Calenderweek 49 – WafdogBlog http://192.168.11.11 Fri, 29 Mar 2024 13:17:07 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 http://192.168.11.11/wp-content/uploads/2023/11/logo_fav.png Calenderweek 49 – WafdogBlog http://192.168.11.11 32 32 Zyxel NAS Vulnerabilities: Critical Command Injections and Security Patch Updates http://192.168.11.11/zyxel-nas-vulnerabilities-critical-command-injections-and-security-patch-updates/ Wed, 28 Feb 2024 14:49:38 +0000 http://192.168.11.11/?p=1137 Zyxel NAS Vulnerabilities: Critical Command Injections and Security Patch Updates Read More »

]]>
Multiple vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, posing a significant risk of command injection. These vulnerabilities, detailed below, could enable attackers to execute system commands, potentially leading to unauthorized access and control over affected devices. Zyxel has promptly responded by releasing patches to address these security concerns, prioritizing the protection of user data and network integrity.

Command Injection Vulnerabilities:

  1. CVE-2023-35138: This vulnerability affects the “show_zysync_server_contents” function of Zyxel NAS devices, enabling unauthenticated attackers to execute operating system commands via crafted HTTP POST requests, with a severity rating of 9.8 (Critical).
  2. CVE-2023-37928: This post-authentication command injection flaw resides in the WSGI server of NAS devices. By exploiting this vulnerability with a crafted URL, threat actors can execute OS commands on affected devices, rated at 8.8 in severity (High).
  3. CVE-2023-4473: Present in the web server of Zyxel NAS devices, this vulnerability permits unauthenticated threat actors to execute OS commands through crafted URLs, with a severity rating of 9.8 (Critical).

Acknowledging the responsible disclosure of these vulnerabilities by security researchers, Zyxel credits Maxim Suslov for CVE-2023-35138 and Attila Szász from BugProve for CVE-2023-37928 and CVE-2023-4473, along with Drew Balfour from IBM X-Force for CVE-2023-4473.

In addition to addressing these specific vulnerabilities, Zyxel has released patches to rectify a total of 15 security issues affecting NAS, firewall, and access point (AP) devices. Among these, three critical flaws, including the aforementioned command injection vulnerabilities, have been identified as potential pathways for authentication bypass and unauthorized command execution. These patches aim to fortify the security posture of Zyxel devices, reducing the risk of exploitation by threat actors.

It’s imperative for users to promptly apply these updates to mitigate potential threats, especially considering the history of Zyxel devices being targeted by malicious actors. By staying vigilant and ensuring their devices are up to date, users can bolster their defenses against evolving cybersecurity risks.

]]>
OwnCloud Vulnerability Exploitation: Urgent Measures Required for Critical Security Flaws http://192.168.11.11/owncloud-vulnerability-exploitation-urgent-measures-required-for-critical-security-flaws/ Wed, 28 Feb 2024 14:45:27 +0000 http://192.168.11.11/?p=1135 OwnCloud Vulnerability Exploitation: Urgent Measures Required for Critical Security Flaws Read More »

]]>

OwnCloud recently disclosed several vulnerabilities within its namesake open-source file-hosting application. Among these, one critical vulnerability (CVE-2023-49103) is currently being actively exploited by attackers. This flaw, rated with a maximum CVSS score of 10, allows malicious actors to pilfer credentials and license keys.

The vulnerability resides within the Graphapi app, which leverages a third-party library to provide a URL for retrieving PHP environment details, including sensitive data like OwnCloud admin passwords and mail server credentials. Notably, instances predating February 2023 in Docker containers remain unaffected by credential exposure.

Reports indicate a significant concentration of vulnerable systems in Germany, with over 11,000 systems worldwide at risk. Despite the gravity of the situation, merely deactivating the Graphapi app does not suffice as a solution.

OwnCloud advises administrators to delete the vulnerable file and promptly change exposed credentials. Additionally, two other vulnerabilities (CVE-2023-49104 and CVE-2023-49105) have been disclosed, further underscoring the urgency for mitigation efforts.

Despite OwnCloud’s patch release on September 1, an update to Graphapi version 0.3.1 remains imperative to safeguard systems. Threat actors have swiftly capitalized on this vulnerability since November 25, 2023, with multiple IPs involved in exploitation attempts.

Both Shadowserver and Greynoise corroborate the escalating threat landscape, necessitating immediate action from administrators to mitigate the risk. Disabling the ‘phpinfo’ function in Docker containers and fortifying passwords are crucial steps in thwarting potential breaches.

In conclusion, the exploitation of CVE-2023-49103 underscores the critical importance of swift and comprehensive security measures within the OwnCloud ecosystem.

]]>