elligottmc (17)
Last Login: March 17, 2021
elligottmc's Latest (5) Contributions
Technical Analysis
Adjusting the attacker value and exploitability scores to reflect the data and assessment already provided by @lvarela-r7 in this topic.
https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/
https://twitter.com/jas502n/status/1321416053050667009
Technical Analysis
This is an update based on the assessment provided in the more general topic for the Citrix vulns disclosed in https://support.citrix.com/article/CTX276688 which include this CVE. As API queries to this CVE do not contain this data, reflecting it in this topic.
Link to assessment:
https://attackerkb.com/assessments/50e7e3c5-644c-46ae-b650-1ef45cec22ad
Link to relevant url provided in the assessment:
https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/
Additional link which provides a PoC:
https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi
It is also included in the Oct 20 NSA Advisory on vulns exploited by Chinese APTs:
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
Technical Analysis
This is an update based on the assessment provided in the more general topic for the Citrix vulns disclosed in https://support.citrix.com/article/CTX276688 which include this CVE. As API queries to this CVE do not contain this data, reflecting it in this topic.
Link to assessment:
https://attackerkb.com/assessments/50e7e3c5-644c-46ae-b650-1ef45cec22ad
Link to relevant url provided in the assessment:
https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/
Additional link which provides a PoC:
https://github.com/Zeop-CyberSec/citrix_adc_netscaler_lfi
Also, as mentioned by @gwillcox-r7 already, it is included in the Oct 20 NSA advisory.
Would it be appropriate to include this analysis in CVE-2020-8195 and CVE-2020-8196 specifically?
Fetching those CVE via the API does not return this information and the associated attacker value, so any automation of this valuable assessment is being missed by API queries. I could add a link to this comment but again wanted to verify.
These are the urls:
https://attackerkb.com/topics/rSz4fDlp1Z/cve-2020-8195?referrer=search
https://attackerkb.com/topics/r0FRieLWQM/cve-2020-8196?referrer=search
@ccondon-r7 thank you! Updated relevant topics.