Cisco IOS XE Software Static Credential Vulnerability

Yesterday, September 19th, Cisco announced an advisory for a critical vulnerability (CVE-2018-0150) that exists with their  IOS XE Software. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to […]

Vulnerabilities Discovered in NUUO Network Video Recorder

Tenable Research released two vulnerabilities in NVRMini2, NUUO’s Network Video Recorder software on September 17th. Risk information is as below: Reference link: https://www.tenable.com/security/research/tra-2018-25 Attack demo: https://www.youtube.com/watch?v=2EuFOZfRL4U Sketch of NVRMini2 structure: Vulnerability Description CVE-2018-1149: Unauthenticated Remote Stack Buffer Overflow The HTTP interface exposes the binary cgi_system through the http://<target>/cgi-bin/cgi_system endpoint. Much […]

Response Guide of IBM WebSphere Code Execution Vulnerability

Recently IBM released a remote code execution vulnerability (CVE-2018-1567) in WebSphere application server. It could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected versions: IBM WebSphere 9.0.0.0 – 9.0.0.9 IBM WebSphere 8.5.0.0 – 8.5.5.14 IBM […]

Multiple Vulnerabilities in Cisco Products

Cisco has released 30 security advisories on 5 September 2018 to address vulnerabilities affecting multiple products. Three of them are critical. Reference link: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities Vulnerability Description CVE-2018-11776 – Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products (Critical) A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary […]