Rewterz Threat Alert – Gamaredon APT Using COVID-19 Lures
April 23, 2020Rewterz Threat Alert – Nanocore RAT- IOC’s
April 24, 2020Rewterz Threat Alert – Gamaredon APT Using COVID-19 Lures
April 23, 2020Rewterz Threat Alert – Nanocore RAT- IOC’s
April 24, 2020Severity
High
Analysis Summary
CVE-2018-4061
A specially crafted authenticated HTTP request can inject arbitrary commands, resulting in remote code execution.
CVE-2018-4062
Activating SNMPD outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user. An attacker can activate SNMPD without any configuration changes to trigger this vulnerability.
CVE-2018-4063
A specially crafted authenticated HTTP request can upload a file, resulting in an executable, routable code upload to the web server.
CVE-2018-4065
A specially crafted HTTP ping request can cause reflected JavaScript to be executed and run on the user’s browser. An attacker can exploit this by convincing a user to click a link or embedded URL that redirects to the reflected cross-site scripting vulnerability.
CVE-2018-4066
A specially crafted HTTP request can cause an authenticated user to perform privileged requests unknowingly, resulting in unauthenticated requests through an authenticated user. Triggering this vulnerability may allow an attacker access to authenticated pages via an authenticated user.
CVE-2018-4067
A specially crafted authenticated HTTP request can cause an information leak, resulting in the disclosure of internal file paths.
CVE-2018-4069
The ACEManager authentication functionality is delivered in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device, which may allow access to credentials.
Impact
- OS Command Injection
- Use of Hard-coded Credentials
- Unrestricted Upload of File with Dangerous Type
- Cross-site Scripting
- Cross-site Request Forgery
- Information Exposure
- Missing Encryption of Sensitive Data
Affected Vendors
Sierra Wireless
Affected Products
AirLink ALEOS
Remediation
Refer to ICS advisory for the list of affected products and upgraded patches.