Adeline Zhang

Multiple Vulnerabilities in Cisco Products

setembro 6, 2018

Cisco has released 30 security advisories on 5 September 2018 to address vulnerabilities affecting multiple products. Three of them are critical. Reference link: https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities Vulnerability Description CVE-2018-11776 – Apache Struts Remote Code Execution Vulnerability Affecting Cisco Products (Critical) A vulnerability in Apache Struts could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. […]

Technical Analysis and Solution | Apache Struts 2 Remote Code Execution Vulnerability (S2-057)

agosto 27, 2018

On August 22, 2018, Beijing time, Apache Software Foundation (ASF) released a security bulletin, announcing a remote code execution vulnerability (CVE-2018-11776, CNVD-2018-15894, or CNNVD-201808-740) in Apache Struts 2. This vulnerability exists in either of the following cases: The namespace value is not set for a result defined in underlying XML configurations. Also, upper action configurations […]

Apache Struts 2 Remote Code Execution Vulnerability

agosto 24, 2018

Tag:   Apache Struts2, CVE-2018-11776, Remote Code Execution, S2-057 Severity:Critical This vulnerability can lead to remote code execution. PoC has been made publicly available and may lead to significant, extensive impact. Description On August 22, Apache disclosed a remote code execution (RCE) vulnerability that has been asigned the CVE number CVE-2018-11776.  This vulnerability could be triggered […]

Multiple Vulnerabilities Found in Emerson DeltaV DSC Workstatios

agosto 22, 2018

Emerson DeltaV DCS Workstations fixed several vulnerabilities recently, including path traversal, privilege escalation, stack-based buffer overflow, etc. The highest CVSS 3.0 base score is 9.6. Emerson has released patches to address these problems. For detailed information, please visit: https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01 Description CVE-2018-14797 CVSS v3: 8.2 A specially crafted DLL file may be placed in the search […]

WECON LeviStudioU Stack-based and Heap-based Buffer Overflow Vulnerabilities

agosto 14, 2018

According to a report with NCCIC on August 13, two vulnerabilities were found in WECON LeviStudioU. They are stack-based buffer overflow vulnerability (CVE-2018-10602) and heap-based buffer overflow vulnerability (CVE-2018-10606). NSFOCUS security team and Ghirmay Desta worked with Mat Powell of Trend Micro’s Zero Day Initiative to report these vulnerabilities to NCCIC. Successful exploitation of these […]

Multiple Vulnerabilities Disclosed in Samsung SmartThings Hub

agosto 14, 2018

Talos published multiple vulnerabilities related to Samsung SmartThings Hub recently including many critical vulnerabilities such as demand injection and remote code execution. CVSS v3 base score of 9.9 was assigned to many of these vulnerabilities. For details, please refer to: https://www.talosintelligence.com/vulnerability_reports/#disclosed Vulnerability Description Vulnerability CVE ID CVSS Score Samsung SmartThings Hub video-core camera update code execution vulnerabilities […]

NSFOCUS Achieves ISO 20000 Standard

agosto 13, 2018

SANTA CLARA, Calif., August 13, 2018 – NSFOCUS, a leader in holistic hybrid security solutions, announced today that it has achieved the ISO 20000 service management system standard. This standard ensures that the company has IT best practices in place for internal and external collaboration, information communication, and performance, while also providing next-level customer service […]

Brief Analysis and Solution | Virus Infection Shuts Down TSMC Factories

agosto 13, 2018

Taiwan Semiconductor Manufacturing Company (TSMC) is the world’s largest dedicated semiconductor and processor manufactor, manufacturing processors and other chips for the world’s largest science and technology companies including Apple, AMD, NVDIA and Qualcomm. In the evening of August 3, 2018, Beijing time, a technician’s improper operation during software installation caused the virus infection in the […]

Davolink DVW-3200N Vulnerability

agosto 3, 2018

A critical vulnerability in Davolink DVW-3200N was disclosed on July 31. CVE-2018-10618 has been assigned to this vulnerability and the CVSS v3 base score is 9.8. This device generates a weak password hash that is easy to crack, allowing a remote attacker to gain access to the device. Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-212-01 Affected Versions DVW-3200N version < […]

Weblogic Remote Code Execution Vulnerability

julho 31, 2018

  Oracle Critical Patch Update (CPU) Advisory was released on July 17. In this advisory, Oracle addressed a Weblogic deserialization problem (CVE-2018-2628) that disclosed in April but not completely fixed. The new CVE ID for the Weblogic vulnerability this time is CVE-2018-2893. Basic Scores (CVSS Version 3.0 Risk):9.8 You can refer to the technical analysis […]

Search

Inscreva-se no Blog da NSFOCUS