Cybersecurity

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.

The NCCIC has released an advisory about authentication bypass by capture-replay, improper access control, and improper authentication vulnerabilities in GAIN Electronic Co. Ltd SAGA1-L Series. All firmware versions prior to A0.10 are affected. Successful exploitation of these vulnerabilities could allow remote code execution and potentially delete the product’s firmware. GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities.

The NCCIC has released an advisory on stack-based buffer overflow, external control of file name or path, improper privilege management, and path traversal vulnerabilities in Advantech WebAccess. Versions 8.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system. Advantech has released Version 8.3.3 of WebAccess to address the reported vulnerabilities.

The theme for this week of National Cybersecurity Awarness Month is “Critical Infrastructure Cybersecurity,” for which the National Cyber Security Alliance (NCSA) is seeking to raise awareness of the important role individuals and organizations play in helping to protect the assets and systems we depend upon. “NCSA, [the U.S. Department of Homeland Security], and thousands of supporters are committed to reiterating the message that everyone shares a role in protecting cyberspace.