NEWS & EVENTS

SERVICES

An onthology represents an important resource for the organisation of a domain's knowledge in a more detailed way by...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

LATEST CVE

Published Description
CVE-2020-10634
05-05-2020 21:15:00
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
CVE-2020-10859
05-05-2020 21:15:00
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
CVE-2020-12144
05-05-2020 20:15:00
Details The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. Product affected All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable Resolution • Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Cloud Portal. After the changes, EdgeConnect will validate the certificate used to identify the Silver Peak Cloud Portal to EdgeConnect. • TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration • Do not change Cloud Portal’s IP address as discovered by the EdgeConnect appliance. • Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. • In Orchestrator, enable the “Verify Portal Certificate” option under Advanced Security Settings.
CVE-2020-12142
05-05-2020 20:15:00
a. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. b. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. Resolution • EdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. • EdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security. Any required configuration Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. 8. Product affected All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ Silver Peak Products Applicability Unity EdgeConnect, NX, VX Applicable Unity Orchestrator Applicable EdgeConnect in AWS, Azure, GCP Applicable Silver Peak Cloud Services Not Applicable
CVE-2020-12143
05-05-2020 20:15:00
Summary - The certificate used to identify Orchestrator to EdgeConnect devices is not validated Details: The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. Product affected - All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+ 1. Silver Peak product(s) Applicability 2. Unity EdgeConnect, NX, VX Applicable 3. Unity Orchestrator Applicable 4. EdgeConnect in AWS, Azure, GCP Applicable 5. Silver Peak Cloud Services Not Applicable Resolution • Changes have been made to strengthen the initial exchange between the EdgeConnect appliance and the Orchestrator. After the changes, EdgeConnect will validate the certificate used to identify the Orchestrator to EdgeConnect. • TLS itself is continually subject to newly discovered and exploitable vulnerabilities. As such, all versions of EdgeConnect software implement additional out-of-band and user-controlled authentication mechanisms. Any required configuration • Do not change Orchestrator’s IP address as discovered by the EdgeConnect appliance. • Upgrade to Silver Peak Unity ECOS™ 8.3.2+ or 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+. • In Orchestrator, enable the “Verify Orchestrator Certificate” option under Advanced Security Settings.

Pages

LATEST EXPLOIT

Date Title Platform Author
30-10-2018
Expense Management 1.0 - Arbitrary File Upload php Ihsan Sencan
30-10-2018
MyBB Downloads 2.0.3 - SQL Injection php Lucian Ioan Nitescu
30-10-2018
SIPp 3.3.990 - Local Buffer Overflow (PoC) linux Nawaf Alkeraithe
30-10-2018
Any Sound Recorder 2.93 - Buffer Overflow Local (SEH) (Metasploit) windows d3ckx1
30-10-2018
Electricks eCommerce 1.0 - 'prodid' SQL Injection php Ihsan Sencan

Pages