SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe (MLS) versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.

McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.

Credit
An independent security research company, Silent Signal, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability.

For more information: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714

CVE: CVE-2017-3898

Continue reading SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

I run this SOC!

I don’t actually run this SOC (or any other) 🙂 But…but, as a certified “blue team” member, I’m pretty excited with the crop of new companies and ideas that are springing up in the area of SOC analysis, Deception technology, Lateral/external movement, etc. Some of the cool new(ish) vendors that I am falling deeply in love with will be briefly enumerated below…If I was running a SOC, here are some vendors (or technologies) that I would have to add on top of the existing players (centralized logging, scan vuln data, IDS/IPS data, firewall/proxy data, etc.)

Continue reading I run this SOC!

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities summary
The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.

WiseGiga is a Korean company selling NAS products.

The vulnerabilities found in WiseGiga NAS are:

  • Pre-Authentication Local File Inclusion (4 different vulnerabilities)
  • Post-Authentication Local File Inclusion
  • Remote Command Execution as root
  • Remote Command Execution as root with CSRF
  • Info Leak
  • Default accounts

Credit
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.

Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in Mako Server’s tutorial page.

The vulnerabilities found are:

  • Unauthenticated Arbitrary File Write vulnerability that leads to Remote Command Execution
  • Unauthenticated File Disclosure
  • Unauthenticated Server Side Request Forgery

As these tutorial may be used as the basis for production code, it is important for users to be aware of these issues.

“As a compact application and web server, the Mako Server helps developers rapidly design secure IoT and web applications. The Mako Server provides an application server environment from which developers can design and implement complete, custom solutions. The Mako Web Server is ideal for embedded Linux systems.”

Credit
An independent security researcher, John Page AKA hyp3rlinx, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
RealTimeLogic was informed of the vulnerability on Aug 13, but while acknowledging the receipt of the vulnerability information, refused to respond to the technical claims, to give a fix timeline or coordinate an advisory, saying:
“I just sent a formal notification for the commercial license requirement and also we need to put a maintenance contract in place.

Internally I need to set-up a cost allocation account for billing against these support inquiries.”

At this time it’s unclear whether these vulnerabilities are going to be fixed and further attempts to get a status clarification failed.

Continue reading SSD Advisory – Mako Web-server Tutorials Multiple Unauthenticated Vulnerabilities