About Administrador

This author has not yet filled in any details.
So far Administrador has created 238 blog entries.

CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API

By |2 Aug. 2023|Tarlogic's Blog - Cybersecurity|

CVE-2023-35078 is a critical vulnerability that allows access to restricted functionality of Ivanti mobile management software A new critical vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability, identified as CVE-2023-35078, affects all supported versions, including versions 11.10, 11.9, and 11.8. Older versions are also at risk. Ivanti Endpoint Manager Mobile (Ivanti EPMM) is mobile management software that allows companies to manage mobile devices, applications, and content. CVE-2023-35078 is an authentication bypass vulnerability in Ivanti EPMM that allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is rated as critical and has been given a maximum CVSS score of 10. Main characteristics The main ...

Read More
Comments Off on CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API

CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler

By |20 Jul. 2023|Tarlogic's Blog - Cybersecurity|

On July 18, 2023, Citrix released information and updates to address a critical vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway.  This vulnerability allows unauthenticated remote code execution on affected systems. In addition, two other vulnerabilities, Cross-Site-Scripting (CVE-2023-3466) and elevation of privilege (CVE-2023-3467), have been patched in the updates. Citrix NetScaler ADC is an Application Delivery Controller built to optimize, manage and protect Layer 4 to Layer 7 (L4-L7) network traffic. Although no specific details about the vulnerability have been published, it has been known that it is being actively exploited, so an urgent update of the affected assets is needed. CVE-2023-3519 main characteristics The following are the key characteristics of this vulnerability: CVE Identifier: CVE-2023-3519 CVSS Value: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...

Read More
Comments Off on CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler

CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC

By |30 Jun. 2023|Tarlogic's Blog - Cybersecurity|

On June 19, 2023, Fortiguard published the information and updates to fix a critical vulnerability (CVE-2023-33299) in its FortiNAC software, which can allow an unauthorized access on affected systems through the deserialization of untrusted data in the network service on port 1050/TCP. FortiNAC defines itself as a zero-trust access solution that oversees and protects all digital assets connected to the enterprise network. It can be provided as a hardware appliance or as a virtual machine. Between its use cases, this solution can: Perform inventory management, providing visibility over the assets connected to the network, classifying and monitoring them. Identifies security events and allows automations such as notifications to the admins or mitigation measures. Manage rule-based security policies to perform network ...

Read More
Comments Off on CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC

The ins and outs of BlueTrust, a Bluetooth vulnerability

By |23 Jun. 2023|Tarlogic's Blog - Cybersecurity|

BlueTrust is a Bluetooth vulnerability that allows information about devices and users to be obtained and trust relationships to be traced BlueTrust is a mechanism for discovering trust relationships between Bluetooth devices discovered by Tarlogic, which allows tracing networks of devices and obtaining information about their usage and users. In the previous post about BlueTrust, a Bluetooth vulnerability, we presented the research conducted by the Tarlogic Innovation team and the proof of concept that resulted from it. In this article, we continue detailing how the Bluetooth vulnerability works and the steps that have been necessary to implement it. BlueTrust relies on the findings of research into the BIAS and KNOB vulnerabilities in Bluetooth. As we mentioned in the article BlueTrust, ...

Read More
Comments Off on The ins and outs of BlueTrust, a Bluetooth vulnerability

CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability

By |16 Jun. 2023|Tarlogic's Blog - Cybersecurity|

Details have been disclosed about a critical vulnerability (CVE-2023-27997) affecting Fortinet Fortigate devices with exposed SSL VPN services. This vulnerability, which does not require prior authentication, would allow a remote attacker to execute code on the device by exploiting a heap-based buffer overflow. This vulnerability exploits the possibility of redirecting the execution flow by sending a specially crafted payload, which's size is not properly checked, and which would corrupt the heap memory area of the device, allowing arbitrary code to be executed or causing a denial of service. This would seriously affect the confidentiality, integrity and availability of the device. Fortinet is a U.S. multinational company headquartered in Sunnyvale, California. It develops and markets cybersecurity software, devices and services, such ...

Read More
Comments Off on CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability

CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer

By |8 Jun. 2023|Tarlogic's Blog - Cybersecurity|

On May 31, 2023, Progress informed about a critical vulnerability (CVE-2023-34362) in its MOVEit Transfer software, which could potentially lead to privilege escalation and unauthorized access on affected systems through SQL injection (SQLi) in the MOVEit Transfer web application. MOVEit Transfer is a software developed by Progress Software that provides secure collaboration and automated file transfers for sensitive data. It is widely used by numerous organizations globally. Depending on the database engine used, such as MySQL, Microsoft SQL Server, or Azure SQL, an attacker may be able to gain access to the database's structure and contents, and even execute SQL statements to modify or delete data. It is important to note that these attacks can occur over protocols like HTTP ...

Read More
Comments Off on CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer

CVE-2023-32353: Local privilege escalation via iTunes in Windows

By |8 Jun. 2023|Tarlogic's Blog - Cybersecurity|

Information has been disclosed about a new high criticality vulnerability that affects the Apple iTunes software in Windows environments. This vulnerability would allow an attacker who had access as a non-privileged user on a machine to escalate privileges to local administrator. This vulnerability is caused by incorrectly setting permissions on one of the folders created during the installation of the software: C:\ProgramData\Apple Computer\iTunes\SC Info This folder would have write permissions for any user, so an unprivileged user could delete it, and create a symbolic link pointing to any system folder such as c:Windows. Subsequently, using the repair function of the installation binary, the rewriting of certain files could be forced, allowing privileges to be escalated up to SYSTEM access. This ...

Read More
Comments Off on CVE-2023-32353: Local privilege escalation via iTunes in Windows

MSSQL linked servers: abusing ADSI for password retrieval

By |7 Jun. 2023|BlackArrow blog|

Introduction When we talk about Microsoft SQL Server linked servers, we usually think of links to another SQL Server instances. However, this is only one of the multiple available options, so today we are going to delve into the Active Directory Service Interfaces (ADSI) provider, which allows querying the AD using the LDAP protocol. After discussing its inner workings, we are presenting a new technique to retrieve cleartext linked login passwords and, in some cases, the password of the current security context. This has proven useful in several of our Red teaming engagements. ADSI Through the ADSI provider we can create a link to a domain controller (sp_addlinkedserver) and then perform queries using the SELECT statement and the OPENQUERY function: ...

Read More
Comments Off on MSSQL linked servers: abusing ADSI for password retrieval

Some notes and reflections on the Terminator threat

By |2 Jun. 2023|Tarlogic's Blog - Cybersecurity|

Throughout the week, a tool called «Terminator» has been discussed in the media, which would allow attackers to disable antivirus, EDR, and XDR platforms. Terminator utilizes a well-known technique called «Bring Your Own Vulnerable Driver» (BYOVD). This technique abuses legitimate drivers that, due to vulnerabilities, can be interacted with by malicious programs, forcing them to execute malicious code in Ring 0 (Kernel). This approach is particularly useful for attacking systems with robust user-level defenses. The BYOVD technique is based on the premise that, although modern operating systems have improved their security to prevent user-level privilege escalation, they are still vulnerable to threats that come from the kernel level. Attackers can exploit insecure or outdated device drivers to gain access to ...

Read More
Comments Off on Some notes and reflections on the Terminator threat

CVE-2023-2825: Critical vulnerability affects Gitlab

By |30 May. 2023|Tarlogic's Blog - Cybersecurity|

Information about a new critical vulnerability affecting Gitlab software has been disclosed. This vulnerability would allow a remote attacker to exploit a path traversal problem to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. N+1 groups are needed to be able to scale N directories. In a default installation, 11 groups would be needed to reach the server root directory, as the uploaded files are stored in the following path: /var/opt/gitlab/gitlab-rails/uploads/@hashed/<a>/<b>/<secret>/<secret>/<file> Gitlab Inc. is an open source company and is the leading provider of GitLab software, a version control and DevOps web service based on Git. CVE-2023-2825 main characteristics The main characteristics of the CVE-2023-2825 vulnerability are detailed ...

Read More
Comments Off on CVE-2023-2825: Critical vulnerability affects Gitlab

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Privacy policy - Legal notice

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy