JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Advisory CVE-2022-37832 – Mutiny Network Monitoring Appliance hardcoded credentials

Software: Mutiny Network Monitoring Appliance Affected versions: <= 7.2.0-10855 Vendor page: www.mutiny.com CVE Reference: CVE-2022-37832 Published: 16/12/2022 CVSS 3.1 Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector: Network Credit: Ryan Saridar Summary An attacker can log in as root remotely to the appliance via SSH. Mitigation Upgrade to version 7.2.0-10855 onwards to remediate the problem. Technical details Before version 7.2.0-10855, the SSH service allows password login to the appliance. The use of weak, hardcoded root credentials between versions means that an attacker with knowledge of this fixed password can log into the appliance remotely and gain unrestricted access to it. Between version 7.2.0-10788 and up to 7.2.0-10850, key-based authentication was introduced, however password-based authentication was not yet disabled. On the patched version, key-based...

read more

QUEST KACE Desktop Authority Pre-Auth Remote Code Execution (CVE-2021-44031)

Software: QUEST KACE Desktop AuthorityAffected Versions: 11.1 and earlier. Vendor page: https://www.quest.com/products/kace-desktop-authority/CVE Reference: CVE-2021-44031Published: 19/11/2021CVSS 3.1 Score: 9.8 CriticalAttack Vector: Pre-authenticated Remote Code ExecutionCredits: Tom Ellson JUMPSEC recently discovered multiple vulnerabilities in Quest KACE Desktop Authority 11.1. This is an...

read more

Abusing SharedUserData For Defense Evasion and Exploitation

Over the past few weeks, I have been working on a custom packer in my spare time. In doing so, I needed to create a method of delaying execution within the unpacker stub that didn’t use any pre-defined functions. This post documents what I discovered during this project as well as some future plans I have for this method. What is SharedUserData and Why does it exist?_KUSER_SHARED_DATA...

read more

(ZOHO) ManageEngine Desktop Central – Path Traversal / Arbitrary File Write

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46165 & CVE-2021-46166Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the second post in our two part series on...

read more

(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write

Software: Zoho ManageEngine Desktop CentralAffected Versions: Before 10.0.662Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.htmlCVE Reference: CVE-2021-46164Published: 09/01/2022CVSS 3.1 Score: 8.8 HighAttack Vector: SQL Injection / Arbitrary File WriteCredits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop...

read more

Advisory CVE-2021-41551 Leostream Connection Broker – Authenticated Zip Slip

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41551Published: 25/01/2022Attack Vector: path traversal, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading a...

read more

Advisory CVE-2021-41550 Leostream Connection Broker – Authenticated Remote Code Execution

Software: Leostream Connection BrokerAffected Versions: 9.0.40.17Vendor page: https://leostream.com/CVE Reference: CVE-2021-41550Published: 25/01/2022Attack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit Seriamnuai, Andrea Malusardi Summary As the Leostream Connection Broker version: 9.0.40.17 allowed an attacker to upload any content through Third Party...

read more

GitHub Activity

 

Twitter

Advisory CVE-2022-37832 - Mutiny Network Monitoring Appliance hardcoded credentials.
Full information here: ➡️ https://t.co/jhp1fHIrR8
#vulnerability #cve #networkmonitoring @Mutiny https://t.co/MKbl9mQTdx
Read our latest blog - Implementation and Dynamic Generation for Tasks in Apache Airflow tackling a number of challenges discovered along the way. And the solutions...
Read here: https://t.co/YPEYUO8U6c

#machinelearning #cybernews #labs #apache #apacheairflow https://t.co/kFYyHKX4iU
We're excited to be a sponsor @BsidesLondon 2022!
We have TWO tickets to give away.🎟️🎟️ Keep an eye 👀on our @JUMPSEC and @JumpsecLabs Twitter feed early next week to get your hands on them...🤲 Watch this space..................

#cyberSecurity #cybernews #giveaway https://t.co/lcHGSSoAiV
Jordan discusses how Red Teamers can abuse SharedUserData attributes to evade behavioural analysis based detection for most Anti-virus and EDR solutions.
Read here ➡️ https://t.co/O9gafp9AOA
#Offsec #Exploits #DefenceEvasion @0xLegacyy @JUMPSEC https://t.co/E5JUu8NHth
Part2 ManageEngine Desktop Central Application (MEDC). @tde_sec explores ways of exploiting the vulnerabilities identified. Read here ➡️ https://t.co/cvOK0dY4QU

#cybersecurity #vulnerabilities #SQL
@manageengine #cybernews https://t.co/wwv6HS8WPJ

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.