Category: Attack Blogs | Page 4

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive

January 23, 2024 | Attack Blogs

On January 22, 2024 Fortra posted a security advisory for their GoAnywhere MFT product. This advisory details an authentication bypass vulnerability, CVE-2024-0204, that allows an unauthenticated attacker to create an administrative user for the application. Customers were made aware of the issue by an internal security advisory post and patch made available on December 4, 2023, in which researchers malcolm0x...

Writeup for CVE-2023-43208: NextGen Mirth Connect Pre-Auth RCE

January 12, 2024 | Attack Blogs, Disclosures

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability

January 12, 2024 | Attack Blogs, Disclosures

Introduction Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this vulnerability to download and delete arbitrary files, and in certain common configurations upload files, leading to remote code execution. This vulnerability was patched in PaperCut version 22.1.3 in July 2023. This...

Cisco IOS XE CVE-2023-20198: Deep Dive and POC

October 30, 2023 | Attack Blogs

Introduction This post is a follow up to https://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/. Previously, we explored the patch for CVE-2023-20273 and CVE-2023-20198 affecting Cisco IOS XE and identified some likely vectors an attacker might have used to exploit these vulnerabilities. Now, thanks to SECUINFRA FALCON TEAM’s honeypot, we have further insight into these vulnerabilities. POC See below for an example request that bypasses authentication...

Cisco IOS XE CVE-2023-20198 and CVE-2023-20273: WebUI Internals, Patch Diffs, and Theory Crafting

October 25, 2023 | Attack Blogs

Introduction There has been a lot of news around the recent Cisco IOS XE vulnerabilities CVE-2023-20198 and CVE-2023-2073. Information about this vulnerability was first published by Cisco on October 16th, 2023, and since then we have seen evidence of mass exploitation and implantation. In this post we share our technical insights so far into these vulnerabilities. Cisco IOS XE Architecture...

NextGen Mirth Connect Remote Code Execution Vulnerability (CVE-2023-43208)

October 25, 2023 | Attack Blogs, Disclosures

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability, CVE-2023-43208. If you’re a user of Mirth Connect, you’ll want to upgrade to the latest patch release, 4.4.1, as of this writing.

Security Strategies

Industry Insights

Attack Research

Attack Content

Security Strategies

Industry Insights

Attack Research

Attack Content

Attack Blogs

Filters

How can NodeZero help you?