How to Detect PoshC2 PowerShell Implants
PoshC2 is a proxy-aware cross-platform C2 framework that natively supports Docker. Once configured and executed, it generates over 100 modifications of fresh implants, written in PowerShell, C#, and Python. The framework has a modular architecture to enable users to...
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in...
TheGradCafe – 310,975 breached accounts
In February 2023, the grad school admissions search website TheGradCafe suffered a data breach that disclosed the personal records of 310k users. The data included email addresses, names and usernames, genders, geographic locations and passwords stored as bcrypt hashes....
CP Plus KVMS Pro
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: CP Plus
Equipment: KVMS Pro
Vulnerability: Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of...
RoboDK
1. EXECUTIVE SUMMARY
CVSS v3 7.9
ATTENTION: Low attack complexity
Vendor: RoboDK
Equipment: RoboDK
Vulnerability: Incorrect Permission Assignment for Critical Resource
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could allow attackers to write files to the RoboDK directory and achieve...
ABB Pulsar Plus Controller
1. EXECUTIVE SUMMARY
CVSS v3 6.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ABB
Equipment: Pulsar Plus Controller
Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF)
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code....
Schneider Electric IGSS
1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: IGSS (Interactive Graphical SCADA System)
Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of Untrusted Data, Improper Limitation of a Pathname to a Restricted Directory, and Improper Input...
SAUTER EY-modulo 5 Building Automation Stations
1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: SAUTER
Equipment: EY-modulo 5 Building Automation Stations
Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution...
ProPump and Controls Osprey Pump Controller
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: ProPump and Controls, Inc.
Equipment: Osprey Pump Controller
Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an...
Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device.
This vulnerability is due to insufficient memory protection in the Meraki onboarding feature...
Cisco Access Point Software Association Request Denial of Service Vulnerability
A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An...
Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is...
Cisco DNA Center Privilege Escalation Vulnerability
A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device.
This vulnerability is due to the unintended exposure of...
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due...
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time...
Cisco IOS XE Software Web UI Path Traversal Vulnerability
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI.
This vulnerability is due to...
Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability
A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to insufficient restrictions on the hosted application....
Cisco DNA Center Information Disclosure Vulnerability
A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials.
This vulnerability is due...
Cisco Access Point Software Command Injection Vulnerability
A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges.
This vulnerability is due to improper input validation of commands that are issued from a wireless...
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability
A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a...