VU#608209: NicheStack embedded TCP/IP has vulnerabilities

Overview HCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog researchers who discovered this set of vulnerabilities have identified these as "INFRA:HALT" Description HCC Embedded acquired NicheStack...

Aug 2021

VU#357312: HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these invalid contents to a vulnerable system, the forwarded...

Aug 2021

VU#405600: Microsoft Windows Active Directory Certificate Services can allow for AD compromise via PetitPotam NTLM relay attacks

Overview Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. Description PetitPotam is a tool to force Windows hosts to authenticate to other machines by using the Encrypting File System Remote...

Aug 2021

VU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass

Overview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration. Description The vulnerability, identified as CVE-2021-20090, is a path traversal...

Jul 2021

VU#506989: Microsoft Windows 10 gives unprivileged user access to SAM, SYSTEM, and SECURITY files

Overview Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY registry hive files. This can allow for local privilege escalation (LPE). Description Starting with Windows 10 build 1809, the BUILTIN\Users group is given RX permissions to the following files: c:\Windows\System32\config\sam c:\Windows\System32\config\system...

Jul 2021

VU#131152: Microsoft Windows Print Spooler Point and Print allows installation of arbitrary queue-specific files

Overview Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process. Description Microsoft Windows allows for users who lack administrative...

Jul 2021

VU#383432: Microsoft Windows Print Spooler RpcAddPrinterDriverEx() function allows for RCE

Overview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Description The RpcAddPrinterDriverEx() function is used to install a printer driver on a system. One of the...

Jun 2021

VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data

Overview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852 Checkbox Survey insecurely deserializes ASP.NET View State data. Checkbox Survey is an ASP.NET application that can add survey...

May 2021

VU#667933: Pulse Connect Secure Samba buffer overflow

Overview Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the ability to connect to Windows file shares (SMB). This capability is provided by a number of CGI scripts, which in turn use...

May 2021

VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are two specifications used to define the technical and...

May 2021