Misc

Security Advisories for SolarWinds N-Central

In August 2020 we reported six vulnerabilities in SolarWinds N-Central 12.3.0.670 to the vendor.
The following CVE IDs were assigned to the issues :
  • CVE-2020-25617: RCE in N-Central Administration Console (AdvancedScripts Endpoint)
  • CVE-2020-25618: Local Privilege Escalation from nable User to root (N-Central Backend Server)
  • CVE-2020-25619: Access to Internal Services through SSH Port Forwarding (N-Central Backend Server)
  • CVE-2020-25620: SolarWinds Support Account with Default Credentials
  • CVE-2020-25621: Local Database does not require Authentication (N-Central Backend Server)
  • CVE-2020-25622: CSRF in N-Central Administration Console (AdvancedScripts Endpoint)
The vulnerabilities have been found in the course of an extensive research project, in which we analyze the security of multiple Unified Endpoint Management (UEM) solutions. Similar vulnerabilities have been found in other solutions as we pointed out in previous posts about the Ivanti DSM Suite and Nagios XI. The final outcome of the research project will be published as a whitepaper and possibly conference talk as soon as the project including all disclosure processes concludes.
We will provide a short description of the CVEs outlining the impact of the vulnerabilities. Technical details will be published in a whitepaper as mentioned above. All six vulnerabilities have been verified for SolarWinds N-Central 12.3.0.670.
Continue reading
Misc

Security Advisories for Nagios XI

In June 2020 we reported three vulnerabilities in Nagios XI 5.7.1 to the vendor.
The following CVE IDs were assigned to the issues :

  •  CVE-2020-15901: Command Injection in Nagios XI web interface (RCE)
  •  CVE-2020-15902: Cross Site Scripting (XSS)
  •  CVE-2020-15903: Reserved, details will be given on vendor fix

CVE-2020-15901 and CVE-2020-15902 have meanwhile been fixed in version 5.7.2 according to the changelog on the Nagios website (https://www.nagios.com/downloads/nagios-xi/change-log/). CVE-2020-15903 is currently being worked on by the vendor and will probably be fixed in the near future.

Continue reading “Security Advisories for Nagios XI”

Continue reading
Misc

Security Advisories for Ivanti DSM Suite

From the end of 2019 on, we reported two critical vulnerabilities in the Ivanti DSM Suite to the vendor. The following CVE IDs were assigned to the issues (but note that they have a status of RESERVED, i.e. titles and descriptions may change in the future):

  • CVE-2020-12441: Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4
  • CVE-2020-13793: Unsafe storage of AD credentials in Ivanti DSM netinst 5.1

The vulnerabilities have meanwhile been fixed and an updated software version can be downloaded here. Continue reading “Security Advisories for Ivanti DSM Suite”

Continue reading