JUMPSEC LABS

The JUMPSEC Lab is a place where the the technical team get creative and showcase their latest security research, publications, interesting news and general thoughts!  We love what we do and are passionate about security, with some great upcoming projects planned, bookmark our site and stick around to see what we are working on.

Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS

Software: Ivanti Endpoint ManagerAffected Versions: <= 2020.1.1Vendor page: www.ivanti.comCVE Reference: CVE-2020-13773Published: 13/11/2020CVSS 3.1 Score: 5.5 - AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LAttack Vector: Remote, authenticatedCredits: Andrei Constantin Scutariu, Lenk Ratchakrit, Calvin Yau Summary Various web pages on Ivanti Unified Endpoint Manager web management console lack proper input validation on parameters passed in HTTP request, leaving the application vulnerable to client-side attacks. An attacker able to cause the victim to open a malicious URL would obtain javascript code execution on the victim's browser and potentially be able to obtain sensitive information and execute actions on their behalf. Mitigation There is currently no fix for this issue. The vendor has yet to release a patch to address the vulnerability; it is advised to review the host configuration...

read more
Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload

Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload

Improper validation on file upload functionality present in Ivanti Unified Endpoint Manager’s web management console permits an authenticated user to upload .aspx files and execute them on the MS IIS server’s context. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

read more

Ghost In The Shellcode 2015 CTF: Write-up for cloudfs challenge

Hello there, in this post I will describe how I solved the cloudfs challenge of Ghost In The Shellcode 2015. This challenge was under the Forensics category and was awarded 200 points (middle ground!). It wasn't so hard, and someone could argue that shouldn't award the same points with "the alpha molecular" or the similars from the crypto category but it's okay (it's very common actually in...

read more

LAYER 8 – Patching the un-patchable….

Computer systems and software have been continually evolving year upon year.  Faster processing and data transfer coupled with more accessible storage have made crunching vast amounts of data possible in mere nanoseconds. Computer security and controls have improved as well, we now have intelligent firewalls, web proxies, file integrity monitoring, DLP, IAM and all sorts of amazing new...

read more

Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114] : Attacks and Defenses

Recently two 0-day exploits were revealed. The first one was given the name Sandworm, however, the name convention was mistakenly including the "worm" term as we will see. The second one CVE-2014-4113 is a privilege escalation local exploit for Windows. Sandworm as said includes the word  "worm" most likely for making the situation more dramatic. A worm is a self-propagating piece of code that...

read more

GPU Password Cracking Hype

Ditch the CPU for password cracking even if you have an overclocked Extreme Intel Core i7, they just aren't made for password cracking since they only contain a small number of cores. Instead set your sights on a high powered graphics cards with with the primary aim of finding cards with a high number of cores, for instance the GeForce GTX TITAN Z features a whopping 5760 cores. Imagine the...

read more

GitHub Activity

 

Twitter

5 months ago
Detecting known DLL hijacking and named pipe token impersonation attacks with Sysmon https://t.co/zaCERBG3ys #sysmon #blueteam #privesc #detection
5 months ago
Advisory CVE-2020-13773 – Ivanti Unified Endpoint Manager Reflected XSS https://t.co/gpqpRsoalK #ivanti #landesk #cve #xss
5 months ago
Advisory CVE-2020-13769 – Ivanti Unified Endpoint Manager SQL injection https://t.co/ViP2ZH2M8o #ivanti #landesk #cve #sqli
5 months ago
Advisory CVE-2020-13774 – Ivanti Unified Endpoint Manager authenticated RCE via file upload https://t.co/Qtux51SyMr #ivanti #landesk #rce #cve
5 months ago
Advisory CVE-2020-13771 – Ivanti Unified Endpoint Manager DLL search order hijacking privilege escalation https://t.co/eJK5T2K0Nd #ivanti #landesk
5 months ago
Advisory CVE-2020-13770 – Ivanti Unified Endpoint Manager named pipe token impersonation privilege escalation https://t.co/6rBlfB7LxP #ivanti #landesk

Disclaimer

The information provided on this website is to be used for educational purposes only. The author is in no way responsible for any misuse of the information provided. Any actions and or activities related to the material contained within this website is solely your responsibility.