Search
Send enquiry

Author: Berater

Vulnerability in Kiteworks OwnCloud (CVE-2023-7273)

Posted on by Berater
Search
Send enquiry
  • Advisories

Vulnerability in Kiteworks OwnCloud (CVE-2023-7273)

OwnCloud offers file sharing and collaboration.

Bug
Timeline

CVE-2023-7273: Cross Site Request Forgery

If a request has no Authorization header, it is created with an empty string as value by a rewrite rule. The CSRF check is done by comparing the header value to null, meaning that the existing CSRF check is bypassed in this case. An attacker can, for example, create a new administrator account if the request is executed in the browser of an authenticated victim.

The vulnerability was acknowledged and fixed by OwnCloud within 4 weeks. We like to thank OwnCloud for the good cooperation and the fixing of the vulnerability.

CVSS Score
6.8 (CVSS v3) 

CVSS Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Version
Versions ≤ 10.12

Fixed Version
10.13 with the fix.

References
https://hackerone.com/reports/2041007

Credits
Pascal Geuter

Timeline

2023-06-28

Vulnerability was found and report was submitted via HackerOne.

2023-07-03

Vulnerability triaged by OwnCloud.

2023-07-12

Vulnerability resolved.

2023-08-22

Release of version 10.13.

2023-11-05

Report was disclosed via HackerOne.

Do you want to protect your systems? Feel free to get in touch with us.
Send Enquiry
Contact Details

Vulnerability in VMware Workstation (CVE-2023-20854)

Posted on by Berater
Search
Send enquiry
  • Advisories

Vulnerability in VMware Workstation (CVE-2023-20854)

VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.

During research, a vulnerability was found in the Windows installation packages of VMware Workstation Player and VMware Workstation Pro. The vulnerability was reported to the manufacturer.

Bug
Timeline

Arbitrary File Deletion

Insecure operations are performed in the repair feature of the installation package, which allows an unprivileged local attacker to delete almost arbitrary files on the system. Carrying out a targeted deletion of dependencies in the VMware Workstation installation makes it possible for an attacker to obtain system privileges and execute arbitrary code. Both VMware Workstation Player and VMware Workstation Pro are affected by this vulnerability.

VMware has summarized the vulnerability in the two installation packages under the reference VMSA-2023-0003 [1] and registered it as CVE-2023-20854.

Affected Versions
VMware Workstation before version 17.0.1

Mitigations
The vulnerability can be fixed by updating to version 17.0.1 of VMware Workstation Player or VMware Workstation Pro.

References
[1] https://www.vmware.com/security/advisories/VMSA-2023-0003.html

Credits
Frederik Reiter (cirosec GmbH)

Timeline

2022-09-26

Initial disclosure of the vulnerability to the vendor

2022-09-28

First response from the vendor and providing the vendor with further information about the vulnerability

2022-10-17

Vendor confirmed the vulnerability

2023-02-03

Patch is published, and CVE-2023-20854 is assigned

Do you want to protect your systems? Feel free to get in touch with us.
Send Enquiry
Contact Details

Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)

Posted on by Berater
Search
Send enquiry
  • Advisories

Vulnerability in Remote Access Software from RealVNC (CVE-2022-41975)

During research, cirosec found a vulnerability in the remote access software from RealVNC.

RealVNC’s remote access and support solution Connect allows accessing and managing devices from anywhere. To access a device, the VNC Viewer software establishes a connection to the VNC server application, which is installed on the system that is to be managed.

The vulnerability identified is located in the Windows installation packages of VNC Viewer and VNC Server and was immediately reported to the manufacturer.

Bug
Timeline

Local Privilege Escalation

The repair feature in the corresponding Windows installer for VNC Viewer and VNC Server can be used by an unprivileged attacker to cause insecure operations. Skillfully redirecting these operations allows an attacker to obtain system privileges.

The vulnerability in the two installation packages was summarized under the reference CVE-2022-41975. [1]

CVSS Score
7.8 (CVSS v3) – https://nvd.nist.gov/vuln/detail/CVE-2022-41975

CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions
RealVNC VNC Server, version 5.1.0 to 6.10.1
RealVNC VNC Viewer, version 5.1.0 to 6.22.515

Mitigations
The vulnerability can be fixed by updating to VNC Server version 6.11 and VNC Viewer version 6.22.826.

References
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-41975

Credits
Jan-Luca Gruber (cirosec GmbH)

Timeline

2022-09-11

Initial disclosure of the vulnerability to the vendor

2022-09-12

First response from the vendor

2022-09-15

Vendor confirmed the vulnerability and informed us about planned patches and CVE request

2022-09-30

Patches are published, and a CVE is assigned

Do you want to protect your systems? Feel free to get in touch with us.
Send Enquiry
Contact Details
Search
Search