During account assignment in the Talk2M platform, a Cosy+ device generates and sends a certificate signing request (CSR) to the back end. This CSR is then signed by the manufacturer and used for OpenVPN authentication by the device afterward. Since the common name (CN) of the certificate is specified by the device and used in order to assign the OpenVPN session to the corresponding Talk2M account, an attacker with root access to a Cosy+ device is able to manipulate the CSR and get correctly signed certificates for foreign devices.
25253b1bbb687aad196d1a68e6e0528bb19297042bab3325165b8dc98905aec7The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The Ewon Cosy+ executes all tasks and services in the context of the user "root" and therefore with the highest system privileges. By compromising a single service, attackers automatically gain full system access.
1525ebcf929417e37f3bdac2dcdb956f29566f6bd680a2813d148269861150f9Dovecot IMAP server versions 2.2 and 2.3 suffer from denial of service and resource exhaustion vulnerabilities.
94b0aee67b11da7bd129e38ffb00abe29b299d02c054b3f6993f853db9c89a1cDovecot IMAP server versions 2.2 and 2.3 have an issue where a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue.
110c1562e949571c822c2ff350b36b50c9dbaf0d176f46ef0289ae7411955fe8The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. Due to the use of a hardcoded cryptographic key, an attacker is able to decrypt encrypted data and retrieve sensitive information.
1888a210090f03bc507fc3160727ce580f1a9c9a09e8cbac293d257662b66100The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. Due to improper neutralization of parameters read from a user-controlled configuration file, an authenticated attacker is able to inject and execute OS commands on the device.
8a1d1fc9f6b69674b1ce58ab3538a8faa0b20d3e41c26e9d4d475e8d597b5ed5The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. The credentials used for the basic authentication against the web interface of Cosy+ are stored in the cookie "credentials" after a successful login. An attacker with access to a victim's browser is able to retrieve the administrative password of Cosy+.
e33c07108e3c442346ea02e832a872e3a605c556106af6c539e021e9820cf456The Ewon Cosy+ is a VPN gateway used for remote access and maintenance in industrial environments. If login against the FTP service of the Cosy+ fails, the submitted username is saved in a log. This log is included in the Cosy+ web interface without neutralizing the content. As a result, an unauthenticated attacker is able to inject HTML/JavaScript code via the username of an FTP login attempt.
2db40156b7623d221c6a2ba726715a466f4672d315691354c619b685d3367967Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.
3e4f5acf04cadd477a1dadac271aead459bb2df925a0aa16eae22897fa0602b4Ubuntu Security Notice 6966-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage certain memory operations when processing graphics shared memory. An attacker could potentially exploit this issue to escape the sandbox.
7dc6ba8c91568ec0d1a7ffb6598cf945437605f32ce56c344d46eedf354cb49eUbuntu Security Notice 6837-2 - It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Rack incorrectly handled certain Range headers. A remote attacker could possibly use this issue to cause Rack to create large responses, leading to a denial of service.
6f0095d079b25cf7e1b9d943359101008834a83e12a5eab69c27d05be7fb575dDebian Linux Security Advisory 5750-1 - Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack.
0be1047e4d16efb9e6e3b1cb4e8a3bc474db795c8586bfdc7190a98d2149a514Lawyer CMS version 1.6 suffers from an ignored default credential vulnerability.
9055c2f92b307fd3af321672aaab55f2048a6aaa8933588e8175215401ad063eKarya Online Shopping Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ace5835235cc9816aa9586e82f7882eca16802f166866858074cc02f513e907cJobSeeker CMS version 1.5 suffers from an ignored default credential vulnerability.
46b993b45ba1c9b1118e18276103b7844eabb5d52b655b928258474888aca43bJobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.
0e14944aabacd3bde55dc9ca768a85b25224b5d197aed3ef9cecb63e14d97575Human Resource Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.
bf20205d0167adcb0c48749ed7a50372cba24a18938ecfb734926b5099542af1Hotel Management System version 1.0 suffers from a cross site request forgery vulnerability.
436d7414f95271233837a50e384e3a6ab4a984b18c9329a30769d2a33b778677Bhojon Restaurant Management System version 3.0 suffers from an ignored default credential vulnerability.
5040244ae54e0b0c8ba29ab2d3b854826d64f8640404907653ffda5ea3f38ca6Accounting Journal Management System version 1.0 suffers from a cross site request forgery vulnerability.
8d2cfad284efc5444e134d88f958c346ba6816f8fc36237ccfc1082d80704a29Red Hat Security Advisory 2024-5547-03 - Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.16.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Issues addressed include a denial of service vulnerability.
74739dcda923acec7bfb3e748589420dea5eacb64b4cd79d2883b1c6d1b5b4b9Red Hat Security Advisory 2024-5537-03 - An update is now available for the Red Hat build of Cryostat 3 on RHEL 8. Issues addressed include a denial of service vulnerability.
f5c0930131439b39789f27ba70bca0635a1d32da8abfe7e4a62258f74aba3ec1Red Hat Security Advisory 2024-5535-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a traversal vulnerability.
bf54079f34412cee673f02afd5ac65efc4d77e038a9875f2da4f22a088f26102Red Hat Security Advisory 2024-5534-03 - An update for python-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
1a2da727428b487d6f13f9474d3cb49e9d65d3986eb259ee5e14277f2f9ed97eRed Hat Security Advisory 2024-5533-03 - An update for python3.12-setuptools is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
4ca10548fe9c3546bf0fcda3627d4ba2a5089b93c7a7c11861ba9e6512b1891a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed