NinjaOperator (46)

Last Login: July 29, 2021
Assessments
18
Score
46

NinjaOperator's Contributions (19)

Sort by:
Filter by:
1
Technical Analysis

Stored and Reflected XSS Vulnerability in Nagios Log Server. Actors could execute malicious JavaScript on targets machines such as stealing cookies or redirecting users.
PoC is publicly available
https://attackerkb.com/topics/GWZl4INBU4/cve-2021-35479?referrer=search

2
Technical Analysis

Atlassian disclosed a remote code execution (RCE) vulnerability affecting multiple versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Data Center.
Threat actors with access to ports 40001 and 40011 (Ehcache RMI ports) could execute arbitrary code, due to a missing authentication flaw in Jira’s deployment .
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html#JiraDataCenterAndJiraServiceManagementDataCenterSecurityAdvisory20210721-Mitigation

4
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

An unprivileged local attacker can exploit this vulnerability by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, and also escalate privileges.

https://www.helpnetsecurity.com/2021/07/20/cve-2021-33909/

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    High
Technical Analysis

HP and Xerox released security updates for an exploitable kernel drive vulnerability (CVE-2021-3438) that affects the buffer overflow in the SPPORT.SYS driver for over 380 various HP and Samsung printers and approximately a dozen different Xerox printers. Successful exploitation could allow unauthorized actors to gain SYSTEM level permissions and execute code in kernel mode
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/

1
Technical Analysis

This remote code execution (RCE) vulnerability affects Microsoft Exchange Server 2013/ CU23/2016 CU20/2016 CU21/2019 CU10.
And according to FireEye exploit code is available.
I will share more information once MSFT releases more details

1
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

Actors with local access are exploiting this vulnerability to execute code with elevated permission names.
Source: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-33771

3
Ratings
Technical Analysis

SolarWinds was recently notified by Microsoft of a security vulnerability (RCE) related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilized to address it quickly.

The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploits CVE-2021-34527 can run arbitrary code with SYSTEM privileges and install programs; view, change, or delete data, and run programs.

1

It’s been reported that it’s possible that a threat actor can bypass creating these event IDs (808-The print spooler failed to load a plug-in module and 31017-Microsoft-Windows-SmbClient/Security ) by using a legit Windows print driver — for example one of the Windows SDK examples — and piggy backing malicious code off the files.

Source:https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c

1
Technical Analysis

Over 20 orgs suffered breaches due to CVE-2021-27101, which affects Accellion FTA. Data has shown up on the Clop ransomware extortion website.
https://twitter.com/RecordedFuture/status/1408095974329888771

1
Technical Analysis

The Microsoft Exchange team has released Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-june-2021-quarterly-exchange-updates/ba-p/2459826

1
Technical Analysis

Proof-of-concept exploit code has been published online today for a vulnerability in the Windows Print Spooler service that can allow a total compromise of Windows systems.

Source: https://therecord.media/poc-released-for-dangerous-windows-printnightmare-bug/

1
Technical Analysis

A successful exploit strategy needs to bypass the following security mitigations on the target:

Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP)
Control Flow Guard (CFG)
Sandbox Bypass

Also PoC is available https://github.com/ZeusBox/CVE-2021-21017

2
Technical Analysis

Security issues have been identified in Citrix Hypervisor 8.2 LTSR, each of which may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues only affect Citrix Hypervisor 8.2 LTSR.

Source: https://support.citrix.com/article/CTX316325

1
Technical Analysis

Microsoft Edge contains a security feature bypass vulnerability, and a PoC exploit hasn’t been publicly disclosed at this time.

Source:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34506

1
Technical Analysis

Microsoft Edge contains an elevation of privilege vulnerability that could allow actors to escalate privileges.

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34475

2
Technical Analysis

In order for a threat actor to successfully exploit this vulnerability they must trick a privileged user (ideally an Exchange administrator) into clicking on a prepared link containing the malicious JavaScript code. This code can send requests to the ECP on behalf of the administrator. As a result, the attacker would gain access to the Exchange server with System privileges via the downloaded web shell.

Source: https://cyberpolygon.com/materials/okhota-na-ataki-ms-exchange-chast-2-cve-2020-0688-cve-2020-16875-cve-2021-24085/?utm_source=twitter&utm_medium=post&utm_campaign=23/06/21_cp_en&utm_content=read

1
Ratings
  • Exploitability
    Very High
Technical Analysis

Exploitation is considered easy. An threat actor can launch the attack from a distance. Only one authentication session is required for operation. The technical details are unknown and an exploit is not available to the public.
https://vuldb.com/fr/?id.177125

3
Ratings
Technical Analysis

Windows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns.
 Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links.
 A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors

1
Technical Analysis

Critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by threat actors to gain improper access to audio and video streams.

Source: https://us-cert.cisa.gov/ics/advisories/icsa-21-166-01
https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html