Author Archives: CIRT Team


in Security Advisories & Alerts

CVE-2017-6746: Cisco Web Security Appliance Command Injection and Privilege Escalation Vulnerability

Description:  A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input on the web...

Read more

20 Jul 2017
in News Clipping

Eternal Synergy Exploit Analysis [technet]

This week we are going to take a look at Eternal Synergy, an SMBv1 authenticated exploit. This one is particularly interesting because many of the exploitation steps are purely packet-based, as opposed to local shellcode execution. Like the other SMB vulnerabilities, this one was also addressed in MS17-010 as CVE-2017-0143....

Read more

19 Jul 2017
Page 94 of 114« First...102030...9293949596...100110...Last »