Overview On 14th October 2020, Tripwire VERT has published the finding of a stack-based buffer overflow in SonicWall Network Security Appliance (NSA). An unauthenticated HTTP request via a custom protocol handler can exploit this vulnerability. Security researcher Craig Young reported this vulnerability. Description A persistent Denial of Service (DoS) condition and potentially arbitrary code execution is possible by sending a crafted HTTP request to the SonicOS firewall. The vulnerability can be exploited without authentication and insecure SSLVPN that is exposed … Continue reading “SonicWall VPN Portal Buffer Overflow Vulnerability (CVE-2020-5135)”
HP Device Manager Multiple Vulnerabilities (CVE-2020-6925, CVE-2020-6926, CVE-2020-6927)
Overview On 25 September 2020, HP released an advisory to address multiple vulnerabilities (CVE-2020-6925, CVE-2020-6926, and CVE-2020-6927) in the HP Device Manager. Successful exploitation of these vulnerabilities could lead to dictionary attacks, unauthorized remote access to resources, and elevation of privilege. Description CVE-2020-6925 – This vulnerability exists due to weak cipher implementation in HP Device Manager. It may allow dictionary attacks against locally managed accounts in … Continue reading “HP Device Manager Multiple Vulnerabilities (CVE-2020-6925, CVE-2020-6926, CVE-2020-6927)”
Microsoft Windows Critical RCE Vulnerability – Bad Neighbor (CVE-2020-16898)
Multiple vulnerabilities were addressed in Microsoft Patch Tuesday, October 2020. This blog discusses the most critical one out of them – CVE-2020-16898, which makes TCP/IP driver of Windows vulnerable. It eventually causes Denial of Service (DoS) and is said to be a potential Remote Code Execution (RCE), if mixed with other exploits. This CVE is … Continue reading “Microsoft Windows Critical RCE Vulnerability – Bad Neighbor (CVE-2020-16898)”
Pulse Connect Secure authenticated RCE vulnerability (CVE-2020-8243)
Recently, a Perl template injection vulnerability that leads to Remote Code Execution (RCE) was observed in Pulse Connect Secure (PCS) appliances, which was identified as CVE-2020-8243. Credits to identify this CVE goes to Richard Warren and David Cash of NCC group. An authenticated user would be able to inject arbitrary code if the user has … Continue reading “Pulse Connect Secure authenticated RCE vulnerability (CVE-2020-8243)”
Tenda Routers Multiple Security Vulnerabilities
Overview Netlab security researchers published a report recently for a new Mirai-based IoT botnet called Ttint. This IoT botnet spreads by exploiting the two Tenda router zero-day vulnerabilities (CVE-2020-10987, second one is not yet disclosed). Ttint is a remote access Trojan based on Mirai botnet code. Traditional Mirai botnet is mostly used to launch a … Continue reading “Tenda Routers Multiple Security Vulnerabilities”
Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)
Overview: On 19 May 2020, Apache published an advisory to address an insecure deserialization vulnerability in Apache OFBiz. The vulnerability occurs due to Java serialization issues while processing requests sent to the “/webtools/control/xmlrpc” URL. This vulnerability may lead to a variety of attacks like stealing user/admin credentials. This issue can be escalated into a Remote … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)”
Cisco IOS and IOS XE Multiple Vulnerabilities
Multiple vulnerabilities including authorization bypass, DoS, arbitrary code execution and such other critical vulnerabilities were observed in various Cisco IOS and IOS XE devices in September 2020. To this, Cisco published a collated report of all 34 vulnerabilities as an advisory – ERP-74268. In its semi-annual report, published on Sept 24, 2020, Cisco released bundles … Continue reading “Cisco IOS and IOS XE Multiple Vulnerabilities”
OpenSSL Raccoon Vulnerability
A team of researchers has disclosed the details of the timing vulnerability named Raccoon attack in TLS 1.2 and earlier versions. This is a server-side vulnerability that exploits a TLS specification side-channel. Successful exploitation of the vulnerability could lead an attacker to break the encryption and read sensitive communication. In a paper published by Raccoon, … Continue reading “OpenSSL Raccoon Vulnerability”
VPN Vulnerabilities Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA), with contributions from the Federal Bureau of Investigation (FBI), has published a report detailing nefarious activities originating in Iran, targeting several U.S. agencies. Pioneer Kitten and UNC757 were named as malicious actors in the report. Using various tactics, techniques and procedures (TTPs), it was reported that the affected … Continue reading “VPN Vulnerabilities Exploited in the Wild”
Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)
A severe bug identified as CVE-2020-1472 with a criticality of 10 is being exploited publicly in the wild. This bug can take over Windows Servers running as Domain Controllers with domain-level privileges from a remote unauthenticated user. A Dutch team, collectively known as Secura, has published an exploit on Github with a technical writeup. According … Continue reading “Microsoft Windows Netlogon Privilege Escalation Vulnerability (CVE-2020-1472)”