138454 author: screaminggoat@infosec.exchange 27 Dec 04:00
tags: #activeexploitation #christmas #cve #cve_2024_3393 #eitw #paloaltonetworks #vulnerability #zeroday

Merry fucking Christmas from Palo Alto Networks (Zero-Day): CVE-2024-3393 PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet
CVE-2024-3393 (CVSSv4: 8.7 high) A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.

136863 author: screaminggoat@infosec.exchange 23 Dec 23:36
tags: #activeexploitation #cve #cybersecurity #eitw #infosec #patchtuesday #poc #proofofconcept #vulnerability #zeroday

Merry Christmas from the goat: Vendor Verbiage is a list of common example messages used by software vendors to note that a vulnerability is publicly disclosed or exploited in the wild. This should come in handy when quickly scanning through security advisories on Patch Tuesday. Enjoy!

88860 author: screaminggoat@infosec.exchange 23 Oct 2024 21:22
tags: #activeexploitation #cisco #cve #cve_2024_20481 #eitw #proofofconcept #vulnerability #zeroday

Prepare your NX-OS and bite the pillow because Cisco has some zero-days!

In case you wanted even more Cisco, they dropped a total of 36 security advisories today, 23 October 2024.

88857 author: screaminggoat@infosec.exchange 23 Oct 2024 21:03
tags: #activeexploitation #cisakev #cti #cve #cve_2024_47575 #cybersecurity #cyberthreat #eitw #fortimanager #fortinet #infosec #ioc #kev #threatintel #vulnerability #zeroday
to: https://cyberplace.social/users/GossiTheDog https://infosec.exchange/users/cR0w https://swecyb.com/users/nopatience

Fortinet exploited zero-day: FG-IR-24-423 Missing authentication in fgfmsd
CVE-2024-47575 (9.8 critical, disclosed 23 October by Fortinet, noted earlier on 13 October by @GossiTheDog on Mastodon) Fortinet FortiManager Missing Authentication Vulnerability.

  • Reports have shown this vulnerability to be exploited in the wild.
  • The identified actions of this attack in the wild have been to automate via a script the exfiltration of various files from the FortiManager which contained the IPs, credentials and configurations of the managed devices.

CISA added CVE-2024-47575 to the KEV Catalog about 3 hours afterward.

Just in case you didn't read closely, there are indicators of compromise (IoC) in the advisory. At least one of the IP addresses was reportedly used as a Cobalt Strike server 2 years ago.

cc: @cR0w @nopatience I require at least 25 favorites to unlock my next toot!

#fortinet #fortimanager #cve #zeroday #CVE_2024_47575 #vulnerability #eitw #activeexploitation #kev #cisakev #KnownExploitedVulnerabilitiesCatalog

76340 author: screaminggoat@infosec.exchange 09 Oct 2024 18:40
tags: #activeexploitation #cloudservicesappliance #cve #eitw #ivanti #ivanticsa #patchtuesday #vulnerability #zeroday
to: https://infosec.exchange/users/cR0w https://infosec.exchange/users/reverseics

Ivanti Security Advisory: Ivanti CSA (Cloud Services Application) (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Very sneaky of Ivanti to quietly update the security advisory without a changelog: They removed CVE-2024-9381 (CVSSv3: 7.2 high) Path traversal in Ivanti CSA before version 5.0.2 from the exploitation announcement:

We have observed limited exploitation of CSA 4.6 when CVE-2024-9379 or CVE-2024-9380 are chained with CVE-2024-8963, present in CSA 4.6 patch 518 and below, it could lead to unauthenticated remote code execution. We have not observed these vulnerabilities being exploited in CSA 5.0.

See parent toot above for the original wording. cc: @cR0w @reverseics

76247 author: screaminggoat@infosec.exchange 09 Oct 2024 16:55
tags: #cve #expedition #paloaltonetworks #vulnerability

Palo Alto Networks security advisory: PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities Lead to Firewall Admin Account Takeover
See parent toot above for Horizon3 vulnerability details.

  • CVE-2024-9463 (9.9 critical) Palo Alto Networks Expedition OS command injection vulnerability
  • CVE-2024-9464 (9.3 critical) Palo Alto Networks Expedition OS command injection vulnerability
  • CVE-2024-9465 (9.2 critical) Palo Alto Networks Expedition SQL injection vulnerability
  • CVE-2024-9466 (8.2 high) Palo Alto Networks Expedition cleartext storage of sensitive information vulnerability
  • CVE-2024-9467 (7.0 high) Palo Alto Networks Expedition reflected XSS vulnerability

Palo Alto Networks is not aware of any malicious exploitation of these issues.

76246 author: screaminggoat@infosec.exchange 09 Oct 2024 16:51
tags: #cve #expedition #paloaltonetworks #vulnerability #vulnerabilityanalysis
to: https://infosec.exchange/users/hacks_zach

Horizon3: Palo Alto Expedition: From N-Day to Full Compromise
References:

Daaaaaaaamn @hacks_zach, Zach Hanley at it again with the Palo Alto Networks vulnerabilities. In trying to find CVE2-2024-5910 in Expedition (a configuration migration tool from a supported vendor to Palo Alto Networks PAN-OS), he found CVE-2024-9464, CVE-2024-9465 and CVE-2024-9466. It appears that CVE-2024-9465 (unauth SQL injection) leads to leaking credentials via "users" and "devices" tables which contain password hashes and device API keys. This is the CVE-2024-9466.

71188 author: zirias@snac.bsd.cafe 04 Oct 2024 07:37
tags: #cve
to: https://programming.dev/u/GetOffMyLan

When the answer to major draw backs with a language is use it better that’s a dead end for me.
Try browsing the list of somewhat recent #CVE rated critical, as I just did to verify. A majority of them is not related to any memory errors. Will you tell all them "just use a different programming language"?
And again with OOP. Why hack it into a language rather than use a language that supports it.
Have you seen existing C code? For anything non-trivial, most code uses some OOP, and it comes quite natural in C, certainly no "hacking". You don't need a class keyword to do that.
If it came out today you’d have an incredibly hard time convincing anyone to use it over other languages.
It doesn't come out today, it's been there for a long time, and it's standardized, proven and stable. Sounds like you seriously misunderstood my points, which were, in a nutshell: For applications and similar, just use whatever suits you; for operating systems do experiments in lab/research projects (as was done with Unix), because existing and established ones are relied upon by lots of software. Just to make that perfectly clear, that doesn't mean they should use C forever, it means they should wait for a potential replacement to reach a similar state of stability with independent standards and competing implementations.
61873 author: iaintshootinmis@digitaldarkage.cc 23 Sep 2024 22:01
tags: #bsd #cve #evilsocket #exploit #infosec #linux #rce #threatintel #vuln

Who is paying attention to #EvilSocket on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it.

If no one is, then there is a #Linux unauth #RCE being disclosed to openwall on the 30th.

Appears to affect Linux and #BSD with a 9.9 CVSS score.

From reading X thread seems to be not kernel or user space. Assuming protocol implementation?

https://x.com/evilsocket/status/1838169889330135132

15220 author: censys@infosec.exchange 12 Aug 2024 23:11
https://censys.com/cve-2024-38077/
tags: #censysrapidresponse #cve #rce

🚨 Microsoft has patched CVE-2024-38077, a critical RCE flaw in Windows Remote Desktop Licensing Service (CVSS 9.8). 79k instances exposed online. Apply patches immediately!