Analysis of CVE-2019-0708 (BlueKeep)
Binary Diffing As always, I started with a BinDiff of the binaries modified by the patch (in this case there is only one: TermDD.sys). Below we can see the results. A BinDiff of TermDD.sys pre and post patch. Most of the changes turned out to…
Geutebrück G-Cam and G-Code
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Geutebrück Equipment: G-Cam and G-Code Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution as root and remote code execution in the browser of the…
PHOENIX CONTACT FL NAT SMx
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: FL NAT SMx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users full access to the device configuration. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Phoenix…
PHOENIX CONTACT PLCNext AXC F 2152
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: PLCNext AXC F 2152 Vulnerabilities: Key Management Errors, Improper Access Control, Man-in-the-Middle, Using Component with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords,…
0patch released micropatch for BearLPE Zero-Day flaw in Windows 10 Task Scheduler
An unpatched local privilege escalation zero-day vulnerability in Windows 10 received a temporary patch today. The fix is delivered through the 0patch platform and can be applied on systems without rebooting them. Exploit code is available for this zero-day flaw from researcher SandboxEscaper, who named it BearLPE when she…
CVE-2019-8575: Apple AirPort Firmware Data Deletion Vulnerability
On July 4th, 2018, I reported a security/privacy problem to Apple regarding the firmware on its now-discontinued AirPort wireless access points. Per Apple’s website, a “factory-default reset” of an AirPort should “remove any saved configurations and profiles” and should be sufficient for “selling or giving away your base…
Emerson Ovation OCR400 Controller
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Ovation OCR400 Controller Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow privilege escalation or remote code execution, or it may halt the controller. For…
PoC Exploits for CVE-2019-0708 wormable Windows flaw released online
Several security experts have developed PoC exploits for wormable Windows RDS flaw tracked as CVE-2019-0708 and dubbed BlueKeep. Experts have developed several proof-of-concept (PoC) exploits for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. View image on Twitter One of…
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
Blue Prism Robotic Process Automation (RPA) versions prior to 6.5.0.12573 suffer from a privilege escalation vulnerability. ———————————————————————— SySS Security Advisory: Blue Prism Robotic Process Automation (RPA) – Privilege Escalation ———————————————————————— Advisory ID: SYSS-2019-002 Product: Blue Prism Robotic Process Automation (RPA) Manufacturer: Blue Prism Affected Version(s):…
Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS
Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability…
Stay connected