Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

Vendor: Dell Vendor URL: https://www.dell.com/support/home/en-us/product-support/product/wyse-wms/drivers Versions affected: Prior to version 3.3 Systems Affected: Any Author: Stephen Tomkinson stephen.tomkinson@nccgroup.com Advisory URL / CVE Identifier: https://www.dell.com/support/kbdoc/en-us/000189363/dsa-2021-137-dell-wyse-management-suite-wms-security-update-for-multiple-vulnerabilities CVE-2021-21586, CVE-2021-21587 Risk: High – can lead to compromise of administrative sessions Summary Thin clients are often found in secure environments as their diskless operation reduces physical security risks. Wyse Management … Continue reading Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

Vendor: Shopify Vendor URL: https://shop.app/ Versions affected: Shop Android 2.19.0-release+307, Shop iOS 2.20.0 Authors: Dan Hastings – dan.hastings[at]nccgroup[dot]com Summary In the Shop app when adding a package, any data that matches a specific format defined by Shopify that is contained on the global pasteboard (iOS) or clipboard (Android) is automatically sent without user interaction to … Continue reading Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

Vendor: ParcelTrack Vendor URL: https://www.parceltrack.de/ Versions affected: ParcelTrack Android Version 3.3, ParcelTrack iOS Version 3.3 Author: Dan Hastings – dan.hastings[at]nccgroup[dot]com Summary Upon start of the ParcelTrack application any data contained on the global pasteboard (iOS) or clipboard (Android) will be sent to Parcel Track’s servers. Impact Sensitive PII such as credit card numbers and passwords … Continue reading Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Vendor: Dell / PC-Doctor Vendor URL: https://www.dell.com/support/contents/en-uk/article/product-support/self-support-knowledgebase/software-and-downloads/supportassist Versions affected: SupportAssist for Windows version 3.7 or higher, between 2020-08-28 and 2020-10-22 Systems Affected: Windows Author: richard.warren[at]nccgroup[dot]com Advisory URL: https://www.dell.com/support/kbdoc/000184012 CVE Identifier: CVE-2021-21518 Risk: CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did … Continue reading Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution. The following vulnerabilities were the most relevant identified during the internal research: Unauthenticated Remote Code Execution (CVE-2020-26919)NSDP Authentication Bypass (CVE-2020-35231)Unauthenticated Firmware Update Mechanism … Continue reading Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

Current Vendor: Gigaset Vendor URL: https://www.gigaset.com/es_es/gigaset-dx600a-isdn/ Versions affected: V41.00-175.00.00-SATURN-175.00 Systems Affected: DX600A Authors: Manuel Ginés - manuel.gines[at]nccgroup[dot]com Admin Service Weak Authentication CVE Identifier: CVE-2021-25309 Risk: 8.8 (High) - AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H AT Command Buffer Overflow CVE Identifier: CVE-2021-25306 Risk: 4.5 (Medium) - AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Summary According to the oficial documentation, the Gigaset DX600A is a high-end ISDN desktop … Continue reading Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Current Vendor: Belkin (Linksys) Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/ Versions affected: 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin) Systems Affected: Linksys WRT160NL Authors: Manuel Ginés - Manuel.Gines[at]nccgroup[dot]com && Diego Gómez Marañón – Diego.GomezMaranon[at]nccgroup[dot]com CVE Identifier: CVE-2021-25310 Risk: 8.8 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Summary The Linksys WRT160NL is a switch device initially owned by Cisco and, after the sale of its respective … Continue reading Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

Vendor: Silver Peak Vendor URL: https://www.silver-peak.com Versions affected: All EdgeConnect OS versions prior to 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0. Systems Affected: Unity EdgeConnect Appliance & Orchestrator CVE Identifier: CVE-2020-12148 (nslookup API), CVE-2020-12148 (Management File Upload) Advisory URL: https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_command_injection_mgmt_file_upload_cve_2020_12149-1.pdf, https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_command_injection_via_api_cve_2020_12148-1.pdf Risk: Medium – 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) (nsLookup API) Risk: Medium – 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) (Management file … Continue reading Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

Vendor: containerd Project Vendor URL: https://containerd.io/ Versions affected: 1.3.x, 1.2.x, 1.4.x, others likely Systems Affected: Linux Author: Jeff Dileo CVE Identifier: CVE-2020-15257 Advisory URL: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 Risk: High (full root container escape for a common container configuration) Summary containerd is a container runtime underpinning Docker and common Kubernetes configurations. It handles abstractions related to containerization and … Continue reading Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

Vendor: Oracle Vendor URL: https://www.oracle.com/ Versions affected: 8.0.0.0-8.4.0.5 Systems Affected: Oracle Communications Diameter Signaling Router CVE Identifier: CVE-2020-14787 (XSS), CVE-2020-14788 (SQL Injection) Advisory URL: https://www.oracle.com/security-alerts/cpuoct2020.html Risk: Medium – 6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (SQL injection) Risk: Medium - 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (Reflected Cross-Site Scripting) Authors: Viktor Gazdag - viktor.gazdag[at]nccgroup[dot]com Ioannis Charalambous - ioannis.charalambous[at]nccgroup[dot]com Summary Based on the Oracle product … Continue reading Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)