Jump to content
OpenSecurity.global
  • Recently Browsing   0 members

    No registered users viewing this page.

Recommended Posts

There's a few of these 😄 already seen exploit traffic in honeypot btw.

image.thumb.png.7f4ce2c40b0bef9c343a9285403214ba.png

  • Like 1

Share this post


Link to post

CVE-2019-15107 is being exploited in the wild.  It's a pre-auth exploit which allows admin password change, a.k.a. RCE, introduced by an attacker via a backdoor in the application.

Via BinaryEdge.io:

image.thumb.png.40dd75cdec005022e02a37b9487c5e4e.png

 

Timeline

April 2018 - an attacker backdoor'd WebMin's Sourceforge repo via build process.

17th August 2019 - 0day exploit available to exploit vulnerability.

17th August 2019 - WebMin issue advisory

20th August 2019 - mass exploitation seen in wild.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Members online now

  • Similar Content

    • By Kevin Beaumont
      CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls.  These exist as a perimeter security control, so it's a bad vulnerability.
      Using BinaryEdge.io I can see scanning activity from last night for first time for this vulnerability:

      The scanning traffic is taking place across the whole internet it appears, spray and pray style.
      The vulnerability is ridiculously easy to exploit, it's a 1996 style pre-auth ../ webserver exploit to read plain text administrator credentials:
      Timeline
      May 24th 2019 - Vendor posts advisory - https://fortiguard.com/psirt/FG-IR-18-384

      June 4th 2019 - Vendor updates advisory to correct impacted versions
      August 9th 2019 - Blog explaining the different vulnerabilities in FortiOS, including this one.
      August 14th 2019 - Exploit appears on GitHub and exploitation details posted in TLP Rainbow.
      August 17th 2019 - Another exploit, checks if vulnerable before exploit.
      August 21nd 2019 - Exploitation seen in wild.
    • By Kevin Beaumont
      CVE-2019-11510, impacting Pulse Secure SSL VPN, is being exploited in the wild. 
      I've seen it being exploited today, a few hours ago for first time, via BinaryEdge.

       
      Timeline
      24th April 2019 - Vendor advisory.
      14th August 2019 - TLP Rainbow post.
      20th August 2019 - exploit posted publicly.
      22nd August 2019 - exploitation in wild.
      Pulse Secure is one of the "Zero Trust" secure SSL VPN systems where you get pwned by 1996 ../../ exploits.

×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy