MySeq (#SimplifyCybersecurity #EssentialSecurity)

Jun 16, 2021

Update on the VMware vCenter

Remember the 2 critical vulnerabilities for VMware earlier at https://myseq.blogspot.com/2021/06/two-critical-vulnerabilties-at-vsphere.html

Here's the update:

$ ./kvi-cli.py -v cve 2021-21985 2021-21986 -z

[*] Searching cve-[['2021-21985', '2021-21986']] vulnerability definitions within Kenna.VI+....

[ CVE Description ]
[*] CVE_ID : CVE-2021-21985
[_] Desc   : The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

[ Kenna.VM Summary ]
[*] Vuln Risk              : 92.7286
[*] Easily_Exploit         : True
[*] Malware_Exploit        : False
[*] Popular_Target         : False
[*] Active_Internet_Breach : True

[ Kenna.VI+ ]
[*] Successful_Exploitations : 1
[*] Velocity (D/W/M)          : 0/0/1
[*] Daily_Trend               : holding
[*] Pre_NVD                   : True [_FALSE_]
[*] RCE                       : [_TRUE_] False
[*] Predicted_Exploitable     : 1 (0.3460% confidence)

[ Kenna.VI+ Details ]
[_] Created_at    : 2021-01-04T23:00:01Z
[_] Published     : 2021-05-26T15:15:00Z
[_] Last_Modified : 2021-06-03T14:19:00Z

[ Links / References ]
[*] Malware sample : 0
[_] Exploits/POC [1]:
     [ --> ]   created_at : 2021-06-05T15:00:00Z
     [ --> ] external_id : kenna.CVE-2021-21985
     [ --> ]         name : CVE-2021-21985: Vcenter Server CVE-2021-21985 RCE PAYLOAD
     [ --> ]       source : kenna
     [ --> ]          url : https://www.iswin.org/2021/06/02/Vcenter-Server-CVE-2021-21985-RCE-PAYLOAD/

[_] Fixes [5]:
     [ --> ] external_id : 216260
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : 216261
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : 216259
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : vmsa-2021-0010-cve-2021-21985-vcenter
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-05-25T00:00:00Z

     [ --> ] external_id : 730102
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-06-03T23:50:38Z

[_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3 Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score | 10.000 |   9.800
Exploit_Score | 10.000 |   3.900
Impact_Score | 10.000 |   5.900
     Temporal |   7.400 |    None

[*] CVSS v2 vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
[*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

[ Others ]
[*] Vulnerable Products [55] :
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*

[ CVE Malware Family Info : None ]

[ CVE History : CVE-2021-21985 ]
[*] ID              : 2931038
[*] Vuln Risk Score : 93
[*] History         : 2

   [**] changed_at : 2021-05-26T04:13:12.000Z
   [**]       from : 25
   [**]         to : 37

   [**] changed_at : 2021-06-06T04:04:24.000Z
   [**]       from : 37
   [**]         to : 93

[ CVE Description ]
[*] CVE_ID : CVE-2021-21986
[_] Desc   : The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication.

[ Kenna.VM Summary ]
[*] Vuln Risk              : 37.0796
[*] Easily_Exploit         : False
[*] Malware_Exploit        : False
[*] Popular_Target         : False
[*] Active_Internet_Breach : False

[ Kenna.VI+ ]
[*] Successful_Exploitations : 0
[*] Velocity (D/W/M)          : 0/0/0
[*] Daily_Trend               : holding
[*] Pre_NVD                   : True [_FALSE_]
[*] RCE                       : True [_FALSE_]
[*] Predicted_Exploitable     : 0 (0.1303% confidence)

[ Kenna.VI+ Details ]
[_] Created_at    : 2021-01-04T23:00:01Z
[_] Published     : 2021-05-26T15:15:00Z
[_] Last_Modified : 2021-06-03T14:19:00Z

[ Links / References ]
[*] Malware sample : 0
[_] Exploits/POC [0]:
     [ --> ] None
[_] Fixes [4]:
     [ --> ] external_id : 216260
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : 216261
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : 216259
     [ --> ]          url : https://www.vmware.com/security/advisories/VMSA-2021-0010.html
     [ --> ]      product : vcenter
     [ --> ] published_at : 2021-05-26T13:34:51Z

     [ --> ] external_id : vmsa-2021-0010-cve-2021-21986-vcenter
     [ --> ]          url : None
     [ --> ]      product : None
     [ --> ] published_at : 2021-05-25T00:00:00Z

[_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3 Details ]

                | Impact   |   |                | CVSS_Access
================+==========+===+================+==============
   Availability | Complete |   |     Complexity | Low
Confidentiality | Complete |   |         Vector | Network
      Integrity | Complete |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score | 10.000 |   9.800
Exploit_Score | 10.000 |   3.900
Impact_Score | 10.000 |   5.900
     Temporal |   7.400 |    None

[*] CVSS v2 vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
[*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

[ Others ]
[*] Vulnerable Products [55] :
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1e:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u1g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u2g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3k:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.5:u3n:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3b:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3f:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3g:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3j:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1c:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u1d:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3l:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:7.0:u2a:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:vcenter_server:6.7:u3m:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*

[ CVE Malware Family Info : None ]

[ CVE History : CVE-2021-21986 ]
[*] ID              : 2931039
[*] Vuln Risk Score : 37
[*] History         : 3

   [**] changed_at : 2021-05-26T04:13:12.000Z
   [**]       from : 25
   [**]         to : 30

   [**] changed_at : 2021-05-27T04:16:24.000Z
   [**]       from : 30
   [**]         to : 44

   [**] changed_at : 2021-06-04T04:19:46.000Z
   [**]       from : 44
   [**]         to : 37

[ High_Profile_Vulnerability ]
[!!!]   CVE-2021-21985 (92.7286) : ['hpv_exploited', 'hpv_poc']
[!!!]   CVE-2021-21986 (37.0796) : []

** [5] threads completed [6 tasks] / [11.54 KB] within [4.85 sec].

Jun 15, 2021

4 alerts on Pivotal Software, Vmware

Tags: [cve], vmware

References changed for 4 CVE found at Pivotal software and VMware today. All of them are released by Oracle.

https://www.oracle.com/security-alerts/cpuApr2021.html

[*] Searching cve-[['2021-22112', '2020-5413', '2019-3773', '2020-5407']] vulnerability definitions within Kenna.VI+....

[ CVE Description ]
[*] CVE_ID : CVE-2021-22112
[_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

[_] C:2021-01-04 / P:2021-02-23 / L:2021-06-14
[*] Vuln Risk           : 31.4038
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0030% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 9.0 / 8.8 ]

[_] Vuln Products : [2]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2020-5413
[_] Desc   : Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious code for execution during deserialization. In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration should be proactive against blocking unknown "deserialization gadgets" when configuring Kryo in code.

[_] C:2020-01-03 / P:2020-07-31 / L:2021-06-14
[*] Vuln Risk           : 33.0384
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0297% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.5 / 9.8 ]

[_] Vuln Products : [2]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2019-3773
[_] Desc   : Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

[_] C:2019-01-21 / P:2019-01-18 / L:2021-06-14
[*] Vuln Risk           : 32.5156
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0463% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.5 / 9.8 ]

[_] Vuln Products : [2]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2020-5407
[_] Desc   : Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

[_] C:2020-01-03 / P:2020-05-13 / L:2021-06-14
[*] Vuln Risk           : 27.5046
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0117% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.5 / 8.8 ]

[_] Vuln Products : [1]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
[!!!]   CVE-2021-22112 (31.4038) : []
[!!!]    CVE-2020-5413 (33.0384) : []
[!!!]    CVE-2019-3773 (32.5156) : []
[!!!]    CVE-2020-5407 (27.5046) : []

** [5] threads completed [8 tasks] / [8.59 KB] within [10.65 sec].

Jun 11, 2021

CSRF vulnerability in springframework-social

Tags: [cve], XSRF

A new vulnerable product has been added to an old CSRF vulnerability.

[*] Searching cve-[['2015-5258']] vulnerability definitions within Kenna.VI+....

[ CVE Description ]
[*] CVE_ID : CVE-2015-5258
[_] Desc   : Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.

[ Kenna.VM Summary ]
[*] Vuln Risk              : 29.1449
[*] Easily_Exploit         : False
[*] Malware_Exploit        : False
[*] Popular_Target         : False
[*] Active_Internet_Breach : False

[ Kenna.VI+ ]
[*] Successful_Exploitations : 0
[*] Velocity (D/W/M)          : 0/0/0
[*] Daily_Trend               : holding
[*] Pre_NVD                   : True [_FALSE_]
[*] RCE                       : True [_FALSE_]
[*] Predicted_Exploitable     : 0 (4.3718% confidence)

[ Kenna.VI+ Details ]
[_] Created_at    : 2016-05-25T23:17:59Z
[_] Published     : 2017-08-22T18:29:00Z
[_] Last_Modified : 2021-06-09T16:20:00Z

[ Links / References ]
[*] Malware sample : 0
[_] Exploits/POC [0]:
     [ --> ] None
[_] Fixes [1]:
     [ --> ] external_id : 124732
     [ --> ]          url : https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177420.html
     [ --> ]      product : None
     [ --> ] published_at : 2016-02-18T12:10:45Z

[_] Threat Actors [0]:
     [ --> ] None

[ CVSS2 / CVSS3 Details ]

                | Impact |   |                | CVSS_Access
================+=========+===+================+==============
   Availability | Partial |   |     Complexity | Medium
Confidentiality | Partial |   |         Vector | Network
      Integrity | Partial |   | Authentication | None required

              | CVSS_V2 | CVSS_V3
==============+=========+========
   Base Score |   6.800 |   8.800
Exploit_Score |   8.600 |   2.800
Impact_Score |   6.400 |   5.900
     Temporal |   5.000 |    None

[*] CVSS v2 vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
[*] CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

[ Others ]
[*] Vulnerable Products [2] :
     [ --> ] cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
     [ --> ] cpe:2.3:a:vmware:spring_social:*:*:*:*:*:*:*:*

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
[!!!]    CVE-2015-5258 (29.1449) : []

** [5] threads completed [2 tasks] / [1.64 KB] within [2.00 sec].

Jun 10, 2021

June 2021Patch Tuesday

Tags: [cve], PatchTuesday

Microsoft patched 49 CVEs in its June 2021 Patch Tuesday release, including five CVEs rated as critical and 44 rated as important, and with six having been observed as exploited in the wild.

Below are the 9 highlighted CVEs and the associated vulnerability risk score.

[*] Searching cve-[['2021-31955', '2021-31956', '2021-33742', '2021-22741', '2021-31939', '2021-33739', '2021-31983', '2021-31946', '2021-31945']] vulnerability definitions within Kenna.VI+....

[ CVE Description ]
[*] CVE_ID : CVE-2021-31955
[_] Desc   : Windows Kernel Information Disclosure Vulnerability

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
[*] Vuln Risk           : 12.2402
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/1.8670% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [2]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 2.1 / 5.5 ]

[_] Vuln Products : [8]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-31956
[_] Desc   : Windows NTFS Elevation of Privilege Vulnerability

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-09
[*] Vuln Risk           : 29.6732
[*] Exploited [trend]   : 3 [up]    [Pre_NVD]
[_] Exploit/likehood    : False/3.6829% confidence

[*] Malware sample : 1
[*] Exploits/POC   : [1]
[_] Fixes          : [2]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.8 / 7.8 ]

[_] Vuln Products : [0]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-33742
[_] Desc   : Windows MSHTML Platform Remote Code Execution Vulnerability

[_] C:2021-05-28 / P:2021-06-08 / L:2021-06-09
[*] Vuln Risk           : 26.5204
[*] Exploited [trend]   : 0 [holding] [RCE]
[_] Exploit/likehood    : False/3.7964% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [2]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.6 / 7.5 ]

[_] Vuln Products : [0]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-22741
[_] Desc   : Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available. Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Note that “.sde” configuration export files do not contain user account password hashes.

[_] C:2021-01-06 / P:2021-05-26 / L:2021-06-07
[*] Vuln Risk           : 16.6911
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0253% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 4.6 / 6.7 ]

[_] Vuln Products : [3]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-31939
[_] Desc   : Microsoft Excel Remote Code Execution Vulnerability

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
[*] Vuln Risk           : 32.6405
[*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
[_] Exploit/likehood    : False/13.8740% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [3]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.2 / 7.8 ]

[_] Vuln Products : [0]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-33739
[_] Desc   : Microsoft DWM Core Library Elevation of Privilege Vulnerability

[_] C:2021-05-28 / P:2021-06-08 / L:2021-06-09
[*] Vuln Risk           : 22.4403
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/4.4376% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [2]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.2 / 8.4 ]

[_] Vuln Products : [0]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-31983
[_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31946.

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
[*] Vuln Risk           : 32.6405
[*] Exploited [trend]   : 0 [holding]    [Pre_NVD]
[_] Exploit/likehood    : False/33.2174% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.2 / 7.8 ]

[_] Vuln Products : [0]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-31946
[_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31945, CVE-2021-31983.

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
[*] Vuln Risk           : 32.6405
[*] Exploited [trend]   : 0 [holding] [RCE]
[_] Exploit/likehood    : False/29.5867% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.8 / 6.6 ]

[_] Vuln Products : [1]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2021-31945
[_] Desc   : Paint 3D Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31946, CVE-2021-31983.

[_] C:2021-05-01 / P:2021-06-08 / L:2021-06-10
[*] Vuln Risk           : 32.6405
[*] Exploited [trend]   : 0 [holding] [RCE]
[_] Exploit/likehood    : False/29.5867% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.8 / 6.6 ]

[_] Vuln Products : [1]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
[!!!]   CVE-2021-31955 (12.2402) : []
[!!!]   CVE-2021-31956 (29.6732) : ['hpv_exploited', 'hpv_malware', 'hpv_poc']
[!!!]   CVE-2021-33742 (26.5204) : []
[!!!]   CVE-2021-22741 (16.6911) : []
[!!!]   CVE-2021-31939 (32.6405) : []
[!!!]   CVE-2021-33739 (22.4403) : []
[!!!]   CVE-2021-31983 (32.6405) : []
[!!!]   CVE-2021-31946 (32.6405) : []
[!!!]   CVE-2021-31945 (32.6405) : []

** [5] threads completed [18 tasks] / [15.59 KB] within [9.76 sec].

Jun 9, 2021

3 Alerts on Pivotal Software, Vmware

Tags: [cve]

There are 3 updates (CPE changes) on Pivotal Software, Vmware today.

[*] Searching cve-[['2021-22112', '2014-3527', '2017-4995', '2021-22112']] vulnerability definitions within Kenna.VI+....

[ CVE Description ]
[*] CVE_ID : CVE-2021-22112
[_] Desc   : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.

[_] C:2021-01-04 / P:2021-02-23 / L:2021-06-08
[*] Vuln Risk           : 31.4038
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/0.0030% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 9.0 / 8.8 ]

[_] Vuln Products : [2]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2014-3527
[_] Desc   : When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.

[_] C:2015-05-21 / P:2017-05-25 / L:2021-06-08
[*] Vuln Risk           : 32.8126
[*] Exploited [trend]   : 0 [holding]
[_] Exploit/likehood    : False/1.0277% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [1]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 7.5 / 9.8 ]

[_] Vuln Products : [10]

[ CVE Malware Family Info : None ]

[ CVE Description ]
[*] CVE_ID : CVE-2017-4995
[_] Desc   : An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.

[_] C:2017-11-28 / P:2017-11-27 / L:2021-06-08
[*] Vuln Risk           : 29.3175
[*] Exploited [trend]   : 0 [holding] [RCE]
[_] Exploit/likehood    : False/5.8683% confidence

[*] Malware sample : 0
[*] Exploits/POC   : [0]
[_] Fixes          : [0]
[_] Threat Actors : [0]
[_] CVSS2 / CVSS3 : [ 6.8 / 8.1 ]

[_] Vuln Products : [4]

[ CVE Malware Family Info : None ]

[ High_Profile_Vulnerability ]
[!!!]   CVE-2021-22112 (31.4038) : []
[!!!]    CVE-2014-3527 (32.8126) : []
[!!!]    CVE-2017-4995 (29.3175) : []

** [5] threads completed [6 tasks] / [9.54 KB] within [3.85 sec].

Pages