Category Archives: Advisories

SEC Consult SA-20220602-0 :: Multiple Memory Corruption Vulnerabilities in dbus-broker

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220602-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: dbus-broker
vulnerable version: dbus-broker-29
fixed version: dbus-broker-31
CVE number: CVE-2022-31212, CVE-2022-31213
impact: medium
homepage:…

Read More

SEC Consult SA-20220601-1 :: Authenticated Command Injection in Poly Studio

Read Time:19 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-1 >
=======================================================================
title: Authenticated Command Injection
product: Poly Studio X30, Studio X50, Studio X70, G7500
vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0
fixed version: 3.7.0 or higher
CVE number: CVE-2022-26481
impact: critical
homepage:…

Read More

SEC Consult SA-20220601-0 :: Multiple Critical Vulnerabilities in Poly EagleEye Director II

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220601-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Poly EagleEye Director II
vulnerable version: 2.2.1.1 (Jul 1, 2021)
fixed version: 2.2.2.1 or higher
CVE number: CVE-2022-26479, CVE-2022-26482
impact: critical
homepage:…

Read More

SEC Consult SA-20220531-0 :: Backdoor account in Korenix JetPort 5601V3

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 03

SEC Consult Vulnerability Lab Security Advisory < 20220531-0 >
=======================================================================
title: Backdoor account
product: Korenix JetPort 5601V3
vulnerable version: Firmware version 1.0
fixed version: None
CVE number: CVE-2020-12501
impact: High
homepage: https://www.korenix.com/
found: 2020-04-06…

Read More

Re: Three vulnerabilities found in MikroTik’s RouterOS

Read Time:23 Second

Posted by Q C on Jun 03

[update 2022/05/30] Two CVEs have been assigned to these vulnerabilities.

CVE-2021-36613: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the ptp process. An authenticated remote
attacker can cause a Denial of Service (NULL pointer dereference).

CVE-2021-36614: Mikrotik RouterOs before stable 6.48.2 suffers from a
memory corruption vulnerability in the tr069-client process. An
authenticated remote…

Read More

[CVE-2021-40150] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Web Server Configuration Disclosure

Read Time:25 Second

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2021-40150

2. CREDITS
==========…

Read More

[CVE-2021-40149] Reolink E1 Zoom Camera <= 3.0.0.716 Unauthenticated Private Key Disclosure

Read Time:25 Second

Posted by Julien Ahrens (RCE Security) on Jun 03

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Reolink E1 Zoom Camera
Vendor URL: https://reolink.com/product/e1-zoom/
Type: Exposure of Sensitive Information to an Unauthorized Actor [CWE-200]
Date found: 2021-08-26
Date published: 2022-06-01
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2021-40149

2. CREDITS
==========…

Read More

A Vulnerability in Atlassian Confluence Server and Data Center Could Allow for Remote Code Execution

Read Time:33 Second

A vulnerability has been discovered in Atlassian Confluence Server and Data Center, which could allow for remote code execution. Confluence is a wiki tool used to help teams collaborate and share knowledge efficiently. Successful exploitation of this vulnerability could allow for remote code execution within the context of the service account used to run the Confluence Server or Data Center service. Depending on the privileges associated with the service account, an attacker could view, change, or delete data. If the service account has been configured to have fewer rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

Read More

Active Exploitation of WSO2 Vulnerability (CVE-2022-29464) Delivers Malware

Read Time:2 Minute, 19 Second

FortiGuard Labs is aware that a WSO2 vulnerability (CVE-2022-29464) that was patched in February 2022 and was disclosed in April is still being actively exploited in the field. CVE-2022-29464 is an unrestricted arbitrary file upload, and remote code execution vulnerability that allows unauthenticated and remote attackers to execute arbitrary code in the vulnerable WSO2 products. Why is this Significant?This is significant because despite the fact CVE-2022-29464 was patched in February and was disclosed in April, the vulnerability is still being actively exploited. This means that attacks that leverage CVE-2022-29464 have some level of success rate even now. With the vulnerability being actively exploited and a Proof-of-Concept (POC) code became publicly available in late April. users and administrators should review the WSO2’s advisory and apply the patch or necessary workaround.Also, CVE-2022-29464 is included in the CISA’s Known Exploited Vulnerabilities Catalog, which lists vulnerabilities that US federal agencies are required to patch their information systems within specific timeframes and deadlines.What is CVE-2022-29464?CVE-2022-29464 is a vulnerability in multiple WSO2 products that allows unauthenticated and remote attackers to execute arbitrary code on the affected systems. The vulnerability is rated Critical and has a CVSS Score of 9.8. The advisory has the following products as vulnerable:WSO2 API Manager 2.2.0, up to 4.0.0WSO2 Identity Server 5.2.0, up to 5.11.0 WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0WSO2 Identity Server as Key Manager 5.3.0, up to 5.11.0WSO2 Enterprise Integrator 6.2.0, up to 6.6.0WSO2 Open Banking AM 1.4.0, up to 2.0.0 WSO2 Open Banking KM 1.4.0, up to 2.0.0What Malware were Deployed after Successful Exploitation of CVE-2022-29464?Cobalt Strike, backdoor, cryptocoin miner and hacktool are reported to have been deployed to the compromised systems.Has the Vendor Released an Advisory?Yes. See the Appendix for a link to “Security Advisory WSO2-2021-1738”.Has the Vendor Released a Patch for CVE-2022-29464?Yes. According to the WSO’s advisory, WSO2 released temporary mitigations in January 2022 and released permanent fixes for all the supported product versions in February.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against files associated with CVE-2022-29464:W64/Agent.CY!trELF/Agent.AR!trELF/BitCoinMiner.HF!trJava/Agent.AUJ!trJava/Webshell.E!trJava/Webshell.0CC4!trRiskware/Generic.H2Malicious_Behavior.SBFortiGuard Labs provides the following IPS coverage against CVE-2022-29464:WSO2.fileupload.Arbitrary.File.Upload (default action is set to pass)Known network IOCs for CVE-2022-29464 are blocked by the WebFiltering client.

Read More