Jun 6, 2021

Modern Web Application Security

Tags: , , ,

Here are some of my notes about what can we deploy to help to protect web application using the modern technologies.

Instead of depending on developers to FIX all the webapp vulnerabilities, such as XSS/CSRF, below are a few things we should strategies at the policy/framework level.

A New Strategy for WebApp

Traditionally, we assess a web application (webapp) security via scanning and penetration testing (pentest). This isn't an effective way when you have a complex webapp or many webapps (with undocumented CMDB).

A better way would be securing webapp (or many webapps) via policy. 

At the policy level, it requires every webapp to implement a series web security policies such as Content Security Policy (CSP), and during the regular scanning, the scanner will detect is those policies are still in place, to determine if an webapp is violating the policy. The benefits here include:

  • It covers all the webapps at the domain level, without going into the details of every single link within a webapp. 
  • It works at a consistent manner (less false positive or false negative) compare to manual penetration testing.
  • It can ensure many of the security best practices being enforced at those high severity webapp without re-doing the pentest after a major upgrade.

Links:

Jun 4, 2021

Out-of-bounds Write (OpenSLP/ESXi)

Tags: ,

An out-of-bound write (heap overflow) vulnerability is found at OpenSLP (used in ESXi). As of now, a PoC is released in Github.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21974
 [_] Desc   : OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 36.1446
 [*] Easily_Exploit         : True
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0009% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:00Z
 [_] Published     : 2021-02-24T17:15:00Z
 [_] Last_Modified : 2021-06-03T18:15:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [1]:
     [ --> ]   created_at : 2021-05-26T18:00:00Z
     [ --> ]  external_id : kenna.CVE-2021-21974
     [ --> ]         name : CVE-2021-21974: VMWare ESXi PoC
     [ --> ]          url : https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2021-21974.py

 [_] Fixes [5]:
     [ --> ]  external_id : vmsa-2021-0002-cve-2021-21974
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-02-24T00:00:00Z

     [ --> ]  external_id : 216257
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 216258
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 216256
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : esxi
     [ --> ] published_at : 2021-02-25T14:31:08Z

     [ --> ]  external_id : 11699
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0002.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-02-25T14:31:08Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact  |   |                | CVSS_Access
================+=========+===+================+=================
   Availability | Partial |   |     Complexity | Low
Confidentiality | Partial |   |         Vector | Adjacent network
      Integrity | Partial |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   5.800 |   8.800
Exploit_Score |   6.500 |   2.800
 Impact_Score |   6.400 |   5.900
     Temporal |   4.300 |    None

 [*] CVSS v2 vector: AV:A/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [232] :
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:2:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201911402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912104:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-201912002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202005001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202006001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202007001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202010001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202011002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202011001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.5:650-202102001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904201-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904202-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904203-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904204-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904205-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904206-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904207-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904208-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904209-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904210-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904211-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904212-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904213-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904214-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904215-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904216-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904217-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904218-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904219-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904220-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904221-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904222-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904223-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904224-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904225-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904226-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904227-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904228-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904229-ug:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904222:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904223:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904224:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904225:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904226:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904227:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904228:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904229:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201901001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201903001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201904001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201905001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201906002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908103:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908104:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908206:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908207:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908208:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908209:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908210:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908211:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908212:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908213:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908214:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908215:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908216:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908217:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908218:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908219:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908220:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908221:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908201:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908202:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908203:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908204:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201908205:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912405:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912101:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912102:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-201912001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004301:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004401:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004402:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004403:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004404:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004405:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004406:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004407:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004408:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202004002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202006001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202008001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202010001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:7.0.0:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202011001:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202011002:*:*:*:*:*:*
     [ --> ] cpe:2.3:o:vmware:esxi:6.7:670-202102001:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21974 (36.1446) : ['hpv_poc']


 ** [5] threads completed [2 tasks] / [15.04 KB] within [1.92 sec].

Two Critical Vulnerabilties at vSphere Client

Tags:

Two critical vulnerabilities have been highlighted for vSphere Client today. One is with "improper input validation" (cve-2021-21985) and another is "improper auehtnication" (cve-2021-21986).

 

[ CVE Description ]
 [*] CVE_ID : CVE-2021-21986
 [_] Desc   : The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

 [_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
 [*] Vuln Risk           : 44.4856
 [*] Exploited [trend]   : 0 [holding]
 [_] Exploit/likehood    : False/0.1308% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [4]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 10.0 / 9.8 ]

 [_] Vuln Products  : [55]

[ CVE Malware Family Info : None ]


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21985
 [_] Desc   : The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

 [_] C:2021-01-04 / P:2021-05-26 / L:2021-06-03
 [*] Vuln Risk           : 37.0714
 [*] Exploited [trend]   : 0 [holding]  [RCE]
 [_] Exploit/likehood    : False/0.5650% confidence

 [*] Malware sample : 0
 [*] Exploits/POC   : [0]
 [_] Fixes          : [4]
 [_] Threat Actors  : [0]
 [_] CVSS2 / CVSS3  : [ 10.0 / 9.8 ]

 [_] Vuln Products  : [55]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21986 (44.4856) : []
 [!!!]   CVE-2021-21985 (37.0714) : []


 ** [5] threads completed [4 tasks] / [10.7 KB] within [2.98 sec].

Jun 3, 2021

Incorrect Authorization at Dell Wyse Windows Embedded System

Tags:

The vulnerability allows attackers to bypass intended access restrictions at the affected software.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-21552
 [_] Desc   : Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 20.3938
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0151% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T18:00:05Z
 [_] Published     : 2021-05-21T20:15:00Z
 [_] Last_Modified : 2021-06-02T12:30:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [0]:
     [ --> ] None
 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Local access
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   7.200 |   8.800
Exploit_Score |   3.900 |   2.000
 Impact_Score |  10.000 |   6.000
     Temporal |   7.200 |    None

 [*] CVSS v2 vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
 [*] CVSS v3 vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H


[ Others ]
 [*] Vulnerable Products [1] :
     [ --> ] cpe:2.3:o:microsoft:windows_10:*:*:*:*:enterprise_ltsc:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-21552 (20.3938) : []


 ** [5] threads completed [2 tasks] / [1.86 KB] within [2.06 sec].


Jun 1, 2021

Spring Security within Pivotal Software

Tags:

A low risk spring security vulnerability found within Pivotal Software.


[ CVE Description ]
 [*] CVE_ID : CVE-2021-22112
 [_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

[ Kenna.VM Summary ]
 [*] Vuln Risk              : 31.4038
 [*] Easily_Exploit         : False
 [*] Malware_Exploit        : False
 [*] Popular_Target         : False
 [*] Active_Internet_Breach : False

[ Kenna.VI+ ]
 [*] Successful_Exploitations  : 0
 [*] Velocity (D/W/M)          : 0/0/0
 [*] Daily_Trend               : holding
 [*] Pre_NVD                   : True [_FALSE_]
 [*] RCE                       : True [_FALSE_]
 [*] Predicted_Exploitable     : 0 (0.0030% confidence)

[ Kenna.VI+ Details ]
 [_] Created_at    : 2021-01-04T23:00:14Z
 [_] Published     : 2021-02-23T19:15:00Z
 [_] Last_Modified : 2021-05-25T13:22:00Z

[ Links / References ]
 [*] Malware sample : 0
 [_] Exploits/POC [0]:
     [ --> ] None
 [_] Fixes [1]:
     [ --> ]  external_id : 11718
     [ --> ]          url : https://www.jenkins.io/security/advisory/2021-02-19/
     [ --> ]      product : jenkins
     [ --> ] published_at : 2021-05-13T13:20:49Z

 [_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3  Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+=========================
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | Requires single instance

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   9.000 |   8.800
Exploit_Score |   8.000 |   2.800
 Impact_Score |  10.000 |   5.900
     Temporal |   6.700 |    None

 [*] CVSS v2 vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C
 [*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C


[ Others ]
 [*] Vulnerable Products [1] :
     [ --> ] cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*


[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
 [!!!]   CVE-2021-22112 (31.4038) : []


 ** [5] threads completed [2 tasks] / [2.42 KB] within [2.12 sec].

Subscribe to: Posts (Atom)