Unauthenticated Action – Page 5 – Computer Security Articles

Credit to Author: SSD / Maor Schwartz| Date: Wed, 22 Nov 2017 06:26:27 +0000

Vulnerabilities Summary The following advisory describes three (3) vulnerabilities found in Cambium Network Updater Tool and Networks Services Server. The Network Updater Tool is “a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an … Continue reading SSD Advisory – Cambium Multiple Vulnerabilities

Independent Securiteam

SSD Advisory – DblTek Multiple Vulnerabilities

November 21, 2017 admin Remote Command Execution, Remote File Inclusion, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 21 Nov 2017 12:14:39 +0000

Vulnerabilities summary The following advisory describes 2 (two) vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 16, and 32-channel in order to meet the wide range of market … Continue reading SSD Advisory – DblTek Multiple Vulnerabilities

Independent Securiteam

SSD安全公告-思科UCS平台模拟器远程代

November 14, 2017 admin Chinese Translation, Remote Code Execution, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 14 Nov 2017 12:27:06 +0000

漏洞概要以下安全公告描述了在思科UCS平台模拟器3.1(2ePE1)中发现的两个远程代码执行漏洞。思科UCS平台模拟器是捆绑到虚拟机(VM)中的Cisco UCS Manager应用程序，VM包含模拟思科统一计算系统（Cisco UCS）硬件通信的软件，思科统一计算系统（Cisco UCS）硬件由思科UCS Manager配置和管理。例如，你可以使用思科UCS平台模拟器来创建和测试支持的思科UCS配置，或者复制现有的思科UCS环境，以进行故障排除或开发。在思科UCS平台模拟器中发现的漏洞是：未经验证的远程代码执行漏洞经认证的远程代码执行漏洞一名独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞。厂商响应厂商已经发布了该漏洞的补丁，并发布以下CVE： CVE-2017-12243 漏洞详细信息未经验证的远程代码执行漏洞由于用户的输入在传递给IP/settings/ping函数时没有进行充分的过滤，导致未经身份验证的攻击者可以通过ping_NUM和ping_IP_ADDR参数注入命令，这些命令将在远程机器上以root身份执行。漏洞证明 [crayon-5a0b6be0a3646409145393/] 通过发送以上请求之一后，思科 UCS响应如下： [crayon-5a0b6be0a364d408882306/] 经认证的远程代码执行漏洞思科UCS平台模拟器容易受到格式字符串漏洞的攻击，导致远程代码执行。思科UCS平台模拟器默认运行一个SSH服务器，通过ssh登录的用户运行以下命令： [crayon-5a0b6be0a3651407130446/] 得到下面的响应： [crayon-5a0b6be0a3653646969713/] 可以看到，通过执行ssh“show sel %x”命令，我们用libsamvsh.so中的system函数覆写了_ZN7clidcos15CommandEmulator16cli_param_filterEPKc函数的入口。漏洞证明为了利用此漏洞，请按照以下说明操作：使用以下用户名和密码在vm上安装ucspe（安装全部3个网卡）：默认的ucspe用户：ucspe 默认的ucspe密码：ucspe 运行ucspe并记下ucspe的ip地址（在控制台可以看到“Connected to IP: ….”）在这次漏洞证明中，我们将会使用ip-192.168.1.43。在另一台机器上打开两个终端（例如Kali）首先，在第一个终端上执行如下操作：创建poc目录，将poc4_ucspe_3.1.2e.py放入poc目录，然后将当前目录改为poc目录创建fifo1： [crayon-5a0b6be0a3656341006860/] 创建输出目录： [crayon-5a0b6be0a3658354860561/] … Continue reading SSD安全公告-思科UCS平台模拟器远程代

Independent Securiteam

SSD 安全公告-McAfee LiveSafe MiTM 注册表修改导致远程执行命令漏洞

November 14, 2017 admin Chinese Translation, Man In The Middle, Remote Code Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 14 Nov 2017 12:11:39 +0000

漏洞概要以下安全公告描述了在 McAfee LiveSafe (MLS) 中存在的一个远程命令执行漏洞，该漏洞影响了McAfee LiveSafe（MLS）16.0.3 之前全部版本. 之前全部版本. 漏洞允许网络攻击者通过篡改 HTTP 后端响应, 进而修改与 McAfee 更新相关的 Windows 注册表值. McAfee Security Scan Plus 是一个免费的诊断工具,通过主动地检查计算机中最新的防病毒软件、防火墙和网络安全软件更新,确保用户免受威胁,同时还会扫᧿正在运行程序中的威胁. 漏洞ᨀ交者一家独立的安全研究公司 Silent Signal 向 Beyond Security 的 SSD 报告了该漏洞。厂商响应厂商已经发布针对该漏洞的补丁地址。获取更多信息: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714 CVE: CVE-2017-3898 漏洞详细信息网络攻击者可以在多个 McAfee 产品中实现远程代码执行。受影响的产品会通过明文 HTTP 通道从 http://COUNTRY.mcafee.com/apps/msc/webupdates/mscconfig.asp 中检索配置数据 (其中的“COUNTRY”修改为国家的两字母标识符,例如“uk”) 响应的正文包含 XML 格式数据,类似于下面的代码: [crayon-5a0b6be0a3ef1483398647/] 上述响应᧿述了在 webservice-response/update 路径下使用 reg 标签进行注册表修改的行为。 … Continue reading SSD 安全公告-McAfee LiveSafe MiTM 注册表修改导致远程执行命令漏洞

Independent Securiteam

SSD安全公告–Ametys CMS未经身份验证

November 14, 2017 admin Chinese Translation, Password reset, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 14 Nov 2017 12:10:25 +0000

漏洞概要下面我们将描述在Ametys CMS 4.0.2版本中发现的密码重置漏洞。 Ametys是一个免费的开源内容管理系统（CMS），它基于JSR-170存储内容，有公开的小工具和一个面向xml的框架。漏洞提交者一位独立的安全研究人员—何塞·路易斯（Jose Luis），向Beyond Security的SSD报告了该漏洞。厂商响应 Ametys已经发布了修补该漏洞的补丁-Ametys CMS 4.0.3 获取更多细节：https://issues.ametys.org/browse/RUNTIME-2582 漏洞详细信息由于对用户的输入没有进行充分的检查，导致未经验证的用户可以执行未授权的管理操作。 Ametys CMS仅在Web请求中包含/cms/时才检查授权。这样，我们就可以重置任何用户的密码，包括管理员用户。漏洞证明通过发送以下POST请求，我们可以获得用户列表： [crayon-5a0b6be0a435a552881165/] 然后，服务器将响应如下： [crayon-5a0b6be0a4362693871138/] 从服务器的响应中可以获取到字段“populationId”和“login”的值，这些值将会用于下一个请求。现在，我们需要执行另一个请求来更改admin用户的密码： [crayon-5a0b6be0a4366202170605/] 执行这个请求后，服务器将响应： [crayon-5a0b6be0a436a547248671/] 现在，你可以使用密码MYNEWPASSWORD以管理员身份登录系统。

Independent Securiteam

SSD Advisory – Ametys CMS Unauthenticated Password Reset

November 7, 2017 admin Password reset, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 07 Nov 2017 09:23:50 +0000

Vulnerability Summary The following advisory describes a password reset vulnerability found in Ametys CMS version 4.0.2 Ametys is “a free and open source content management system (CMS) written in Java. It is based on JSR-170 for content storage, Open Social for gadget rendering and a XML oriented framework.” Credit An independent security researcher, Jose Luis, … Continue reading SSD Advisory – Ametys CMS Unauthenticated Password Reset

Independent Securiteam

SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

November 1, 2017 admin Remote Code Execution, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Wed, 01 Nov 2017 05:08:10 +0000

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.1(2ePE1). Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The VM includes software that emulates hardware communications for the Cisco Unified Computing System (Cisco UCS) hardware that is configured … Continue reading SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

Independent Securiteam

SSD Advisory – Geneko Routers Information Disclosure

October 23, 2017 admin Information Disclosure, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Mon, 23 Oct 2017 10:26:40 +0000

Vulnerability Summary The following advisory describes an information disclosure vulnerability found in Geneko Routers version 3.18.21 Geneko GWG is “compact and cost effective communications solution that provides cellular capabilities for fixed and mobile applications such as data acquisition, smart metering, remote monitoring and management. GWG supports a variety of radio bands options on 2G, 3G … Continue reading SSD Advisory – Geneko Routers Information Disclosure