-
Recently Browsing 0 members
No registered users viewing this page.
CVE-2019-19781 - Citrix Gateway and ADC - remote code execution
-
Members online now
No members to show
-
Similar Content
-
By Kevin Beaumont
CVE-2018-13379 is being exploited in the wild on Fortigate SSL VPN firewalls. These exist as a perimeter security control, so it's a bad vulnerability.
Using BinaryEdge.io I can see scanning activity from last night for first time for this vulnerability:
The scanning traffic is taking place across the whole internet it appears, spray and pray style.
The vulnerability is ridiculously easy to exploit, it's a 1996 style pre-auth ../ webserver exploit to read plain text administrator credentials:
Timeline
May 24th 2019 - Vendor posts advisory - https://fortiguard.com/psirt/FG-IR-18-384
June 4th 2019 - Vendor updates advisory to correct impacted versions
August 9th 2019 - Blog explaining the different vulnerabilities in FortiOS, including this one.
August 14th 2019 - Exploit appears on GitHub and exploitation details posted in TLP Rainbow.
August 17th 2019 - Another exploit, checks if vulnerable before exploit.
August 21nd 2019 - Exploitation seen in wild.
-
By Tim Corless
Came across this on my travels: https://portswigger.net/daily-swig/webmin-backdoor-blamed-on-software-supply-chain-breach
Webmin software was backdoored for over a year. If you're using one of those vulnerable versions, update now!
According to shodan and some google dorks, there are quite a lot still vulnerable
-
By Kevin Beaumont
CVE-2019-11510, impacting Pulse Secure SSL VPN, is being exploited in the wild.
I've seen it being exploited today, a few hours ago for first time, via BinaryEdge.
Timeline
24th April 2019 - Vendor advisory.
14th August 2019 - TLP Rainbow post.
20th August 2019 - exploit posted publicly.
22nd August 2019 - exploitation in wild.
Pulse Secure is one of the "Zero Trust" secure SSL VPN systems where you get pwned by 1996 ../../ exploits.
-
By Kevin Beaumont
A track of BlueKeep CVE-2019-0708 scanners and exploits.
Scanners
https://github.com/zerosum0x0/CVE-2019-0708 - first uploaded May 22nd 2019
https://www.rapid7.com/db/modules/auxiliary/scanner/rdp/cve_2019_0708_bluekeep - first uploaded May 25th 2019
Remote code execution exploits
Unreleased
Technical writeups
@0xeb_bp has released a technical writeup. It doesn't contain code but it does make clear how to reach exploitation, at least on XP.
0xeb_bp_BlueKeep_Technical_Analysis.pdf
-
By Kevin Beaumont
Two researchers have a talk upcoming at DefCon about SSL VPN vulnerabilities, and they've started (although not in the talk) by detailing a unauthenticated remote code execution vulnerability in Palo-Alto GlobalProtect, their VPN system: http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
The short version is:
- Bad vulnerability
- Actually exploitable
- Because it's on both your VPN and firewall box (Palo-Alto do both), the attacker owns your network via the internet
- They released a patch for the issue a year ago, but didn't issue a CVE or tell people about the issues for whatever reason - so you want to check if you actually run a vulnerable version still.
Vendor advisory here after I tweeted about it: https://securityadvisories.paloaltonetworks.com/Home/Detail/158
-