SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Vulnerabilities Summary
Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary.

Vendor Response
Cisco has issued an advisory, https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-tftp, which provides a workaround and a fix for the vulnerability. From our assessment the provided fix only addresses the file uploading part of the exploit, not the file inclusion, the ability to execute arbitrary code through it or the privileges escalation issue that the product has.

CVE
CVE-2018-15379

Credit
An independent security researcher, Pedro Ribeiro, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

Vulnerabilities Summary
Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authenticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for redirects and loading of whitelisted pages.

Vendor Response
The vendor, phpMyAdmin, issued a fix on the 21st of June 2018. Version 4.8.2 and newer aren’t affected.

CVE
CVE-2018-12613

Credit
An independent security researcher, Henry Huang working for CyCarrier CSIRT, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Affected systems
phpMyAdmin 4.8.0 and 4.8.1 (running on Linux systems)
Continue reading SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.

WiseGiga is a Korean company selling NAS products.

The vulnerabilities found in WiseGiga NAS are:

  • Pre-Authentication Local File Inclusion (4 different vulnerabilities)
  • Post-Authentication Local File Inclusion
  • Remote Command Execution as root
  • Remote Command Execution as root with CSRF
  • Info Leak
  • Default accounts

Credit
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities