Over the course of the last 2 years we performed vulnerability research on several Endpoint Management & Monitoring Solutions. The results were already partially presented in security advisories which were published on this blog during the last two years. The advisories can be found here:Continue reading
Updated on 20.06.22 with CVEs and link to Broadcom Security Notice.
In April 2021 we reported seven vulnerabilities in Broadcom Automic Automation (UC4) 12.3.5+hf.3. CVE IDs were assigned on 16.06.22, the corresponding Broadcom Security Notice can be found here.
The vulnerabilities have been found in the course of a research project, in which we analyzed the security of multiple Endpoint Management solutions. Similar vulnerabilities have been found in other solutions as we pointed out in previous posts about the Ivanti DSM Suite, Nagios XI, and Solarwinds N-Central. The outcome of the research project will be published as a whitepaper and a conference talk at Troopers 2022.
In this blog post we will provide a short description of the vulnerabilities outlining the impact. More technical details will be published in the whitepaper and conference talk. All vulnerabilities were found in Broadcom Automic Automation (UC4) version 12.3.5+hf.3.Continue reading
In June 2020 we reported three vulnerabilities in Nagios XI 5.7.1 to the vendor.
The following CVE IDs were assigned to the issues :
- CVE-2020-15901: Command Injection in Nagios XI web interface (RCE)
- CVE-2020-15902: Cross Site Scripting (XSS)
- CVE-2020-15903: Reserved, details will be given on vendor fix
CVE-2020-15901 and CVE-2020-15902 have meanwhile been fixed in version 5.7.2 according to the changelog on the Nagios website (https://www.nagios.com/downloads/nagios-xi/change-log/). CVE-2020-15903 is currently being worked on by the vendor and will probably be fixed in the near future.Continue reading
From the end of 2019 on, we reported two critical vulnerabilities in the Ivanti DSM Suite to the vendor. The following CVE IDs were assigned to the issues (but note that they have a status of RESERVED, i.e. titles and descriptions may change in the future):
- CVE-2020-12441: Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4
- CVE-2020-13793: Unsafe storage of AD credentials in Ivanti DSM netinst 5.1
The vulnerabilities have meanwhile been fixed and an updated software version can be downloaded here. Continue reading “Security Advisories for Ivanti DSM Suite”Continue reading