Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 25, 2023Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]March 25, 2023Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]March 24, 2023Severity Medium Analysis Summary CVE-2023-20113 Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – KONNI APT Group
July 30, 2021Rewterz Threat Advisory –IBM Guardium Data Encryption Vulnerability
July 30, 2021
Severity
High
Analysis Summary
The following CVEs are being actively exploited in wild by threat actors. Immediate action is suggested.
CVE-2021-26855
A server-side request forgery (SSRF) vulnerability in Exchange Server
CVE-2021-26857:
An insecure deserialization vulnerability in the Unified Messaging service
CVE-2021-26858:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-27065:
A post-authentication arbitrary file write vulnerability in Exchange
CVE-2021-22893:
The Zero-day Pulse Connect Secure authentication bypass vulnerability allows an attacker to run an arbitrary code on the Pulse Connect Secure Gateway. A remote, unauthenticated attacker can send a specially crafted HTTP request to the victim to exploit the vulnerability and gain access to the target system.
CVE-2021-22894:
Pulse Connect Secure is vulnerable to a buffer overflow, caused by improper bounds checking. By persuading a victim to connect to a maliciously-crafted meeting room, a remote authenticated attacker could overflow a buffer and execute arbitrary code with root privileges on the system.
CVE-2021-22899:
Pulse Connect Secure could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injectionflaw. By using Windows Resource Profiles Feature, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-22900:
Pulse Connect Secure could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions by the administrator web interface. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2021-27101:
Accellion File Transfer Appliance is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the document_root.html script using a specially crafted Host header, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-27102:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By using a local web service call, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-27103:
Accellion File Transfer Appliance is vulnerable to server-side request forgery. By sending a request with a specially-crafted POST request to wmProgressstat.html, an attacker could exploit this vulnerability to conduct an SSRF attack.
CVE-2021-27104:
Accellion File Transfer Appliance could allow a remote attacker to execute arbitrary commands on the system. By sending a specially crafted POST request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2021-21985:
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in the vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server
Impact
- Data Manipulation
- Remote Code Execution
- Data Breach
- Unauthorized Access
Affected Vendors
Microsoft
Pulse Secure
VMware
Acellion
Affected Products
- Microsoft Exchange Server 2013
- Microsoft Exchange Server 2016
- Microsoft Exchange Server 2019
- Pulse Connect Secure 9.1RX
- Pulse Connect Secure 9.0RX
- VMware vCenter Server (vCenter Server)
- VMware Cloud Foundation (Cloud Foundation)
- Pulse Secure Pulse Connect Secure 9.0R3
- Pulse Secure Pulse Connect Secure 9.0RX
- Pulse Secure Pulse Connect Secure 9.1RX
- Pulse Secure Pulse Connect Secure 9.1R1
- Accellion File Transfer Appliance 9_12_370
Remediation
Refer to CISA advisory from more update affected product and their respective patches