SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1.

By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content.

Oracle’s products for knowledge management help users find useful knowledge contained in corporate information stores.

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Oracle has released patches to address this vulnerability, for more details see: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html.

Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

SSD Advisory – HiSilicon Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware.

HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and solution for network surveillance, videophone, DVB and IPTV.

The vulnerabilities found in HiSilicon ASIC firmware are:

  1. Buffer overflow in built-in webserver
  2. Directory path traversal built-in webserver

The list of vendors working with HiSilicon is unknown. We manage to identify 55 different vendors, all of them are still vulnerable.

Here is example of 10 vendors using the HiSilicon application-specific integrated circuit (ASIC) chip set in their products (the full list can be found in the end of this report):

  1. http://www.vacron.com/products_CCTV_dvr.html
  2. http://www.gess-inc.com/gess/dvrs/
  3. http://www.jufenginfo.com/en/product-list.php?cid=10&pid=166&parid=175
  4. http://egpis.co.kr/egpis/product.php?category=AHD&category2=AHD_D
  5. http://optimus-cctv.ru/catalog/ahd-videoregistratory
  6. http://www.clearcftv.com.br/linha.php?l=5&ln=ahd
  7. http://click-cam.com/html2/products.php?t=2
  8. http://www.ccd.dn.ua/ahd-videoregistratory.html
  9. http://www.dhssicurezza.com/tvcc-ahd/dvr-ahd-720p/
  10. http://www.gigasecurity.com.br/subcategoria-gravadores-de-video-dvr

Credit
An independent security researcher Istvan Toth has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to communicate with the vendor through emails and twitter, over the course of several months, we were unable to get any response.

Continue reading SSD Advisory – HiSilicon Multiple Vulnerabilities

SSD Advisory – Tripwire IP360 Local File Inclusion

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application.

Credit
An independent security researcher Mohammed Shameem has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
Tripwire has stated 7.2.6 which was vulnerable has reached end of life. No other version of Tripwire is affected by this LFI vulnerability. Tripwire customers still using version 7.2.6 should upgrade to version 7.5 or newer which is supported.

Continue reading SSD Advisory – Tripwire IP360 Local File Inclusion

SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary

The following advisory describes three (3) vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) and two (2) vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2)

The three vulnerabilities found in ZyXEL Enterprise Network Center (version 1.3.218.61) are:

  1. Directory traversal and Command injection vulnerabilities leading to Remote Command Execution
  2. ShowIcon” Servlet file Parameter Directory Traversal
  3. FileDownloadServlet Request URI Directory Traversal Read Code Execution

The two vulnerabilities found in ZyXEL Vantage Centralized Network Management (version 3.2) are:

  1. FileDownloadServlet Directory Traversal
  2. GUIDownloadServlet Request URI Directory Traversal

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
SSD reported the vulnerabilities to ZyXEL back in Jun 2016.
Vendor response: “Regarding the security vulnerabilities you reported for our Vantage CNM, we were informed by HQ that there will no further enhancements for the product, as we have a new product to replace it, called Cloud CNM. Further, the two provide almost equivalent features with exception to GUI and behavior.

Continue reading SSD Advisory – ZyXEL Enterprise Network Center and Vantage Centralized Network Management Multiple Vulnerabilities