Tag Archives: allow

USBAnywhere vulnerabilities put Supermicro servers at risk

Security researchers discovered a set of vulnerabilities in Supermicro servers that could allow threat actors to remotely attack systems as if they had physical access to the USB ports.

Researchers at Eclypsium, based in Beaverton, Ore., discovered flaws in the baseboard management controllers (BMCs) of Supermicro servers and dubbed the set of issues “USBAnywhere.” The researchers said authentication issues put servers at risk because “BMCs are intended to allow administrators to perform out-of-band management of a server, and as a result are highly privileged components.

“The problem stems from several issues in the way that BMCs on Supermicro X9, X10 and X11 platforms implement virtual media, an ability to remotely connect a disk image as a virtual USB CD-ROM or floppy drive. When accessed remotely, the virtual media service allows plaintext authentication, sends most traffic unencrypted, uses a weak encryption algorithm for the rest, and is susceptible to an authentication bypass,” the researchers wrote in a blog post. “These issues allow an attacker to easily gain access to a server, either by capturing a legitimate user’s authentication packet, using default credentials, and in some cases, without any credentials at all.”

The USBAnywhere flaws make it so the virtual USB drive acts in the same way a physical USB would, meaning an attacker could load a new operating system image, deploy malware or disable the target device. However, the researchers noted the attacks would be possible on systems where the BMCs are directly exposed to the internet or if an attacker already has access to a corporate network.

Rick Altherr, principal engineer at Eclypsium, told SearchSecurity, “BMCs are one of the most privileged components on modern servers. Compromise of a BMC practically guarantees compromise of the host system as well.”

Eclypsium said there are currently “at least 47,000 systems with their BMCs exposed to the internet and using the relevant protocol.” These systems would be at additional risk because BMCs are rarely powered off and the authentication bypass vulnerability can persist unless the system is turned off or loses power.

Altherr said he found the USBAnywhere vulnerabilities because he “was curious how virtual media was implemented across various BMC implementations,” but Eclypsium found that only Supermicro systems were affected.

According to the blog post, Eclypsium reported the USBAnywhere flaws to Supermicro on June 19 and provided additional information on July 9, but Supermicro did not acknowledge the reports until July 29.

“Supermicro engaged with Eclypsium to understand the vulnerabilities and develop fixes. Supermicro was responsive throughout and worked to coordinate availability of firmware updates to coincide with public disclosure,” Altherr said. “While there is always room for improvement, Supermicro responded in a way that produced an amicable outcome for all involved.”

Altherr added that customers should “treat BMCs as a vulnerable device. Put them on an isolated network and restrict access to only IT staff that need to interact with them.”

Supermicro noted in its security advisory that isolating BMCs from the internet would reduce the risk to USBAnywhere but not eliminate the threat entirely . Firmware updates are currently available for affected Supermicro systems, and in addition to updating, Supermicro advised users to disable virtual media by blocking TCP port 623.

Go to Original Article
Author:

Zoom vulnerability reveals privacy issues for users

Zoom faced privacy concerns after the disclosure of a vulnerability that could allow threat actors to use the video conferencing software to spy on users.

The Zoom vulnerability, originally reported to only affect the Mac version of the software, has been found to partially affect Windows and Linux as well. Jonathan Leitschuh, software engineer at open source project Gradle, disclosed the Zoom vulnerability in a blog post earlier this week and said it “allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.”

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call,” Leitschuh added. “Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

According to Leitschuh, it took Zoom 10 days to confirm the vulnerability and in a meeting on June 11, he told Zoom there was a way to bypass the planned fix, but Zoom did not address these concerns when Zoom reported the vulnerability fixed close to two weeks later. The Zoom vulnerability resurfaced on July 7, Leitschuh disclosed on July 8 and Zoom patched the Mac client on July 9. Zoom also worked with Apple on a silent background update for Mac users, released July 10, which removed the Zoom localhost from systems.

“Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner,” Leitschuh wrote. “An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack.” 

Zoom — whose video conferencing software is used by more than 4 million users in approximately 750,000 companies around the world — downplayed the severity of the issue and refuted Leitschuh’s characterization of the company.

This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider.
Tom PattersonChief trust officer, Unisys

“Once the issue was brought to our Security team’s attention, we responded within ten minutes, gathering additional details, and proceeded to perform a risk assessment,” Richard Farley, CISO at Zoom, wrote in the company’s response. “Our determination was that both the DOS issue and meeting join with camera on concern were both low risk because, in the case of DOS, no user information was at risk, and in the case of meeting join, users have the ability to choose their camera settings.”

“To be clear, the host or any other participant cannot override a user’s video and audio settings to, for example, turn their camera on,” Farley added. 

Both the disclosure and response from Zoom portrayed the issue as only affecting the Mac client, but Alex Willmer, Python developer for CGI, wrote on Twitter that the Zoom vulnerability affected Windows and Linux as well.

“In particular, if zoommtg:// is registered as a protocol handler with Firefox then [Zoom] joins me to the call without any clicks,” Willmer tweeted. “To be clear, a colleague and I saw the auto-join/auto-webcam/auto-microphone behavior with Firefox, and Chromium/Chrome; on Linux, and Windows. We did not find any webserver on port 19421 on Linux. We didn’t check Windows for the webserver.”

Leitschuh confirmed Willmer’s discovery, but it is unclear if Zoom is working to fix these platform clients. Leitschuh also noted in his disclosure that the issue affects a whitehite label version of Zoom licensed to VoIP provider RingCentral. It is unclear if RingCentral has been patched.

Leitschuh told SearchSecurity via Twitter DM that “Zoom believes the Windows/Linux vulnerabilities are the browser vendors’ to fix,” but he disagrees.

Zoom did not respond to requests for comment at the time of this post.

Tom Patterson, chief trust officer at Unisys, said the tradeoff between security and ease of use is “not always a fair trade.”

“The fact that uninstalling any app doesn’t completely uninstall all components runs counter to engendering trust. In this case, it’s an architectural decision made by the manufacturers which appears to be designed to make operations much easier for users,” Patterson told SearchSecurity. “This trust tradeoff, between making it easy and making it secure, is something that every consumer should consider.”

Go to Original Article
Author:

Logitech 2.0 USB Speakers

In excellent condition. Has been slightly modified to allow for wall mounting. Model Z120

Price and currency: 10
Delivery: Delivery cost is included within my country
Payment method: PPG
Location: Landan
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By…

Logitech 2.0 USB Speakers

Logitech 2.0 USB Speakers

In excellent condition. Has been slightly modified to allow for wall mounting. Model Z120

Price and currency: 10
Delivery: Delivery cost is included within my country
Payment method: PPG
Location: Landan
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By…

Logitech 2.0 USB Speakers

Whole PC, i7, 1080, 16gb etc

Selling this baddie… being a dad doesnt allow me to play around with my pc much anymore, so I am forced to downsize. Specs:

Case – Gamemax Sapphire Mirror – £60
Cpu – Intel i7 -6700k delidded OC 4.5 @1.28v – £175
Mobo – Asus Sabertooth Z170 Mark 1 painted white, thermal armour cut up top (not visible) – £50
Ram – Corsair vengeance lpx 4×4 GB 2400, XMP to 2666mhz – £130
GPU – MSI GTX 1080 EK Seahawk X – £500
PSU – Corsair AX860 Platinum PSU 860W – £80
Cooling – EK Slim360 watercooling…

Whole PC, i7, 1080, 16gb etc

Whole PC, i7, 1080, 16gb etc

Selling this baddie… being a dad doesnt allow me to play around with my pc much anymore, so I am forced to downsize. Specs:

Case – Gamemax Sapphire Mirror – £60
Cpu – Intel i7 -6700k delidded OC 4.5 @1.28v – £175
Mobo – Asus Sabertooth Z170 Mark 1 painted white, thermal armour cut up top (not visible) – £50
Ram – Corsair vengeance lpx 4×4 GB 2400, XMP to 2666mhz – £130
GPU – MSI GTX 1080 EK Seahawk X – £500
PSU – Corsair AX860 Platinum PSU 860W – £80
Cooling – EK Slim360 watercooling…

Whole PC, i7, 1080, 16gb etc

Whole PC, i7, 1080, 16gb etc

Selling this baddie… being a dad doesnt allow me to play around with my pc much anymore, so I am forced to downsize. Specs:

Case – Gamemax Sapphire Mirror – £60
Cpu – Intel i7 -6700k delidded OC 4.5 @1.28v – £175
Mobo – Asus Sabertooth Z170 Mark 1 painted white, thermal armour cut up top (not visible) – £50
Ram – Corsair vengeance lpx 4×4 GB 2400, XMP to 2666mhz – £130
GPU – MSI GTX 1080 EK Seahawk X – £500
PSU – Corsair AX860 Platinum PSU 860W – £80
Cooling – EK Slim360 watercooling…

Whole PC, i7, 1080, 16gb etc

Logitech 2.0 USB Speakers

In excellent condition. Has been slightly modified to allow for wall mounting.

Price and currency: 10
Delivery: Delivery cost is included within my country
Payment method: PPG
Location: Landan
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to…

Logitech 2.0 USB Speakers

Logitech 2.0 USB Speakers

In excellent condition. Has been slightly modified to allow for wall mounting.

Price and currency: 10
Delivery: Delivery cost is included within my country
Payment method: PPG
Location: Landan
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to…

Logitech 2.0 USB Speakers

Critical Cisco ASA vulnerability patched against remote attacks

A new critical flaw in Cisco’s Adaptive Security Appliance software could allow dangerous remote attacks and requires a patch to mitigate.

The Cisco ASA vulnerability received the highest severity rating of 10.0 on CVSS and according to Cisco, it could “allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.”

“The vulnerability is due to an attempt to double free a region of memory when the webvpn feature is enabled on the Cisco ASA device. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system,” Cisco wrote in a security advisory. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, or cause a reload of the affected device.”

Kevin Beaumont, a security architect based in the UK, said on Twitter the Cisco ASA vulnerability was disclosed early and called it “one of the bigger bugs.”

According to the official advisory, the Cisco ASA vulnerability has no mitigations, and the only way to secure affected devices is to apply the patch.

Potential damage

Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposures Research Team, said the Cisco ASA vulnerability could be exploited by an attacker “to harvest credentials as well as to monitor and manipulate traffic which should be protected by the VPN.”  

“The danger is further compounded by the fact that attackers can easily locate public SSL VPN terminals through services like Shodan as well as by searching certificate transparency logs for security certificates containing the word VPN,” Young told SearchSecurity. “In general, an attacker must have some degree of knowledge or control over the remote memory layout. In practical terms, this means that attackers will need to study the vulnerability and develop reliable exploit methods specific for different firmware versions. Developing these exploits would not be within reach of the average hacker as it requires rather extensive knowledge about the ASA operating system and how it manages system memory.”

Mounir Hahad, head of threat research at Juniper Networks, said described a range of attacks that could leverage the Cisco ASA vulnerability.                                       

“Typically, WebVPN is enabled on edge firewalls, which means this particular vulnerability is exploitable directly from the internet. It is fairly easy to exploit as it only requires crafting specific XML packets to a WebVPN configured device. An attacker could take full control of the firewall: they could change the running configuration of the device, allow inbound traffic that should be blocked and infiltrate the organization,” Hahad told SearchSecurity. “They could also simply launch a denial of service attack by restarting the device continuously, which will basically shutdown internet connectivity to an entire organization. For cloud services, the entire service could go offline.”