Jun 30, 2021

Improper Authentication on VMware Carbon Black App Control

Improper Authentication on VMware Carbon Black App Control.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21998
 [_] Desc   : VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate.

 [_] C:2021-01-04 / P:2021-06-23 / L:2021-06-30
 [*] Vuln Risk           : 55.7273
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0789% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.5 / 9.8 ]

 [_] Vuln Products  : [3]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21998 (55.7273) : []


 ** [5] threads completed [2 tasks] / [1.98 KB] within [2.90 sec].

Jun 29, 2021

Improper Privilege Management on Windows Servers

Improper Privilege Management on Windows Servers (2008 and 2012).

 

 [*] Searching cve-[['2021-1675']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-1675
 [_] Desc   : Windows Print Spooler Elevation of Privilege Vulnerability

 [_] C:2020-12-02 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 32.6405
 [*] Exploited [trend]   : 1 [holding]
 [_] Exploit/likehood    : False/0.2499% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [1]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 7.8 ]

 [_] Vuln Products  : [4]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]    CVE-2021-1675 (32.6405) : ['hpv_exploit', 'hpv_poc']


 ** [5] threads completed [2 tasks] / [1.96 KB] within [2.65 sec].


Jun 26, 2021

Funny iPhone Bug on WiFi SSID

A funny bug on iPhone found by a security researcher where a carefully crafted network name causes a bug in the networking stack of iOS and can completely disable an iPhone’s ability to connect to Wi-Fi.

On Twitter, Carl Schou showed that after joining a Wi-Fi network with a specific name (“%p%s%s%s%s%n”), all Wi-Fi functionality on the iPhone was disabled from that point on. 

Once an iPhone or iPad joins the network with the name “%p%s%s%s%s%n”, the device fails to connect to Wi-Fi networks or use system networking features like AirDrop.

Links:

  •  https://9to5mac.com/2021/06/19/a-specific-network-name-can-completely-disable-wi-fi-on-your-iphone/

Jun 25, 2021

Four Bugs found at Dell Devices (Remote BIOS Attacks)

Total of 4 separate security bugs would give attackers almost complete control and persistence over targeted devices. 

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices.

The first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).

The other 2 of the vulnerabilities affect the OS recovery process, while the last one affects the firmware update process.


 [*] Searching cve-[['2021-21571', '2021-21572', '2021-21573', '2021-21574']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21571
 [_] Desc   : Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.

 [_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
 [*] Vuln Risk           : 20.4333
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0017% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.1 / 5.9 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21572
 [_] Desc   : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

 [_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
 [*] Vuln Risk           : 19.5045
 [*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
 [_] Exploit/likehood    : False/0.0873% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 5.9 / 7.2 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21573
 [_] Desc   : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

 [_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
 [*] Vuln Risk           : 19.5045
 [*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
 [_] Exploit/likehood    : False/0.0873% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 5.9 / 7.2 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21574
 [_] Desc   : Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.

 [_] C:2021-01-04 / P:2021-06-24 / L:2021-06-24
 [*] Vuln Risk           : 19.5045
 [*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
 [_] Exploit/likehood    : False/0.0873% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 5.9 / 7.2 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21571 (20.4333) : []
 [!!!]   CVE-2021-21572 (19.5045) : []
 [!!!]   CVE-2021-21573 (19.5045) : []
 [!!!]   CVE-2021-21574 (19.5045) : []


 ** [5] threads completed [8 tasks] / [7.97 KB] within [10.64 sec].


Jun 24, 2021

The Threat Detection with Cloud API Logs: A Case Study from Capital One

 

My notes:

  • Methodologies for Cyber Threat Intelligence: [06:00]
    • Blacklist - hashes, IP, ports, 
    • Statistical Analysis
    • Behavior Analysis - Mitre Att&ck (intention/tactics) [06:55]
  • Case Study : Capital One Attack [08:58]
    • T1595: Active scanning
    • T1190: Exploit webap (SSRF) [13:25]  
    • T1552: Access EC2 metadata service [14:14]
    • T1526: Discover Token to access to all S3 bucket [15:20] 
    • T1530: Data exfil from S3 cloud storage
  • The Cloud API Service [18:50]
  • CloudTrail - for threat hunting using API calls [20:00]  
  • Azure Resource Provider Operations [30:00]
    • Portal
    • CLI: az privoder operation list
  • Azure Activity Log [33:13]
    • only provides Create, Update, Delete (no Read)
    • Grouped by correlation ID
  • Azure IMDSv1 Vs IMDSv2

Jun 23, 2021

Security Model

Do not use somebody else security model, because if you focus so much on firewall, you gonna fail in cloud.

Jun 22, 2021

Cloud Security Management Practices You Might Have Neglected

 

My notes:

  1. Public cloud offers a lot of new capabilities. [10:00]
  2. Establish a unified security strategy.
    • Pace of change is daunting to everyone. [11:00]
    • Team working in isolation will lead to mis-alignment. [13:00]
    • Requires sponsorship from senior leadership. [19:00]
    • Encourage shared goals. [22:00]
    • Focus on the end goal, less about which technology. [22:35]
  1. Transitions in security roles:
  1. Forget and Re-learn Security Best Practices:
    • Existing on-Prem security model is dangerous for Clouds. [34:30]
    • Start from security objectives [38:40]
    • Be flexible and adopt the cloud native ways [40:00]
    • Keep scalability and automation in mind [42:00]

Jun 21, 2021

What could replace Python in the future?

There are a few new competitors on the market of programming languages:

  • Rust offers the same kind of safety that Python has — no variable can accidentally be overwritten. But it solves the performance issue with the concept of ownership and borrowing. It is also the most-loved programming language of the last few years, according to StackOverflow Insights.
  • Go is great for beginners like Python. And it is so simple that it’s even easier to maintain the code. Fun point: Go developers are among the highest-paid programmers on the market.
  • Julia is a very new language that competes head-on with Python. It fills the gap of large-scale technical computations: Usually, one would have used Python or Matlab, and patched the whole thing up with C++ libraries, which are necessary at a large scale. Now, one can use Julia instead of juggling with two languages.

Links:

  •  https://thenextweb.com/news/why-python-not-programming-language-future-syndication

Jun 16, 2021

Update on the VMware vCenter

Remember the 2 critical vulnerabilities for VMware earlier at  https://myseq.blogspot.com/2021/06/two-critical-vulnerabilties-at-vsphere.html

Here's the update:

$ ./kvi-cli.py -v cve 2021-21985 2021-21986 -z


 [*] Searching cve-[['2021-21985', '2021-21986']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21985
 [_] Desc   : The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 92.7286
 [*] Easily_Exploit         : True
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : True

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 1
 [*] Velocity (D/W/M)          : 0/0/1
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : [_TRUE_] False
 [*] Predicted_Exploitable     : 1 (0.3460% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:01Z
 [_] Published     : 2021-05-26T15:15:00Z
 [_] Last_Modified : 2021-06-03T14:19:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [1]:
     [ --> ]   created_at : 2021-06-05T15:00:00Z
     [ --> ]  external_id : kenna.CVE-2021-21985
     [ --> ]         name : CVE-2021-21985: Vcenter Server CVE-2021-21985 RCE PAYLOAD
     [ --> ]       source : kenna
     [ --> ]          url : https://www.iswin.org/2021/06/02/Vcenter-Server-CVE-2021-21985-RCE-PAYLOAD/

 [_] Fixes [5]:
     [ --> ]  external_id : 216260
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : 216261
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : 216259
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : vmsa-2021-0010-cve-2021-21985-vcenter
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-05-25T00:00:00Z

     [ --> ]  external_id : 730102
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-06-03T23:50:38Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |  10.000 |   9.800
Exploit_Score |  10.000 |   3.900
 Impact_Score |  10.000 |   5.900
     Temporal |   7.400 |    None

 [*] CVSS v2 vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [55] :
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ CVE History : CVE-2021-21985 ]
 [*] ID              : 2931038
 [*] Vuln Risk Score : 93
 [*] History         : 2

   [**] changed_at : 2021-05-26T04:13:12.000Z
   [**]       from : 25
   [**]         to : 37

   [**] changed_at : 2021-06-06T04:04:24.000Z
   [**]       from : 37
   [**]         to : 93


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21986
 [_] Desc   : The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 37.0796
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.1303% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:01Z
 [_] Published     : 2021-05-26T15:15:00Z
 [_] Last_Modified : 2021-06-03T14:19:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [4]:
     [ --> ]  external_id : 216260
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : 216261
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : 216259
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ]  external_id : vmsa-2021-0010-cve-2021-21986-vcenter
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-05-25T00:00:00Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |  10.000 |   9.800
Exploit_Score |  10.000 |   3.900
 Impact_Score |  10.000 |   5.900
     Temporal |   7.400 |    None

 [*] CVSS v2 vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [55] :
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ CVE History : CVE-2021-21986 ]
 [*] ID              : 2931039
 [*] Vuln Risk Score : 37
 [*] History         : 3

   [**] changed_at : 2021-05-26T04:13:12.000Z
   [**]       from : 25
   [**]         to : 30

   [**] changed_at : 2021-05-27T04:16:24.000Z
   [**]       from : 30
   [**]         to : 44

   [**] changed_at : 2021-06-04T04:19:46.000Z
   [**]       from : 44
   [**]         to : 37

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21985 (92.7286) : ['hpv_exploited', 'hpv_poc']
 [!!!]   CVE-2021-21986 (37.0796) : []


 ** [5] threads completed [6 tasks] / [11.54 KB] within [4.85 sec].


Jun 15, 2021

4 alerts on Pivotal Software, Vmware

References changed for 4 CVE found at Pivotal software and VMware today. All of them are released by Oracle.


 [*] Searching cve-[['2021-22112', '2020-5413', '2019-3773', '2020-5407']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-22112
 [_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

 [_] C:2021-01-04 / P:2021-02-23 / L:2021-06-14
 [*] Vuln Risk           : 31.4038
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0030% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 9.0 / 8.8 ]

 [_] Vuln Products  : [2]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2020-5413
 [_] Desc   : Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.

 [_] C:2020-01-03 / P:2020-07-31 / L:2021-06-14
 [*] Vuln Risk           : 33.0384
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0297% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.5 / 9.8 ]

 [_] Vuln Products  : [2]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2019-3773
 [_] Desc   : Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

 [_] C:2019-01-21 / P:2019-01-18 / L:2021-06-14
 [*] Vuln Risk           : 32.5156
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0463% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.5 / 9.8 ]

 [_] Vuln Products  : [2]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2020-5407
 [_] Desc   : Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

 [_] C:2020-01-03 / P:2020-05-13 / L:2021-06-14
 [*] Vuln Risk           : 27.5046
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0117% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.5 / 8.8 ]

 [_] Vuln Products  : [1]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-22112 (31.4038) : []
 [!!!]    CVE-2020-5413 (33.0384) : []
 [!!!]    CVE-2019-3773 (32.5156) : []
 [!!!]    CVE-2020-5407 (27.5046) : []


 ** [5] threads completed [8 tasks] / [8.59 KB] within [10.65 sec].

Jun 11, 2021

CSRF vulnerability in springframework-social

A new vulnerable product has been added to an old CSRF vulnerability.


 [*] Searching cve-[['2015-5258']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2015-5258
 [_] Desc   : Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 29.1449
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (4.3718% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2016-05-25T23:17:59Z
 [_] Published     : 2017-08-22T18:29:00Z
 [_] Last_Modified : 2021-06-09T16:20:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [1]:
     [ --> ]  external_id : 124732
     [ --> ]          url : https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177420.html
     [ --> ]      product : None
     [ --> ] published_at : 2016-02-18T12:10:45Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact  |   |                | CVSS_Access
================+=========+===+================+==============
   Availability | Partial |   |     Complexity | Medium
Confidentiality | Partial |   |         Vector | Network
      Integrity | Partial |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   6.800 |   8.800
Exploit_Score |   8.600 |   2.800
 Impact_Score |   6.400 |   5.900
     Temporal |   5.000 |    None

 [*] CVSS v2 vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [2] :
     [ --> ] cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:spring_social:*:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]    CVE-2015-5258 (29.1449) : []


 ** [5] threads completed [2 tasks] / [1.64 KB] within [2.00 sec].

Jun 10, 2021

June 2021Patch Tuesday

Microsoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs rated as critical and 44 rated as important, and with six having been observed as exploited in the wild.

Below are the 9 highlighted CVEs and the associated vulnerability risk score.

 [*] Searching cve-[['2021-31955', '2021-31956', '2021-33742', '2021-22741', '2021-31939', '2021-33739', '2021-31983', '2021-31946', '2021-31945']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31955
 [_] Desc   : Windows Kernel Information Disclosure Vulnerability

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 12.2402
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/1.8670% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 2.1 / 5.5 ]

 [_] Vuln Products  : [8]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31956
 [_] Desc   : Windows NTFS Elevation of Privilege Vulnerability

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-09
 [*] Vuln Risk           : 29.6732
 [*] Exploited [trend]   : 3 [up]    [Pre_NVD]
 [_] Exploit/likehood    : False/3.6829% confidence

 [*] Malware sample : 1
 [*] Exploits/POC   : [1]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 7.8 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-33742
 [_] Desc   : Windows MSHTML Platform Remote Code Execution Vulnerability

 [_] C:2021-05-28 / P:2021-06-08 / L:2021-06-09
 [*] Vuln Risk           : 26.5204
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/3.7964% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.6 / 7.5 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-22741
 [_] Desc   : Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.

 [_] C:2021-01-06 / P:2021-05-26 / L:2021-06-07
 [*] Vuln Risk           : 16.6911
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0253% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 4.6 / 6.7 ]

 [_] Vuln Products  : [3]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31939
 [_] Desc   : Microsoft Excel Remote Code Execution Vulnerability

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 32.6405
 [*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
 [_] Exploit/likehood    : False/13.8740% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [3]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.2 / 7.8 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-33739
 [_] Desc   : Microsoft DWM Core Library Elevation of Privilege Vulnerability

 [_] C:2021-05-28 / P:2021-06-08 / L:2021-06-09
 [*] Vuln Risk           : 22.4403
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/4.4376% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [2]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.2 / 8.4 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31983
 [_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 32.6405
 [*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
 [_] Exploit/likehood    : False/33.2174% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.2 / 7.8 ]

 [_] Vuln Products  : [0]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31946
 [_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 32.6405
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/29.5867% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 6.6 ]

 [_] Vuln Products  : [1]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-31945
 [_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

 [_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
 [*] Vuln Risk           : 32.6405
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/29.5867% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 6.6 ]

 [_] Vuln Products  : [1]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-31955 (12.2402) : []
 [!!!]   CVE-2021-31956 (29.6732) : ['hpv_exploited', 'hpv_malware', 'hpv_poc']
 [!!!]   CVE-2021-33742 (26.5204) : []
 [!!!]   CVE-2021-22741 (16.6911) : []
 [!!!]   CVE-2021-31939 (32.6405) : []
 [!!!]   CVE-2021-33739 (22.4403) : []
 [!!!]   CVE-2021-31983 (32.6405) : []
 [!!!]   CVE-2021-31946 (32.6405) : []
 [!!!]   CVE-2021-31945 (32.6405) : []


 ** [5] threads completed [18 tasks] / [15.59 KB] within [9.76 sec].

Jun 9, 2021

3 Alerts on Pivotal Software, Vmware

There are 3 updates (CPE changes) on Pivotal Software, Vmware today.


 [*] Searching cve-[['2021-22112', '2014-3527', '2017-4995', '2021-22112']] vulnerability definitions within Kenna.VI+....


[ CVE Description ]
 [*] CVE_ID : CVE-2021-22112
 [_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

 [_] C:2021-01-04 / P:2021-02-23 / L:2021-06-08
 [*] Vuln Risk           : 31.4038
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.0030% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 9.0 / 8.8 ]

 [_] Vuln Products  : [2]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2014-3527
 [_] Desc   : When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

 [_] C:2015-05-21 / P:2017-05-25 / L:2021-06-08
 [*] Vuln Risk           : 32.8126
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/1.0277% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [1]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 7.5 / 9.8 ]

 [_] Vuln Products  : [10]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2017-4995
 [_] Desc   : An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.

 [_] C:2017-11-28 / P:2017-11-27 / L:2021-06-08
 [*] Vuln Risk           : 29.3175
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/5.8683% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [0]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 6.8 / 8.1 ]

 [_] Vuln Products  : [4]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-22112 (31.4038) : []
 [!!!]    CVE-2014-3527 (32.8126) : []
 [!!!]    CVE-2017-4995 (29.3175) : []


 ** [5] threads completed [6 tasks] / [9.54 KB] within [3.85 sec].


Jun 6, 2021

Modern Web Application Security

Here are some of my notes about what can we deploy to help to protect web application using the modern technologies.

Instead of depending on developers to FIX all the webapp vulnerabilities, such as XSS/CSRF, below are a few things we should strategies at the policy/framework level.

A New Strategy for WebApp

Traditionally, we assess a web application (webapp) security via scanning and penetration testing (pentest). This isn't an effective way when you have a complex webapp or many webapps (with undocumented CMDB).

A better way would be securing webapp (or many webapps) via policy. 

At the policy level, it requires every webapp to implement a series web security policies such as Content Security Policy (CSP), and during the regular scanning, the scanner will detect is those policies are still in place, to determine if an webapp is violating the policy. The benefits here include:

  • It covers all the webapps at the domain level, without going into the details of every single link within a webapp. 
  • It works at a consistent manner (less false positive or false negative) compare to manual penetration testing.
  • It can ensure many of the security best practices being enforced at those high severity webapp without re-doing the pentest after a major upgrade.

Links:

Jun 4, 2021

Out-of-bounds Write (OpenSLP/ESXi)

An out-of-bound write (heap overflow) vulnerability is found at OpenSLP (used in ESXi). As of now, a PoC is released in Github.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21974
 [_] Desc   : OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 36.1446
 [*] Easily_Exploit         : True
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0009% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:00Z
 [_] Published     : 2021-02-24T17:15:00Z
 [_] Last_Modified : 2021-06-03T18:15:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [1]:
     [ --> ]   created_at : 2021-05-26T18:00:00Z
     [ --> ]  external_id : kenna.CVE-2021-21974
     [ --> ]         name : CVE-2021-21974: VMWare ESXi PoC
     [ --> ]          url : https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2021-21974.py

 [_] Fixes [5]:
     [ --> ]  external_id : vmsa-2021-0002-cve-2021-21974
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-02-24T00:00:00Z

     [ --> ]  external_id : 216257
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 216258
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 216256
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 11699
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-02-25T14:31:08Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact  |   |                | CVSS_Access
================+=========+===+================+=================
   Availability | Partial |   |     Complexity | Low
Confidentiality | Partial |   |         Vector | Adjacent network
      Integrity | Partial |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   5.800 |   8.800
Exploit_Score |   6.500 |   2.800
 Impact_Score |   6.400 |   5.900
     Temporal |   4.300 |    None

 [*] CVSS v2 vector: AV:A/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [232] :
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:2:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912104:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202005001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202006001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202007001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202010001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202011002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202011001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202102001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904201-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904202-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904203-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904204-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904205-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904206-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904207-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904208-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904209-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904210-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904211-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904212-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904213-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904214-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904215-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904216-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904217-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904218-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904219-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904220-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904221-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904222-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904223-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904224-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904225-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904226-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904227-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904228-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904229-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004405:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004406:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004407:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004408:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202006001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202008001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202010001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202011001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202011002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202102001:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21974 (36.1446) : ['hpv_poc']


 ** [5] threads completed [2 tasks] / [15.04 KB] within [1.92 sec].

Two Critical Vulnerabilties at vSphere Client

Two critical vulnerabilities have been highlighted for vSphere Client today. One is with "improper input validation" (cve-2021-21985) and another is "improper auehtnication" (cve-2021-21986).

 

[ CVE Description ]
 [*] CVE_ID : CVE-2021-21986
 [_] Desc   : The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

 [_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
 [*] Vuln Risk           : 44.4856
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.1308% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [4]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 10.0 / 9.8 ]

 [_] Vuln Products  : [55]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21985
 [_] Desc   : The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

 [_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
 [*] Vuln Risk           : 37.0714
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/0.5650% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [4]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 10.0 / 9.8 ]

 [_] Vuln Products  : [55]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21986 (44.4856) : []
 [!!!]   CVE-2021-21985 (37.0714) : []


 ** [5] threads completed [4 tasks] / [10.7 KB] within [2.98 sec].


Jun 3, 2021

Incorrect Authorization at Dell Wyse Windows Embedded System

The vulnerability allows attackers to bypass intended access restrictions at the affected software.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21552
 [_] Desc   : Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 20.3938
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0151% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T18:00:05Z
 [_] Published     : 2021-05-21T20:15:00Z
 [_] Last_Modified : 2021-06-02T12:30:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [0]:
     [ --> ] None
 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Local access
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   7.200 |   8.800
Exploit_Score |   3.900 |   2.000
 Impact_Score |  10.000 |   6.000
     Temporal |   7.200 |    None

 [*] CVSS v2 vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
 [*] CVSS v3 vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H


[ Others ]
 [*] Vulnerable Products [1] :
     [ --> ] cpe:2.3:o:microsoft:windows_10:*:*:*:*:enterprise_ltsc:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21552 (20.3938) : []


 ** [5] threads completed [2 tasks] / [1.86 KB] within [2.06 sec].


Jun 1, 2021

Spring Security within Pivotal Software

A low risk spring security vulnerability found within Pivotal Software.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-22112
 [_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 31.4038
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0030% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:14Z
 [_] Published     : 2021-02-23T19:15:00Z
 [_] Last_Modified : 2021-05-25T13:22:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [1]:
     [ --> ]  external_id : 11718
     [ --> ]          url : https://www.jenkins.io/security/advisory/2021-02-19/
     [ --> ]      product : jenkins
     [ --> ] published_at : 2021-05-13T13:20:49Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+=========================
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | Requires single instance

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   9.000 |   8.800
Exploit_Score |   8.000 |   2.800
 Impact_Score |  10.000 |   5.900
     Temporal |   6.700 |    None

 [*] CVSS v2 vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [1] :
     [ --> ] cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-22112 (31.4038) : []


 ** [5] threads completed [2 tasks] / [2.42 KB] within [2.12 sec].