-
Recently Browsing 0 members
No registered users viewing this page.

vulnerability Notepad code execution vulnerability
-
Members online now
No members to show
-
Similar Content
-
By Kevin Beaumont
CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it's a bad vulnerability.
Using BinaryEdge.io I can see scanning activity from last night for first time for this vulnerability:
The scanning traffic is taking place across the whole internet it appears, spray and pray style.
The vulnerability is ridiculously easy to exploit, it's a 1996 style pre-auth ../ webserver exploit to read plain text administrator credentials:
Timeline
May 24th 2019 - Vendor posts advisory - https://fortiguard.com/psirt/FG-IR-18-384
June 4th 2019 - Vendor updates advisory to correct impacted versions
August 9th 2019 - Blog explaining the different vulnerabilities in FortiOS, including this one.
August 14th 2019 - Exploit appears on GitHub and exploitation details posted in TLP Rainbow.
August 17th 2019 - Another exploit, checks if vulnerable before exploit.
August 21nd 2019 - Exploitation seen in wild.
-
By Tim Corless
Came across this on my travels: https://portswigger.net/daily-swig/webmin-backdoor-blamed-on-software-supply-chain-breach
Webmin software was backdoored for over a year. If you're using one of those vulnerable versions, update now!
According to shodan and some google dorks, there are quite a lot still vulnerable
-
By Kevin Beaumont
CVE-2019-11510, impacting Pulse Secure SSL VPN, is being exploited in the wild.
I've seen it being exploited today, a few hours ago for first time, via BinaryEdge.
Timeline
24th April 2019 - Vendor advisory.
14th August 2019 - TLP Rainbow post.
20th August 2019 - exploit posted publicly.
22nd August 2019 - exploitation in wild.
Pulse Secure is one of the "Zero Trust" secure SSL VPN systems where you get pwned by 1996 ../../ exploits.
-
By Kevin Beaumont
CVE-2019-1181:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1181
Pre authentication remote code execution in Remote Desktop Protocol on every version of Windows, including Windows 10, 2012, 2016 and 2019. CVSS 9.7 score. Exploitation more likely than not.
CVE-2019-1182:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1182
Pre authentication remote code execution in Remote Desktop Protocol on every version of Windows, including Windows 10, 2012, 2016 and 2019. CVSS 9.7 score. Exploitation more likely than not.
CVE-2019-1222: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1222
Pre authentication remote code execution in Remote Desktop Protocol on every version of Windows, including Windows 10, 2012, 2016 and 2019. CVSS 9.8 score. Exploitation more likely than not.
CVE-2019-1223: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1223
Unauthenticated denial of service with RDP. All versions.
CVE-2019-1224:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1224
Unauthenticated disclosure of memory.
CVE-2019-1225: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1225
authenticated disclosure of memory
CVE-2019-1226: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1226
Pre authentication remote code execution in Remote Desktop Protocol on every version of Windows, including Windows 10, 2012, 2016 and 2019. CVSS 9.8 score. Exploitation more likely than not.
Exploits
There are no known public exploits for these issues. Microsoft have built some private exploits.
Severity
It appears these are a collection of many different and serious vulnerabilities. BlueKeep was one vulnerability in near legacy versions of Windows; these are different vulnerabilities in modern Windows.
Mitigations
- Enable NLA and leave it enabled for all external and internal systems. This raises exploitation requirements to needing credentials for some of the issues
- Some of these vulnerabilities are not exploitable on Windows 7 and 2008 if you haven’t enabled RDP 8+, aka RemoteFX (rich experiences) and the like. These are available by default in later versions of Windows.
Wormable?
Microsoft say yes: https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
DejaBlue
Funny name by @Michael Norris .
-