Rewterz Threat Alert – BRATA Is the Banking Trojan To Look Out For
April 14, 2021Rewterz Threat Advisory – CVE-2021-1450 – Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
April 15, 2021Rewterz Threat Alert – BRATA Is the Banking Trojan To Look Out For
April 14, 2021Rewterz Threat Advisory – CVE-2021-1450 – Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
April 15, 2021Severity
Medium
Analysis Summary
CVE-2021-28460
The Microsoft Azure Sphere allows a local attacker to run arbitrary codes on the system. The attack vector of the vulnerability is local, and an attacker can exploit the vulnerability using a specially-crafted program that executes arbitrary codes on the victim’s server.
CVE-2021-28459
The Microsoft Azure DevOps Server vulnerability allows an attacker to conduct spoofing attacks on the victim’s system. The vulnerability could be exploited to cause a negative impact on integrity. The collection settings, with the process template function, allows uploading of a ZIP file on the system.
Impact
- Arbitrary code execution
- Spoofing
Affected Vendors
Microsoft
Affected Products
- Microsoft Azure Sphere
- Microsoft Azure DevOps Server 2020.0.1
Remediation
Download the latest patches for the affected products at https://docs.microsoft.com/en-us/azure/devops/server/release-notes/azuredevops2020?view=azure-devops&branch=releasenotes%2Fmarchpatch#azure-devops-server-202001-patch-2-release-date-march-9-202