Posts tagged Vulnerability Disclosure

17 min Vulnerability Disclosure

R7-2016-23, R7-2016-26, R7-2016-27: Multiple Home Security Vulnerabilities

Executive Summary In October of 2016, former Rapid7 researcher Phil Bosco [https://twitter.com/secillusion] discovered a number of relatively low-risk vulnerabilities and issues involving home security systems that are common throughout the United States, and which have significant WiFi or Ethernet capabilities. The three systems tested were offerings from Comcast XFINITY, ADT, and AT&T Digital Life, and the issues discovered ranged from an apparent "fail open" condition on the external door and

Read Full Post

1 min Vulnerability Disclosure

On the lookout for Intel AMT CVE-2017-5689

We've had some inquiries about checks for CVE-2017-5689, a vulnerability affecting Intel AMT devices. On May 5th, 2017, we released a potential vulnerability check that can help identify assets that may be vulnerable. We initially ran into issues with trying to determine the exact version of the firmware remotely, and so a potential check was released so that you would still be able to identify devices that may be impacted by this. We didn't stop there though. As part of yesterday's Nexpose rel

Read Full Post

3 min Vulnerability Disclosure

R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)

Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application usernames, passwords, and PINs via a log transmission feature. This feature was introduced in version 3.9.4 on December 8, 2016, and removed by Hyundai on March 6, 2017 with the release of version 3.9.6. Affec

Read Full Post

4 min Public Policy

Rapid7 urges NIST and NTIA to promote coordinated disclosure processes

Rapid7 has long been a champion of coordinated vulnerability disclosure and handling processes as they play a critical role in both strengthening risk management practices and protecting security researchers. We not only use coordinated disclosure processes in our own vulnerability disclosure [https://www.rapid7.com/security/disclosure/] and receiving activities, but also advocate for broader adoption in industry and in government policies. Building on this, we recently joined forces with other

Read Full Post

6 min Vulnerability Disclosure

R7-2016-28: Multiple Eview EV-07S GPS Tracker Vulnerabilities

Seven issues were identified with the Eview EV-07S GPS tracker, which can allow an unauthenticated attacker to identify deployed devices, remotely reset devices, learn GPS location data, and modify GPS data. Those issues are briefly summarized on the table below. These issues were discovered by Deral Heiland of Rapid7, Inc., and this advisory was prepared in accordance with Rapid7's disclosure policy. Vulnerability DescriptionR7 IDCVEExploit VectorUnauthenticated remote factory resetR7-2016-28

Read Full Post

1 min Application Security

Apache Struts Vulnerability (CVE-2017-5638) Protection: Scanning with Nexpose

On March 9th, 2017 we highlighted the availability of a vulnerability check in Nexpose for CVE-2017-5638 [https://rapid7.com/db/modules/exploit/multi/http/struts2_content_type_ognl] – see the full blog post describing the Apache Struts vulnerability here [/2017/03/09/apache-jakarta-vulnerability-attacks-in-the-wild]. This check would be performed against the root URI of any HTTP/S endpoints discovered during a scan. On March 10th, 2017 we added an additional check that would work in conjunctio

Read Full Post

4 min Vulnerability Disclosure

R7-2017-01: Multiple Vulnerabilities in Double Robotics Telepresence Robot

This post describes three vulnerabilities in the Double Robotics Telepresence Robot ecosystem related to improper authentication, session fixation, and weak Bluetooth pairing. We would like to thank Double Robotics for their prompt acknowledgement of the vulnerabilities, and in addressing the ones that they considered serious. Two of the three vulnerabilities were patched via updates to Double Robotics servers on Mon, Jan 16, 2017. Credit These issues were discovered by Rapid7 researcher Deral

Read Full Post

4 min Vulnerability Disclosure

The Cloudflare (Cloudbleed) Proxy Service Vulnerability Explained

TL;DR This week a vulnerability was disclosed, which could result in sensitive data being leaked from websites using Cloudflare's proxy services. The vulnerability - referred to as "Cloudbleed" - does not affect Rapid7's solutions/services. This is a serious security issue, but it's not a catastrophe. Out of an abundance of caution, we recommend you reset your passwords, starting with your most important accounts (especially admin accounts). A reasonable dose of skepticism and prudence will go

Read Full Post

4 min Vulnerability Disclosure

R7-2016-24, OpenNMS Stored XSS via SNMP (CVE-2016-6555, CVE-2016-6556)

Stored server cross-site scripting (XSS) vulnerabilities in the web application component of OpenNMS [https://www.opennms.org/en] via the Simple Network Management Protocol (SNMP). Authentication is not required to exploit. Credit This issue was discovered by independent researcher Matthew Kienow [https://twitter.com/hacksforprofit], and reported by Rapid7. Products Affected The following versions were tested and successfully exploited: * OpenNMS version 18.0.0 * OpenNMS version 18.0.1 Ope

Read Full Post

2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] solution to not only push our unique risk scoring into ePO for analysis, but al

Read Full Post

11 min Vulnerability Disclosure

Multiple Bluetooth Low Energy (BLE) Tracker Vulnerabilities

Executive Summary While examining the functionality of three vendors' device tracker products, a number of issues surfaced that leak personally identifying geolocation data to unauthorized third parties. Attackers can leverage these vulnerabilities to locate individual users' devices, and in some cases, alter geolocation data for those devices. The table below briefly summarizes the twelve vulnerabilities identified across three products. VulnerabilityDeviceR7 IDCVECleartext PasswordTrackR Brav

Read Full Post

7 min Vulnerability Disclosure

R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump

Today we are announcing three vulnerabilities in the Animas OneTouch Ping insulin pump system, a popular pump with a blood glucose meter that services as a remote control via RF communication. Before we get into the technical details, we want to flag that we believe the risk of wide scale exploitation of these insulin pump vulnerabilities is relatively low, and we don't believe this is cause for panic. We recommend that users of the devices consult their healthcare providers before making major

Read Full Post

13 min Vulnerability Disclosure

Multiple Disclosures for Multiple Network Management Systems, Part 2

As you may recall, back in December Rapid7 disclosed six vulnerabilities [/2015/12/16/multiple-disclosures-for-multiple-network-management-systems] that affect four different Network Management System (NMS) products, discovered by Deral Heiland [https://twitter.com/percent_x] of Rapid7 and independent researcher Matthew Kienow [https://twitter.com/hacksforprofit]. In March, Deral followed up with another pair of vulnerabilities [/2016/03/17/r7-2016-02-multiple-vulnerabilities-in-mangeengine-opu

Read Full Post

8 min Vulnerability Disclosure

R7-2016-10: Multiple OSRAM SYLVANIA Osram Lightify Vulnerabilities (CVE-2016-5051 through 5059)

Nine issues affecting the Home or Pro versions of Osram LIGHTIFY were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the web management console, to operational command execution on the devices themselves without authentication. The issues are designated in the table below. At the time of this disclosure's publication, the vendor has indicated that all but the la

Read Full Post

2 min Vulnerability Disclosure

R7-2016-08: Seeking Alpha Mobile App Unencrypted Sensitive Information Disclosure

Due to a lack of encryption in communication with the associated web services, the Seeking Alpha [http://seekingalpha.com] mobile application for Android and iPhone leaks personally identifiable and confidential information, including the username and password to the associated account, lists of user-selected stock ticker symbols and associated positions, and HTTP cookies. Credit Discovered by Derek Abdine (@dabdine [https://twitter.com/dabdine]) of Rapid7, Inc., and disclosed in accordance wit

Read Full Post

• ...
• 5
• 6
• 7
• 8
• 9
• 10