[월:] 2020년 11월

CVE-2020-27688

Posted on by admin

CVE-2020-27688

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

Source: CVE-2020-27688

CVE-2020-24849

Posted on by admin

CVE-2020-24849

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.

Source: CVE-2020-24849

CVE-2020-15952

Posted on by admin

CVE-2020-15952

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.

Source: CVE-2020-15952

CVE-2020-15951

Posted on by admin

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials.

Source: CVE-2020-15951