Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Risk: CVSS 9.1 (Critical) Summary SonicWall SMA 100 Series appliances running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv and below suffer from an unauthenticated arbitrary file-delete vulnerability which can be exploited by a remote … Continue reading Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Risk: CVSS 8.2 (High) Summary SonicWall SMA 100 Series appliances running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv and below suffer from a Stored Cross-Site Scripting (XSS) vulnerability within the management interface. This vulnerability … Continue reading Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS

Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 CVE Identifier: CVE-2021-20045 Risk: CVSS 9.4 (Critical) Summary SonicWall SMA 100 Series appliances running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv and below, are vulnerable to multiple stack-based and heap-based buffer … Continue reading Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)

Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 CVE Identifier: CVE-2021-20044 Risk: CVSS 7.2 (High) Summary SonicWall SMA 100 Series appliances running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv suffer from a post-authenticated command injection vulnerability, which can be … Continue reading Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)

Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 CVE Identifier: CVE-2021-20043 Risk: CVSS 8.8 (High) Summary SonicWall SMA 100 Series appliances running firmware versions 10.2.0.8-37sv, 10.2.1.1-19sv and below suffer from a heap-based buffer overflow vulnerability in … Continue reading Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)

Vendor: SonicWall Vendor URL: https://www.sonicwall.com/ Versions affected: 10.2.0.8-37sv, 10.2.1.1-19sv Systems Affected: SMA 100 Series (SMA 200, 210, 400, 410, 500v) Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026 CVE Identifier: CVE-2021-20040 Risk: CVSS 6.5 (Medium) Summary SonicWall SMA 100-series appliances running versions 10.2.0.8-37sv, 10.2.1.1-19sv and earlier, suffer from an unauthenticated file upload vulnerability. This could allow … Continue reading Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

Vendor: Apple Vendor URL: https://www.apple.com/ Versions affected: xar 1.8-dev Systems Affected: macOS versions below 12.0.1 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://support.apple.com/en-gb/HT212869 CVE Identifier: CVE-2021-30833 Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Summary XAR is a file archive format used in macOS, and is part of various file formats, including .xar, .pkg, .safariextz, and .xip files. XAR archives … Continue reading Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

Vendor: Ivanti Pulse Secure Vendor URL: https://www.pulsesecure.net/ Versions affected: Pulse Connect Secure (PCS) 9.11R11.5 or below Systems Affected: Pulse Connect Secure (PCS) Appliances Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 CVE Identifier: CVE-2021-22937 Risk: 7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Summary The Pulse Connect Secure appliance suffers from an uncontrolled archive extraction vulnerability which allows an attacker to overwrite … Continue reading Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Vendor: Dell / PC-Doctor Vendor URL: https://www.dell.com/support/contents/en-uk/article/product-support/self-support-knowledgebase/software-and-downloads/supportassist Versions affected: SupportAssist for Windows version 3.7 or higher, between 2020-08-28 and 2020-10-22 Systems Affected: Windows Author: richard.warren[at]nccgroup[dot]com Advisory URL: https://www.dell.com/support/kbdoc/000184012 CVE Identifier: CVE-2021-21518 Risk: CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did … Continue reading Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)

Vendor: Pulse Secure Vendor URL: https://www.pulsesecure.net/ Versions affected: Pulse Connect Secure (PCS) 9.1Rx or below Systems Affected: Pulse Connect Secure (PCS) Appliances CVE Identifier: CVE-2020-8255 Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 Risk: 4.9 Medium CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Authors: Richard Warren - richard.warren[at]nccgroup[dot]com David Cash – david.cash[at]nccgroup[dot]com Summary Pulse Connect Secure suffers from an arbitrary file read vulnerability in the pre/post … Continue reading Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)