Rewterz Threat Alert – APT C-23 Highly Active
December 1, 2020Rewterz Threat Alert – Microsoft Outlook Web Phishing
December 1, 2020Rewterz Threat Alert – APT C-23 Highly Active
December 1, 2020Rewterz Threat Alert – Microsoft Outlook Web Phishing
December 1, 2020Severity
High
Analysis Summary
Apache NiFi could allow a remote attacker to execute arbitrary code on the system, caused by improper access control by the NiFi API. By sending a specially-crafted request to create an ExecuteProcess processor, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Remote code execution
Affected Vendors
Apache
Affected Products
Apache NiFi 1.12.1
Remediation
Refer to POC for more insights.
https://packetstormsecurity.com/files/160260/Apache-NiFi-API-Remote-Code-Execution.html