A Java deserialization vulnerability exists in the QRadar RemoteJavaScript Servlet. An authenticated user can call one of the vulnerable methods and cause the Servlet to deserialize arbitrary objects. An attacker can exploit this vulnerability by creating a specially crafted (serialized) object, which amongst other things can result in a denial of service, change of system settings, or execution of arbitrary code. This issue was successfully verified on QRadar Community Edition version 7.3.1.6 (7.3.1 Build 20180723171558).
a463b8b79e96cf68c6dcd5ec759ee016A file hijacking vulnerability was found in the Microsoft OneDrive client. This vulnerability allows a local attacker to plant a DLL file on the local machine. This DLL will then be loaded whenever (another) user launches OneDrive, running with the privileges of the victim. This issue was successfully verified on Microsoft OneDrive version 19.232.1124.0010.
834603f1a95f27a160459efee2807af1Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names.
e5a3959bc7c5608c73bf90960397d443QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens (UUIDs). QRadar fails to validate if the user-supplied token is in the correct format. Using path traversal it is possible for authenticated users to impersonate other users, and also to executed arbitrary code (via Java deserialization). The code will be executed with the privileges of the Tomcat system user.
6cb180e7e16b46cc6581407a5507d0a0QRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability.
9f24dd39f62a7f642dc8c11ad679f568QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.
f813c8f629536b1985d46109b98d02f8QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability.
829d59fdbec4c7b0c02f591307aaf419QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh.
78916b6ddfb832ae9b4373ee1c58da01QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page.
fe186d0de8d1507e14a349eb48108ff7QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities.
c78a8cc9951bc948028d5c3082e91a0fQRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation (whitelisting), it is possible for authenticated attackers to execute Server-Side Request Forgery attacks. Using this issue it is possible to call the Apache Axis AdminService webservice in order to execute arbitrary code with the privileges of the Tomcat user.
de790813f9ae985ff869c69760705113QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including (encrypted) credentials and host tokens. With these host tokens it is possible to access other parts of QRadar.
2a17539a1ba52a631c01849db48b744cA vulnerability was found in the TrueVector Internet Monitor service, which is installed as part of the Check Point ZoneAlarm firewall. This vulnerability allows a local attacker to cause the affected service to change the file permissions of arbitrary local files. After the file permissions have been changed, the attacker can then overwrite its content, and ultimately gain elevated privileges on the vulnerable machine. This vulnerability was successfully verified on ZoneAlarm Free Firewall version 15.8.023.18219 and TrueVector Internet Monitor version 15.8.7.18219.
1e8fb7ac9173e275aa2f2eb88bbbecd5Ivanti Workspace Control contains a flaw where it is possible to access folders that should be protected by Data Security. A local attacker can bypass these restrictions using localhost UNC paths. Depending on the NTFS permissions it may be possible for local users to access files and folders that should be protected using Data Protection. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
148e251d9ddfd0423ac5e26fca7cc59aA flaw was found in Workspace Control that allows a local unprivileged user to retrieve the database or Relay server credentials from the Windows Registry. These credentials are encrypted, however the encryption that is used is reversible. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
40fda4c2a16f2e00046340df84539054It was found that Ivanti Workspace Control allows a local (unprivileged) attacker to run arbitrary commands with Administrator privileges. This issue can be exploited by spawning a new Composer process, injecting a malicious thread in this process. This thread connects to a Named Pipe and sends an instruction to a service to launch an attacker-defined application with elevated privileges. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1 and 10.2.950.0.
7ee90d03763dd9d1bf3d0ff765a7bab3It was found that the PowerGrid application can be used to run arbitrary commands via the /SEE command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.950.0.
40d40eb07c533689a9146b8d54b35a20It was found that the PowerGrid application will execute rundll32.exe from a relative path when it is started with the /RWS command line option. An attacker can abuse this issue to bypass Application Whitelisting in order to run arbitrary code on the target machine. This issue was successfully verified on Ivanti Workspace Control version 10.2.700.1.
81f68b864a5e934987060adf6222477bIt was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This vulnerability was successfully verified on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172. This issue is not limited to the model that was used to find this vulnerability since most of the products in the My Cloud series share the same (vulnerable) code.
8137c7cec868dfc1cc789683ce268ce8Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability.
6de4d493c54ea789d91dbcba0df1db8bSeagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
5ae797b5faaf3d32724a1d8e66d233b3VTech DigiGo with firmware 83.60630 suffers from a browser overlay attack vulnerability.
77cea9e9382eded61fbed8053c84a2adKaseya VSA version 9.2 suffers from an authentication bypass vulnerability.
7283fc16d75dc79988225cb4c903d5c5Kaseya VSA version 9.2 suffers from a remote shell upload vulnerability.
907b91ed2f652a5d04feabc0ab331cb0VTech DigiGo with firmware version 83.60630 fails to perform validation of TLS certificates.
59ddde2caff6394072eed1459a12fd42
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed