Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in userâ€™s session by stealing cookies which means that a malicious hacker can change the logged-in userâ€™s password and invalidate the session of the victim while the hacker maintains access.
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.
A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality
A null pointer dereference flaw was found in samba’s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).
An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.
An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.
The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago
Although Microsoft issued a patch for the critical SMBGhost vulnerability in the Server Message Block (SMB) protocol back in March, over 100,000 machines remain susceptible to attacks exploiting the flaw. This wormable Remote Code Execution (RCE) vulnerability could allow black hats to spread malware across machines without any need for user interaction.
The severity of the bug affecting Windows 10 and Windows Server (versions 1903 and 1909) should have convinced everybody to patch their machines immediately. However, according to Jan Kopriva, who disclosed his findings on the SANS ISC Infosec Forums, that doesn’t seem to be the case.
“I’m unsure what method Shodan uses to determine whether a certain machine is vulnerable to SMBGhost, but if its detection mechanism is accurate, it would appear that there are still over 103 000 affected machines accessible from the internet. This would mean that a vulnerable machine hides behind approximately 8% of all IPs which have port 445 open,” Kopriva said.
The SMBGhost vulnerability, tracked as CVE-2020-0796, is ranked as critical and holds the ‘perfect’ score of 10 on the Common Vulnerability Scoring System (CVSS) scale. Upon discovery, the flaw was considered so severe that instead of releasing a fix as part of its usual Patch Tuesday bundle, Microsoft issued an out-of-band patch instead.
RELATED READING: Vulnerabilities, exploits and patches
“To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it,” said Microsoft when issuing the patch.
That was back in March, and publicly available exploits soon emerged, although they achieved ‘only’ local privilege escalation. Three months later, however, the first Proof-of-Concept (PoC) to achieve RCE was released, immediately garnering widespread attention. Even the United States’ Cybersecurity and Infrastructure Security Agency (CISA) took note and published an advisory warning that malicious threat actors were using the PoC to exploit the vulnerability and target unpatched systems.
It’s also worth noting that SMBGhost can be used in tandem with another vulnerability affecting the SMBv3 protocol – SMBleed. According to ZecOps researchers who discovered the latter flaw, a cybercriminal who can combine the two vulnerabilities could achieve pre-auth remote code execution.
At the risk of stating the obvious, admins and users who haven’t patched their systems yet would be well advised to do so sooner rather than later.