update Package 5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Version Fix
IBM QRadar Network Packet Capture 7.5 IBM QRadar Network Packet Capture 7.5.0 Update Package 6

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmqradar_network_packet_capture_softwareMatch7.5.0
VendorProductVersionCPE
ibmqradar_network_packet_capture_software7.5.0cpe:2.3:a:ibm:qradar_network_packet_capture_software:7.5.0:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.058

Percentile

93.5%