When CyberOne began research into the vulnerability identified in the F5 TMUI RCE vulnerability advisory, we initially started by reading the advisory and mitigation steps, which contained minimal details but included key […]
Offensive Security
Uncovering Your Security Blind Spots: Keys to Protecting your Organization from the Unknown
Many organizations are shocked to learn their systems have been breached, with attackers having exposed vulnerabilities. However, you can defend your organization against these threats by taking some proactive measures. […]
Local Privilege Escalation Discovered in GlobalProtect App
Versions Tested: GlobalProtect App < 5.1.4 on Windows GlobalProtect App < 5.0.10 on Windows Product: https://www.paloaltonetworks.com/products/globalprotect Security Advisories: https://security.paloaltonetworks.com/CVE-2020-2032 CVE Numbers: CVE-2020-2032 CVSS Score: 7.0 CWE: CWE-367 Time-of-check Time-of-use (TOCTOU) […]
Securing Your Cookies: HTTPOnly Flag for Cookie Theft Defense
Missing HttpOnly flags on cookies are a common finding in Web Application penetration testing. Many times, there is confusion surrounding whether it is necessary to enable this flag though. However, […]
Local Privilege Escalation Discovered in VMware Fusion
Versions Tested: VMware Fusion 11.5.3 Products: https://www.vmware.com/products/fusion.html https://docs.vmware.com/en/VMware-Remote-Console/index.html https://docs.vmware.com/en/VMware-Horizon-Client/index.html Security Advisories: https://www.vmware.com/security/advisories/VMSA-2020-0011.html CVE Number(s): CVE-2020-3957 CVSS Score: 7.3 CWE: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-424: Improper Protection of Alternate […]
Hard-Coded Administrator Password Discovered in OpsRamp Gateway
Version Tested: 3.0.0 Product: https://www.opsramp.com/ CVE Numbers: CVE-2020-11543 CVSS Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE: CWE-798: Use of Hard-coded Credentials OWASP: https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password Summary: During a recent penetration test, CyberOne’s researchers discovered that […]
Vulnerabilities Discovered in CIPAce Enterprise Platform
Versions Tested: CIPAce Version < 6.80 Build 2016031401 CIPAce Version < 9.1 Build 2019092801 Product: https://www.cipplanner.com/Products/CIPAce/Pages/CPMPlatform.aspx Security Advisories: N/A CVE Numbers: CVE-2020-11586 CVE-2020-11587 CVE-2020-11588 CVE-2020-11589 CVE-2020-11590 CVE-2020-11591 CVE-2020-11592 CVE-2020-11593 CVE-2020-11594 […]
From the Trenches: Relaying Passwords for the Win!
As pentesters and red teamers, we know that it isn’t hard to get user passwords. The real challenge can be getting an elevated user such as Domain Admin (DA) or […]
Telesploit: Open-Source Remote Vulnerability Assessment & Penetration Testing
Due to current events, your organization is more than likely experiencing disruption resulting from a rush to implement remote work policies, social distancing, and other unexpected changes to business as […]
Authentication Bypass Vulnerability Discovered in Infinias eIDC32 WebServer
Versions Tested: Web Revision: 1.107, Board: 3.001, Firmware: 2.213 Product: https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc Security Advisories: N/A CVE Numbers: CVE-2020-11542 CVSS Score: N/A CWE: CWE-305: Authentication Bypass by Primary Weakness NIST: IA-4: Identifier […]