Entries by Hans-Petter Fjeld

CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability

Published: 2020-10-13MITRE CVE-2020-16891 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.” This is especially bad for “hotel” environment with multiple different tenants that should not be able to influence each other, but it is also bad […]

CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability

Published: 2020-10-13MITRE CVE-2020-16898 “A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets.” This vulnerability affects Windows 10, Server 2019 and Server Core versions (see full Security Advisory for proper details). It can be mitigated by disabling a network feature or blocking ICMPv6 Router Advertisement packets. Basefarm and […]

Check your Exchange for ongoing leaks

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT) Currently the biggest exposure to threats in the cyber domain is presented via mail. Phishing attacks tricks out the credentials for legitimate users and then gain access to the mail account, and some actors […]

CVE-2020-10713 – GRUB 2 boot loader buffer overflow – aka BootHole

Published: 2020-07-29MITRE CVE-2020-10713 GRUB 2 is a “boot loader”, it precedes the actual operating system and allows for multiple options in what operating system to load and with what parameters given. An attacker with administrative privileges on a system, or physical access, can use this vulnerability to bypass the check of cryptographic signatures and run […]

CVE-2020-5902 F5 Big-IP – K52145254: TMUI RCE vulnerability

Published: 2020-07-01MITRE CVE-2020-5902 “The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.” “This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create […]

CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service

Published: 2020-06-25MITRE CVE-2020-11996 “A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.” CVSS Base score: 7.5 (or 5.9 if Attack Complexity turns out to be High)CVSS Temporal Score: 6.5 as of […]

Aerospace and military companies in the crosshairs

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT) ESET researchers are warning about targeted phishing attacks agains high-profile aerospace and military companies in Europe. The attacker will approach individual personnel about possible job vacancies, some file-sharing then commences with the pretense of […]