A Vulnerability in WordPress File Manager Plugin Could Allow for remote Code Execution

Risk Description: The Bhutan Computer Incident Response Team recommends WordPress website administrators about the new Vulnerability identified in the File Manager plugin which allows remote code execution. File Manager Plugin allows site Admins to upload, edit. delete files and folders directly from the WordPress backend without having to use FTP. If the vulnerability exploited successfully, it would allow attacker to upload web shell disguised inside an image file on the victim’s server. The attacker then access the web shell and take over the victim’s site. Versions Affected: File manager versions 6.0 – 6.8 Recommendations: Apply appropriate updates provided by...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the following Cisco Advisories and apply the necessary updates: Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability cisco-sa-jabber-UyTKCPGg Enterprise NFV Infrastructure Software File Overwrite Vulnerability cisco-sa-nfvis-file-overwrite-UONzPMkr Jabber for Windows Protocol Handler Command Injection Vulnerability cisco-sa-jabber-vY8M4KGB IOS XR Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-cli-privescl-sDVEmhqv IOS XR Software Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-LJtNFjeN...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the following Cisco Advisories and apply the necessary updates: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability cisco-sa-fxos-nxos-cfs-dos-dAmnymbd Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability cisco-sa-n3n9k-priv-escal-3QhXJBC Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability cisco-sa-nxos-dme-rce-cbE3nhZS Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service...

Mozilla Releases Security Updates

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the following Mozilla Security Advisories and apply the necessary updates. Firefox 80 Firefox ESR 68.12 Firefox ESR 78.2 Thunderbird 68.12 Thunderbird 78.2...

Google Releases Security Updates for Chrome

Google has released Chrome version 85.0.4183.83 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends  users and administrators to review  the  Chrome Release and apply the necessary update...