Rewterz Threat Alert – Emotet Malware Using Extortion Templates and Installing Additional Malware
January 21, 2020Rewterz Threat Alert – Linux Rekoobe Malware is Back
January 22, 2020Rewterz Threat Alert – Emotet Malware Using Extortion Templates and Installing Additional Malware
January 21, 2020Rewterz Threat Alert – Linux Rekoobe Malware is Back
January 22, 2020Severity
High
Analysis Summary
CVE-2020-6960
A SQL injection vulnerability exists that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges.
CVE-2020-6959
he affected products are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution.
Impact
- SQL Injection
- Deserialization of Untrusted Data
- Remote code execution
- Privilege escaltion
Affected Vendors
Honeywell
Affected Products
MAXPRO VMS & NVR
Remediation
Please refer to ICS advisory for the list of affected products and updated patches.