On August 10, 2022, Bitdefender security experts discovered multiple severe security vulnerabilities in an asset management platform called Device42; if those bugs are exploited, malicious actors may be able to take control of affected systems. Threat actors could also impersonate other users, gain admin-level access to the application (via leaking sessions with an LFI), or even take control of the appliance's files and database via RCE, according to Bitdefender. Furthermore, by daisy-chaining three flaws, an adversary could bypass authentication protections and execute remote code with the highest privileges. Device42 Asset Management Appliance has the following vulnerabilities: 1. CVE-2022-1399 - This vulnerability allows an attacker to execute code remotely in the scheduled tasks component. 2. CVE-2022-1400 - This vulnerability allows an attacker to decrypt session keys of authenticated users using Exago encryption keys and IVs hardcoded into the appliance (WebReportsApi.dll). 3. CVE 2022-1401 - This vulnerability allows unauthenticated attackers to access sensitive server files. 4. CVE-2022-1410 - This vulnerability allows an attacker to perform remote Code Execution in the Appliance Manager console. The most significant vulnerability is CVE-2022-1399, which allows an attacker to execute bash commands with root privileges via command injection and gives the attacker complete control over the appliance. Although remote code execution cannot be performed on its own, it can be combined with CVE 2022-1401 and CVE-2022-1400 to extract valid session identifiers of already authenticated users by exploiting a local file inclusion vulnerability discovered in the Exago reporting component. Further, Device42 released version 18.01.00 on July 7, 2022, to address security flaws discovered by the Romanian cybersecurity firm on February 18, 2022.
Poland has joined Germany and Czech Republic in condemning alleged cyberattacks by a Russian group known as APT28. The Polish foreign ministry expressed solidarity with its neighbo...
Security researchers have discovered a new attack, named TunnelVision, that compromises the security of nearly all virtual private network (VPN) applications. This attack forces VP...
The Indian government has taken strong action against the cyber terror ecosystem by blocking 14 messenger mobile applications in Jammu & Kashmir. These apps, which include Crypvise...