Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740Sophos UTM 9 version 9.410 suffers from a loginuser privilege escalation vulnerability.
6d19a2e36a1817afe48ae38b69347eba16c4c1a70844cc67eafee5f5f2582e45Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability.
c7a07a038914e37b8bfa9c05e6db471f4711c61717d34ae44ed1f91e9397d82cNetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability.
fb130f6f8457644d60ce69b933c8c0f2f4d3daf7e1620fb59e66f170ae55d898NetEx HyperIP version 6.1.0 suffers from a privilege escalation vulnerability.
b6b3f5ba58facfba2eb1750f336aa647a91315ae13af6f460253387be0c2135fNetEx HyperIP version 6.1.0 suffers from a post-authentication command execution vulnerability.
89fd3d5488d7653bb4f6d11f9248ebdc5bc0f4879c689f426770de2762eafd88NetEx HyperIP version 6.1.0 suffers from an authentication bypass vulnerability.
d733aa8090655285b530947e6da39649927c222f511db1714d856155388a8a84Sophos Web Gateway version 4.4.1 suffers from a persistent cross site scripting vulnerability.
137dda80750280087cb36ed57d850fc6348d18929065d814c14652da40181992Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.
927ecfe19fe31d3c7e09dd53fc3c4d83c00e61f2fd48f776a815cc3fefe9be2cSophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.
ba17012c9d21cd3e781e366f214abfdf9faf9780535e543ae9cf3a40603af138Sophos UTM 9 suffers from a loginuser privilege escalation vulnerability via insecure directory permissions. Version 9.410 is affected.
fd8843e98bd26838d92a0d52e8d9620f3e5d6a90bc1aa8cc078996b66040699aSonicwall WXA5000 version 1.3.2-10-30 suffers from console jail escape and privilege escalation vulnerabilities.
528772153763dde340abad6b6f539c06481ea3af1b1c1bc7eda3277928a19022Infoblox NetMRI version VM-AD30-5C6CE suffers from an administration shell factory reset persistence vulnerability.
b441994193d057c810483b9cd2d4dad307269cc38772ac61db1b6c79283f9899Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.
cf2764068642712d57bf637c469af8efd08229679a4265ceb71c2691a388b2a0Software updates for Solarwinds products are packaged and delivered insecurely, leading to root compromise of Solarwinds devices.
2a9df79c742962870c74939e16e4499331d3b9dcdf53b4c3fe83b8d82173b94eSolarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731fThe Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
7086b580e0510a02f02451754011dfa92817d22fce4942667a0c2c95727a7c68The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.
c30a6c337f827c7f205331146c21efde524fe526807aea264c31e3482104d705Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.
41af7991ec90055d2e9576142c80137283f105fdc993d700215ae487f134beefFirmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.
e7f34bb9440ee19f081d01c8da99a0e8de3728fcc56a3f073d87f5c8a3cf2ad7The Postgres database on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has default hardcoded credentials. While some security measures were taken to ensure that network connectivity to the Postgres database wouldn't be possible using IPv4, the same measures were not taken for IPv6.
ad169956f0f3396698d40c18a3a0e55793e890d9d218704c030183521609a602The management shell on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 allows the end user to edit the MOTD banner displayed during SSH logon. The editor provided for this is nano. This editor has a keyboard mapped function which lets the user import a file from the local file system into the editor. An attacker can abuse this to read arbitrary files within the allowed permissions.
2a881d9217c48b1606ec88d0bb0823e2e6d7359165db582cfbbd90943ae24f0eInsufficient input validation in the management interface can be leveraged in order to execute arbitrary commands. This can lead to (root) shell access to the underlying operating system on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
fe9867b691ca5367a9f8e75d21f16e8f3d6804f2ad561bedd0abd524a2546349An attacker can abuse functionality provided by a script which may be run with root privilege in order to elevate privilege on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
541cc742cf8744931b966ccfc14ec82005cd85e4a6e1bff7ce5f93c7ba245576Due to lax filesystem permissions, an attacker can take control of a hardcoded sudo path in order to execute commands as a privileged user on Solarwinds Log and Event Manager Virtual Appliance version 6.3.1.
3f138413d3ee07b7fb98c0ec9430dcebbf62f40cd8ffb3fa592f0455512444f9WatchGuard XTMv version 11.12 Build 516911 suffers from a cross site request forgery vulnerability.
d76e552d2f0dc7711c0487e3374c5934f3930f35befe6e17dc13aafd7bf6ba4a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed