dcsimg

A Look at the Vulnerability-to-Exploit Supply Chain

Last week, Tenable Research released the report, How Lucrative Are Vulnerabilities? A Closer Look at the Economics of the Exploit Supply Chain, which takes a close look at the vulnerability-to-exploit supply chain and ecosystem. The journey a software flaw takes – from being discovered and disclosed as a vulnerability to exploit development to ultimately being used in a cyberattack – includes many … [Read more...]

CVE-2019-12409: Default Configuration in Apache Solr Could Lead to Remote Code Execution

Linux servers using Apache Solr versions 8.1.1 and 8.2.0 with default configurations are potentially vulnerable to remote code execution. Background On July 22, 2019, a configuration flaw in versions 8.1.1 and 8.2.0 was found in Apache Solr, the open-source search-engine platform. John Ryan originally reported the issue and credit was also given to Matei “Mal” Badanoiu for noting the flaw could … [Read more...]

Multiple Vulnerabilities Found in Citrix SD-WAN Center and SD-WAN Appliances

Tenable Research has discovered multiple critical vulnerabilities in both Citrix SD-WAN Center and the SD-WAN appliance itself that could allow a remote, unauthenticated attacker to compromise the underlying operating systems of each. What you need to know: Tenable Research has disclosed four unauthenticated command injections, an unauthenticated directory traversal and one authenticated command … [Read more...]

Tenable Research Discloses Critical Vulnerability in Siemens STEP 7 (CVE-2019-10915)

Tenable Research has discovered a critical vulnerability in Siemens TIA Portal (also referenced as STEP 7) that would allow an attacker to perform administrative actions. Siemens has released an update and security advisory. What you need to know: Tenable Research has disclosed an unauthenticated RCE in Siemens SIMATIC STEP 7 V15.1. What’s the attack vector? Authentication bypass in the TIA … [Read more...]

Slack Patches Download Hijack Vulnerability in Windows Desktop App

Tenable Researcher David Wells discovered a vulnerability in Slack Desktop for Windows that could have allowed an attacker to alter where files downloaded within Slack are stored. Tenable worked with Slack via HackerOne based on our coordinated disclosure policy and Slack has since released a new version of its Windows desktop client to address this vulnerability. Users should ensure their Slack … [Read more...]

Multiple Vulnerabilities Found in Presentation Products

Tenable Research has discovered multiple vulnerabilities impacting Crestron’s AM-100 presentation device platform. Two of these also impact several other platforms, including: Barco wePresent, ExtronShareLink, InFocus LiteShow and TEQ AV IT WIPS710. Background While researching a Crestron AM-100 AirMedia Presentation Gateway, Jacob Baines discovered that this device shares a code base with several … [Read more...]

Verizon Fios Quantum Gateway Routers Patched for Multiple Vulnerabilities

<p>Tenable Research discovered multiple vulnerabilities in Verizon’s Fios Quantum Gateway routers.</p> <h2>Background</h2> <p>Tenable Research has discovered multiple vulnerabilities in the <a href="https://www.verizon.com/home/accessories/fios-quantum-gateway/" target="_blank" rel="noopener noreferrer" title="Tenable Research … [Read more...]

Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers

Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code. Background Nokia (Alcatel-Lucent) I-240W-Q Gigabit Passive Optical Network (GPON) routers are designed to replace standard copper networks. These routers have become an attractive target for botnets, and … [Read more...]

Tenable Research Discovers Remote Code Execution Vulnerabilities in GPON Routers

Tenable Research has discovered six new vulnerabilities in Nokia (Alcatel-Lucent) I-240W-Q GPON routers that can provide attacker with telnet access, DoS the target, or run arbitrary code. Background Nokia (Alcatel-Lucent) I-240W-Q Gigabit Passive Optical Network (GPON) routers are designed to replace standard copper networks. These routers have become an attractive target for botnets, and … [Read more...]

Remote Code Execution in InduSoft Web Studio

Enterprises running InduSoft Web Studio should update their software and ensure these critical systems are not exposed to the internet. Tenable Research has discovered an unauthenticated remote code execution (RCE) vulnerability in InduSoft Web Studio 8.1.2.0. ICS-CERT has assigned CVE-2019-6545 and CVE-2019-6543 for this vulnerability. Background InduSoft Web Studio is an automation tool for … [Read more...]