VMWare Security Advisory - VMSA-2020-0010 - https://www.vmware.com/security/advisories/VMSA-2020-0010.html
Wireshark Release - 2.6.17, 3.0.11 and 3.2.4 - https://www.wireshark.org/news/20200519.html

What is up on Port 62234?

Published: 2020-05-19
Last Updated: 2020-05-19 14:56:29 UTC
by Rick Wanner (Version: 1)
6 comment(s)

Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early warning system of unusual activity.  Well today's data has revealed a confounding one.  Port 62234, which traditionally has zero on near zero sources attempting to access it suddenly has hundreds of sources.

This port is not one I have seen as a target before, and none of my sources show any traffic on this port. A check of Shodan shows only 3 hits, and two of those appear to be BitTorrent related.  I am at a loss.  If any of you has further information,  firewall logs, or better yet, packet captures of this activity it would be appreciated if you could send it over for analysis.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: 62234
6 comment(s)

Cisco Advisories for FTD, ASA, Firepower 1000

Published: 2020-05-19
Last Updated: 2020-05-19 14:25:26 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Cisco has released a number of advisories for Firepower and Adaptive Security Appliance (ASA). 

Cisco Adaptive Security Appliance Software
CVE-2020-3259 - Web Services Information Disclosure Vulnerability – High 
-    An unauthenticated, remote, attacker can access memory and potentially confidential information.
CVE-2020-3298 - Malformed OSPF Packets Denial of Service Vulnerability – High
-    An unauthenticated, remote, attacker could cause a device to reload resulting in DOS
CVE-2020-3196SSL/TLS Denial of Service Vulnerability - High
-    Unauthenticated, remote attacker can exhaust memory resources leading to DOS
CVE-2020-3195OSPF Packet Processing Memory Leak Vulnerability – High
-    Unauthenticated, remote attacker can exhaust memory resources resulting in DOS

Firepower Threat Defense
CVE-2020-3259 - Web Services Information Disclosure Vulnerability – High 
-    An unauthenticated, remote attacker can access memory and potentially confidential information.
CVE-2020-3298 - Malformed OSPF Packets Denial of Service Vulnerability – High
-    An unauthenticated, remote, attacker could cause a device to reload resulting in DOS
CVE-2020-3255Packet Flood Denial of Service Vulnerability – High
-    An unauthenticated, remote attacker can cause a DOS on the device.
CVE-2020-3189VPN System Logging Denial of Service Vulnerability - High
-    Unauthenticated, remote attacker can cause memory leak resulting in device degradation or crash.
CVE-2020-3196SSL/TLS Denial of Service Vulnerability - High
-    Unauthenticated, remote attacker can exhaust memory resources leading to DOS
CVE-2020-3195OSPF Packet Processing Memory Leak Vulnerability – High
-    Unauthenticated, remote attacker can exhaust memory resources resulting in DOS

Firepower 1000
CVE-2020-3283SSL/TLS Denial of Service Vulnerability – High
-    Unauthenticated, remote attacker can cause buffer underrun resulting in DOS.

Althought Cisco rated all of these vulnerabilities the same, high, most of them require a patient, determined attacker and will result in a DOS condition.  The exception to this is CVE-2020-3259 which can result in a breach of sensitive information. Either way the solution is to upgrade to an unaffected version of the software.
 

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: Cisco DOS
0 comment(s)
ISC Stormcast For Tuesday, May 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7002

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
5 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
5 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives