Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)

Zyxel Firewall is vulnerable to a critical vulnerability being used in recent cyberattacks. Tracked as CVE-2024-11667, the flaw used to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued the details informing the severity of these attacks and the immediate steps that organizations must take to protect their network devices. CVE-2024-11667 is a … Continue reading “Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)”

Ivanti Avalanche Directory Traversal Vulnerability (CVE-2023-41474)

Ivanti Avalanche, a popular mobile device management system, is vulnerable to a limited unauthenticated path traversal vulnerability, tracked as CVE-2023-41474. The vulnerability may allow an unauthenticated attacker to access any file under C:\\PROGRAM DATA\\Wavelink\\AVALANCHE\\Web\ webapps\AvalancheWeb in a default configuration. However, an attacker can only read some specific file extensions like .xml or .html, depending on the … Continue reading “Ivanti Avalanche Directory Traversal Vulnerability (CVE-2023-41474)”

Spring Cloud Config Directory Traversal Vulnerability(CVE-2020-5410)

Overview On June 2020, VMware published a report  to address Directory Traversal vulnerability (CVE-2020-5410), found in VMware Spring Cloud Config. This product provides server and client-side support for storing and serving distributed configurations across multiple applications and environments. With this config server, customers have a central place for managing external properties of all the applications. … Continue reading “Spring Cloud Config Directory Traversal Vulnerability(CVE-2020-5410)”