SOTTO ATTACCO?
POSSIAMO AIUTARTI

Security Advisory: Oracle BI Publisher – Unauthenticated Remote Code Execution

Introduction In the course of a penetration test, performed under contract and conducted on a PaaS OAC instance of one of our customers, the researcher Davide Virruso, from the Offensive Security Team of Tinexta Cyber, identified the following four vulnerabilities: Advisory Vulnerabilities – CVE-2024-21082 – Authentication Bypass in XML Service – CWE-304 CVE-2024-21082 – Authentication […]

Security Advisory: Full Disclosure Cisco ISE Cross Site Scripting

Introduction In July 2022 the Tinexta Cyber advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Security Advisory: Full Disclosure Cisco ISE Multiple Vulnerabilities RCE with 1-Click

Introduction Initially three vulnerabilities were discovered, which are described here: Advisory Vulnerabilities CVE-2022-20964 – Command Injection – CWE-78 CVE-2022-20964 – Command Injection – CWE-78 PRODUCT LINE VERSION SCORE IMPACT Cisco Identity Services Engine 2.7 < 3.2 P1 CNA: 6.3NIST: 8.8 High OWASP CATEGORY OWASP CONTROL A03 – Injection WSTG-INPV-12 AFFECTED ENDPOINT – AFFACTED PARAMETER https://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/Starthttps://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/DeleteFile […]

CVE Advisory – Full Disclosure Cisco ISE Broken Access Control

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine – 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one’s own network and not only, it allows the implementation and application in a dynamic and automated way of security and ‘management’ policies, simplifying […]

Security Advisory: Full Disclosure Cisco ISE Path Traversal

Introduction In July 2022 the Tinexta Cyber advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Security Advisory: Partial Disclosure Zumtobel Multiple Vulnerabilities

Introduction The vulnerability has been found during a security assessment on Netlink CCD Onboard version 3.74 and Firmware version 3.80.The Netlink CCD is an IoT control device with 3 DALI-compliant outputs and one LM-Bus interface for open-loop control of maximum 250 luminaires and motors. It can be operated locally or by using an external litenet […]

Cyber Incident Emergency Contact

Contact us for immediate support

Abilita JavaScript nel browser per completare questo modulo.
Accettazione GDPR