Last Login: July 29, 2021
NinjaOperator's Contributions (19)
PoC is publicly available
Atlassian disclosed a remote code execution (RCE) vulnerability affecting multiple versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Data Center.
Threat actors with access to ports 40001 and 40011 (Ehcache RMI ports) could execute arbitrary code, due to a missing authentication flaw in Jira’s deployment .
An unprivileged local attacker can exploit this vulnerability by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, and also escalate privileges.
HP and Xerox released security updates for an exploitable kernel drive vulnerability (CVE-2021-3438) that affects the buffer overflow in the SPPORT.SYS driver for over 380 various HP and Samsung printers and approximately a dozen different Xerox printers. Successful exploitation could allow unauthorized actors to gain SYSTEM level permissions and execute code in kernel mode
This remote code execution (RCE) vulnerability affects Microsoft Exchange Server 2013/ CU23/2016 CU20/2016 CU21/2019 CU10.
And according to FireEye exploit code is available.
I will share more information once MSFT releases more details
Actors with local access are exploiting this vulnerability to execute code with elevated permission names.
SolarWinds was recently notified by Microsoft of a security vulnerability (RCE) related to Serv-U Managed File Transfer Server and Serv-U Secured FTP and have developed a hotfix to resolve this vulnerability. While Microsoft’s research indicates this vulnerability exploit involves a limited, targeted set of customers and a single threat actor, our joint teams have mobilized to address it quickly.
The vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploits CVE-2021-34527 can run arbitrary code with SYSTEM privileges and install programs; view, change, or delete data, and run programs.
Over 20 orgs suffered breaches due to CVE-2021-27101, which affects Accellion FTA. Data has shown up on the Clop ransomware extortion website.
The Microsoft Exchange team has released Cumulative Updates (CUs) for Exchange Server 2016 and Exchange Server 2019
Proof-of-concept exploit code has been published online today for a vulnerability in the Windows Print Spooler service that can allow a total compromise of Windows systems.
A successful exploit strategy needs to bypass the following security mitigations on the target:
Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP)
Control Flow Guard (CFG)
Also PoC is available https://github.com/ZeusBox/CVE-2021-21017
Security issues have been identified in Citrix Hypervisor 8.2 LTSR, each of which may allow privileged code in a guest VM to cause the host to crash or become unresponsive. These issues only affect Citrix Hypervisor 8.2 LTSR.
Microsoft Edge contains a security feature bypass vulnerability, and a PoC exploit hasn’t been publicly disclosed at this time.
Microsoft Edge contains an elevation of privilege vulnerability that could allow actors to escalate privileges.
Windows MSHTML Platform (Microsoft proprietary browser engine) enables RCE and is being actively exploited in limited campaigns.
Exploitation requires user interaction; thus, feasible threat scenarios include drive-by download, exploit kits, and phishing links.
A commercial exploit company reportedly provided the exploit code to Eastern European and Middle Eastern state-sponsored actors
Critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by threat actors to gain improper access to audio and video streams.