NinjaOperator (82)

Last Login: June 24, 2022
Assessments
33
Score
82

NinjaOperator's Latest (20) Contributions

Sort by:
Filter by:
1
Technical Analysis

RCE vulnerability that effects Bently Nevada 3701 (OT device)
Maintenance interface has undocumented,
hardcoded credentials

Source: https://www.forescout.com/resources/ot-icefall-report/

2
Technical Analysis

Authenticated Remote Code Execution in Tp-Link Routers. PoC is publicly available

https://github.com/aaronsvk/CVE-2022-30075

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

Muhstik Gang has been seen exploiting this vulnerability to target Redis servers
Poc is publicly available https://github.com/aodsec/CVE-2022-0543

1
Technical Analysis

An improper input validation vulnerability exists within Solarwinds Serv-U 15.2.3 Hotfix1. Exploit code is not publicly available.

1

I see it thanks

1
Technical Analysis

According to Florian Roth: “You can detect the exploitation of Windows InstallerFileTakeOver LPE CVE-2021-41379 with the published PoC with events from the ‘Application’ Eventlog
Search for EventID 1033 and the keyword ‘test pkg’
https://twitter.com/cyb3rops/status/1462711685484101634

3

Update: Unnamed threat actors are exploiting this vulnerability to drop Cobalt Strike
https://twitter.com/h2jazi/status/1458794565968748545

1
Ratings
  • Exploitability
    Very High
Technical Analysis

Remote Desktop Client Remote Code Execution Vulnerability

Source: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38666

1
Technical Analysis

Undisclosed threat actors exploited this vulnerability to gain initial access to and deploy ransomware to a US-based engineering company.

2
Technical Analysis

A RCE vulnerability exists in vCenter Server 6.7 and 7.0 which could allow an actor to with access to port 443 can execute commands and software on unpatched vCenter Server deployments by uploading a specially crafted file.
https://www.bleepingcomputer.com/news/security/vmware-warns-of-critical-bug-in-default-vcenter-server-installs/#.YUoiQlUeVM8

1
Ratings
Technical Analysis

Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.

A threat actor could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444

2
Technical Analysis
1
Ratings
Technical Analysis

Unknown actors are actively exploiting a disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source.
The actors used a command injection to download a shell script that will infect the system with malware.
https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/

3
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Technical Analysis

An unauthenticated actor can perform configuration actions on mailboxes belonging to arbitrary users. Which can be used to copy all emails addressed to a target and account and forward them to an account controlled by the threat actor.

https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server

1
Technical Analysis
1
Technical Analysis

PoC is publicly available https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html?m=1
Microsoft has already patched this vulnerabilities and exploitation has not been observed. However, threat actors could exploit these vulnerabilities by sending users an email to visit a malicious link and recover passwords in plaintext.

1
Technical Analysis

Stored and Reflected XSS Vulnerability in Nagios Log Server. Actors could execute malicious JavaScript on targets machines such as stealing cookies or redirecting users.
PoC is publicly available
https://attackerkb.com/topics/GWZl4INBU4/cve-2021-35479?referrer=search

2
Technical Analysis

Atlassian disclosed a remote code execution (RCE) vulnerability affecting multiple versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Data Center.
Threat actors with access to ports 40001 and 40011 (Ehcache RMI ports) could execute arbitrary code, due to a missing authentication flaw in Jira’s deployment .
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html#JiraDataCenterAndJiraServiceManagementDataCenterSecurityAdvisory20210721-Mitigation