Update June 5, 2020: Qualys’ standard procedure is to give proper credit to the security research teams working diligently to discover and report vulnerabilities. In our rush to deliver this article to customers, we missed giving credit to the talented Cisco Talos team, who are the original authors of this research. After additional review with a … Continue reading “Zoom path traversal into remote code execution vulnerabilities (CVE-2020-6109, CVE-2020-6110)”
Tag: RCE
eG Manager Remote Code Execution Vulnerability(CVE-2020-8591)
Overview: On January 2020, an Improper Access Control vulnerability had discovered in eG manager. Exploitation leads to Remote Code Execution. Improper Access Control describes failure in AAA (Authentication, Authorization, Accounting) security model. The eG Manager is a central web portal which provides administrators with authenticated access over the web to the performance statistics stored in … Continue reading “eG Manager Remote Code Execution Vulnerability(CVE-2020-8591)”
Telerik UI Remote Code Execution via Insecure Deserialization (CVE-2019-18935)
Summary: In the start of May 2020, a mischievous exploit has been out in the wild that uses two CVEs in combination to perform insecure deserialization to a vendor named Telerik. The vulnerability lies in a suite of UI components for web applications called Telerik UI for ASP.NET AJAX. The insecure deserialization of JSON objects … Continue reading “Telerik UI Remote Code Execution via Insecure Deserialization (CVE-2019-18935)”
Draytek Command Injection Vulnerability (CVE-2020-8515)
Summary: In the first week of May 2020,certain vulnerabilities have been observed that allows command injection in DrayTek devices. DrayTek manufactures firewalls, VPN devices, routers and wireless LAN devices. Successful exploitation could allow an attacker to manipulate and play on network traffic, escalated privileges or accounts even, operate SSH ans as such. Description: DrayTek Vigor … Continue reading “Draytek Command Injection Vulnerability (CVE-2020-8515)”
Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)
Vulnerability Overview Recently in the month of February 2020 Microsoft has released patches for 99 CVE’s. It was a large number of fixes in a single month. One of them being CVE-2020-0729 involving window LNK files, also known as shortcut files. CVE-2020-0729 is a remote code execution vulnerability using windows shortcut files. What makes this … Continue reading “Microsoft Windows LNK Remote Code Execution Vulnerability(CVE-2020-0729)”
Google Chrome use-after-free Vulnerability (CVE-2020-6457)
Summary: In the headlines today, we have, Amidst the global lockdown, in the same week where Microsoft had confirmed seven critical vulnerabilities for Windows 10 users, Google has confirmed what it refers to as a critical security vulnerability. Google has not disclosed more details on the vulnerability, but independent cyber-security experts have dug into the … Continue reading “Google Chrome use-after-free Vulnerability (CVE-2020-6457)”
Apache ShardingSphere UI Remote Code Execution Vulnerability (CVE-2020-1947)
Summary: Recently, Apache ShardingSphereofficial release announcement of the 4.0.1 version. An authenticated attacker with default credentials can cause code execution when he/she submits a malicious yaml in the background management office. Classified as CWE-269, impacting confidentiality, integrity, and availability. Description: SnakeYAML library for parsing YAML inputs to load datasource configuration in ShardingSphere’s web console of … Continue reading “Apache ShardingSphere UI Remote Code Execution Vulnerability (CVE-2020-1947)”
Deskpro multiple vulnerabilities information disclosure , privilege escalation to RCE (CVE-2020-11463,CVE-2020-11464,CVE-2020-11465,CVE-2020-11466,CVE-2020-11467)
Summary: In the first week of April, amidst of global lockdown environment, multiple vulnerabilities that includes information disclosure as well as privilege escalation that leads to remote code execution (RCE) were observed in Deskpro. These issues were classified into CWE-200 and CWE-269 that exists in Deskpro prior to 2019.8.0. The /api/email_accounts endpoint failed to properly … Continue reading “Deskpro multiple vulnerabilities information disclosure , privilege escalation to RCE (CVE-2020-11463,CVE-2020-11464,CVE-2020-11465,CVE-2020-11466,CVE-2020-11467)”
MacOS Catalina memory leakage vulnerability (CVE-2020-3847)
Summary: This time an out-of-bounds read vulnerability was observed in in macOS Catalina 10.15.3. that leads to memory leakage vulnerability. Description: The Vulnerability involved in this exploit is in the processing code of SDP (Service Discovery Protocol) data frames. This section briefly introduces the SDP frame, as follows: Image Source: 360 The first byte PDU … Continue reading “MacOS Catalina memory leakage vulnerability (CVE-2020-3847)”
Cisco NX-OS CDP Stack Overflow Remote Code Execution Vulnerability(cisco-sa-20200205-nxos-cdp-rce,CVE-2020-3119)
Summary: A Stack overflow Vulnerability that leads to RCE was observed in Cisco NX-OS software and products. The vulnerability exists in the cdpd_poe_handle_pwr_tlvs function. Description: The Power Request TLV – a CDP TLV frame made for negotiation of Power-over-Ethernet parameters. The Power Request TLV contains a list of requested power specifications. The 16-bit list length … Continue reading “Cisco NX-OS CDP Stack Overflow Remote Code Execution Vulnerability(cisco-sa-20200205-nxos-cdp-rce,CVE-2020-3119)”