by CIRT Team
Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability: CVE-2016-9219
Description: The vulnerability is due to incomplete IPv6 UDP header validation. An attacker could exploit this vulnerability by sending a crafted IPv6 UDP packet to a specific port on the targeted device. An exploit could allow the attacker to impact the availability of the device as it could unexpectedly reload. Impact: Attackers can exploit this issue to cause denial-of-service conditions. Mitigation: Cisco has released software...
Read More
by CIRT Team
Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability: CVE-2017-3834
Description: The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit...
Read More
by CIRT Team
Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability: CVE-2017-3832
Description: The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. Impact: Attackers can exploit this issue to reload the affected device, denying service to legitimate...
Read More
by CIRT Team
Linux Kernel CVE-2017-7184 Local Privilege Escalation Vulnerability
Description: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. Impact: Local attackers may exploit...
Read More
by CIRT Team
Microsoft Internet Information Services CVE-2017-7269 Buffer Overflow Vulnerability
Description CVE-2017-7269: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://” in a PROPFIND request, as exploited in the wild in July or August 2016. Impact: Attackers can exploit this issue to execute arbitrary code in the...
Read More
by CIRT Team
Linux Kernel CVE-2017-2636 Local Privilege Escalation Vulnerability
Description: Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Impact: Local attackers may exploit this issue to gain elevated privileges. Mitigation: Updates are available. Please check the respective vendor advisory for more information. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636 https://access.redhat.com/security/cve/cve-2017-2636 https://security-tracker.debian.org/tracker/CVE-2017-2636 https://kalilinux.co/2017/03/17/cve-2017-2636-linux-kernel-flaw-can-local-privilege-escalation/#.WM-uEmclHIU
by CIRT Team
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability: CVE-2017-3881
Description CVE-2017-3881: Cisco is warning of a new critical IOS / IOS XE vulnerability that affects more than 300 of its switch models. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. Impact: An...
Read More
by CIRT Team
Apache Struts 2 Vulnerability Leads to Remote Code Execution (CVE-2017-5638)
Description: The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017. Impact: This vulnerability allows for unauthenticated, remote code execution on the server. Mitigation: Upgrade to Struts 2.3.32 or Struts 2.5.10.1...
Read More
by CIRT Team
WordPress versions 4.7.2 and earlier are affected by six security issues
Description: Cross-site scripting (XSS) via media file metadata. Control characters can trick redirect URL validation Unintended files can be deleted by administrators using the plugin deletion functionality Cross-site scripting (XSS) via video URL in YouTube embeds. Cross-site scripting (XSS) via taxonomy term names. Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources Impact: Intruder may perform malicious activity by exploiting...
Read More
by CIRT Team
Roundcube 1.2.2 – Remote Code Execution Vulnerability
Description: In Roundcube 1.2.2 and earlier, user-controlled input flows unsanitized into the fifth argument of a call to PHP’s built-in function mail() which is documented as security critical. The problem is that the invocation of the mail() function will cause PHP to execute the sendmail program. The fifth argument allows to pass arguments to this execution which allows a configuration of sendmail. Since sendmail offers...
Read More
