Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)

Vendor: Lansweeper Software Vendor URL: https://www.lansweeper.com/ Versions affected: 8.0.130.17 known affected versions, others likely Systems Affected: Windows 10 Authors: Joshua Dow <joshua.dow@nccgroup.com>, Daniel King <daniel.king@nccgroup.com> Advisory URL / CVE Identifier: CVE-2020-13658 Risk: High Summary: Lansweeper is an application that gathers hardware and software information of computers and other devices on a computer network for management … Continue reading Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)

Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)

wolfSSL is a C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL incorrectly implements the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

Multiple HTML injection vulnerabilities were found in several KaiOS mobile applications that are pre-installed on KaiOS mobile devices. The following vulnerabilities affected multiple KaiOS mobile devices: KaiOS Email Application HTML Injection (CVE-2019-14756)KaiOS Contacts Application HTML Injection (CVE-2019-14757)KaiOS File Manager Application HTML Injection (CVE-2019-14758)KaiOS Recorder Application HTML Injection (CVE-2019-14760)KaiOS Note Application HTML Injection (CVE-2019-14761)KaiOS FM Radio … Continue reading Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

Vendor: Sangoma TechnologiesVendor URL: https://freepbx.comVersions affected: FreePBX 13, 14, and 15Systems Affected: FreePBX UCP applicationAuthor: Bill MarquetteAdvisory URLs:SEC-2020-06: https://wiki.freepbx.org/display/FOP/2020-08-17+SQL+Injection+In+cel+moduleSEC-2020-07: https://wiki.freepbx.org/display/FOP/2020-08-17+SQL+Injection+In+cdr+moduleRisk: High Summary: The User Control Panel (UCP) application is vulnerable to multiple authenticated SQL Injection vulnerabilities which can result in the compromise of administrative accounts as well as the PBX appliance itself. FreePBX has a … Continue reading Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020

Yesterday, the Microsoft Security Response Center announced their Most Valuable Security Researchers for 2020 (MVRs). This honour, awarded annually by Microsoft during Black Hat USA, is a part of MSRC's Researcher Recognition program, and recognizes the top security researchers globally based upon the volume, accuracy, and impact of their vulnerability reports to Microsoft over the … Continue reading NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020

Lights, Camera, HACKED! An insight into the world of popular IP Cameras

Preface During the Covid-19 pandemic, the battle to secure and protect businesses as well as consumers changed from the office environment to our homes, but this did not stop us from working on research projects aimed at contributing to the creation of a safer online world. Working from home, this research was carried out to … Continue reading Lights, Camera, HACKED! An insight into the world of popular IP Cameras

Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera

Vendor: TP-Link Vendor URL: https://www.tp-link.com/uk/ Versions affected: 1.7.0 Systems Affected: Tapo C200 Author: Dale Pavey Risk: High Summary: The device is vulnerable to the heartbleed vulnerability and a Pass-the-Hash attack. Impact: Successfully exploiting the Heartbleed vulnerability leads to the device being remotely taken over using the memory-leaked user hash and the Pass-the-Hash attack. Details: Using … Continue reading Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

CVE-2020-5902 was disclosed on July 1st, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. This blog looks at the root causes of both the exploit paths discovered which boil down to subtle configuration issues and differences in behavior between Apache httpd and Apache Tomcat when dealing with an uncommon URI element called matrix (or path) parameters.

Technical Advisory – KwikTag Web Admin Authentication Bypass

Vendor: ImageTagVendor URL: https://www.kwiktag.comVersions affected: 4.5.2 - 9.0Systems Affected: KwikTag Web AdminAuthor: Clayton LowellAdvisory URL / CVE Identifier: https://www.kwiktag.com/admin-security-advisory_202005/Risk: High Summary: KwikTag is a digital document management solution. KwikTag Web Admin is used to administrate accounts and permissions of the KwikTag instance. KwikTag Web Admin grants an active session without properly validating expired admin credentials. … Continue reading Technical Advisory – KwikTag Web Admin Authentication Bypass