The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: remote code execution

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

May 16, 2022Ravie Lakshmanan
Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday  added  two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its  Known Exploited Vulnerabilities Catalog , citing evidence of active exploitation. Tracked as  CVE-2022-30525 , the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system. Impacted devices include - USG FLEX 100, 100W, 200, 500, 700 USG20-VPN, USG20W-VPN ATP 100, 200, 500, 700, 800, and VPN series The issue, for which patches were released by the Taiwanese firm in late April (ZLD V5.30), became public knowledge on May 12 following a coordinated disclosure process with Rapid7. Source: Shadowserver Merely a day later, the Shadowserver Foundation  said  it began detecting exploitation attempts,
Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability

Researchers Develop RCE Exploit for the Latest F5 BIG-IP Vulnerability

May 08, 2022Ravie Lakshmanan
Days after F5 released patches for a critical remote code execution vulnerability affecting its BIG-IP family of products, security researchers are warning that they were able to create an exploit for the shortcoming. Tracked  CVE-2022-1388  (CVSS score: 9.8), the flaw relates to an iControl REST authentication bypass that, if successfully exploited, could lead to remote code execution, allowing an attacker to gain initial access and take control of an affected system. This could range anywhere from deploying cryptocurrency miners to dropping web shells for follow-on attacks, such as information theft and ransomware. "We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP," cybersecurity company Positive Technologies  said  in a tweet on Friday. "Patch ASAP!" The critical security vulnerability impacts the following versions of BIG-IP products - 16.1.0 - 16.1.2 15.1.0 - 15.1.5 14.1.0 - 14.1.4 13.1.0 - 13.1.4 12.1.0 - 12.1.6 11.6.1 - 11.6.5 Fixe
Critical RCE Bug Reported in dotCMS Content Management Software

Critical RCE Bug Reported in dotCMS Content Management Software

May 04, 2022Ravie Lakshmanan
A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and " used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as CVE-2022-26352 , stems from a directory traversal attack when performing file uploads, enabling an adversary to execute arbitrary commands on the underlying system. "An attacker can upload arbitrary files to the system," Shubham Shah of Assetnote  said  in a report. "By uploading a JSP file to the tomcat's root directory, it is possible to achieve code execution, leading to command execution." In other words, the arbitrary file upload flaw can be abused to replace already existing files in the system with a web shell, which can then be used to gain persistent remote access. Although the exploit made it possible to write to arbitrary JavaScript files bei
Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

April 25, 2022Ravie Lakshmanan
Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to "execute commands remotely within [through] VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved uploading a DjVu file via the platform's web user interface that when passed to multiple third-party malware scanning engines could trigger an exploit for a high-severity remote code execution flaw in ExifTool , an op
Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

April 14, 2022Ravie Lakshmanan
Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier  CVE-2022-22966 , has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware  said  in an advisory. VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies. The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clou
Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

April 13, 2022Ravie Lakshmanan
A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as  CVE-2022-22954 , the security shortcoming relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The bug is rated 9.8 in severity. "A malicious actor with network access can trigger a server-side  template injection  that may result in remote code execution," the company  noted  in its advisory. The virtualization services provider has since revised its bulletin to warn customers of confirmed exploitation of CVE-2022-22954 occurring in the wild. Cybersecurity firm Bad Packets also  corroborated  that it detected attempts to weaponize the vulnerability. Source:  Bad Packets It's worth noting that the patches shipped last week address seven more vulnerabilities in VMwar
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

March 30, 2022Ravie Lakshmanan
A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher  briefly leaked  a  proof-of-concept  (PoC)  exploit  on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit ( JDK ) versions 9 and later and is a bypass for another vulnerability tracked as  CVE-2010-1622 , enabling an unauthenticated attacker to execute arbitrary code on the target system. Spring is a  software framework  for building Java applications, including web apps on top of the Java EE (Enterprise Edition) platform. "In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system," researchers Anthony Weems and Dallas Kaman  said . "However, exploitation of different configurations will require the attacker to do additional research t
Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

Another Critical RCE Discovered in Adobe Commerce and Magento Platforms

February 17, 2022Ravie Lakshmanan
Adobe on Thursday updated its advisory for an  actively exploited zero-day  affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as  CVE-2022-24087 , the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an " Improper Input Validation " bug that could result in the execution of malicious code. "We have discovered additional security protections necessary for CVE-2022-24086 and have released an update to address them (CVE-2022-24087)," the company  said  in a revised bulletin. "Adobe is not aware of any exploits in the wild for the issue addressed in this update (CVE-2022-24087)." As before, Adobe Commerce and Magento Open Source versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are impacted by CVE-2022-24087, but it's worth noting that versions 2.3.0 to 2.3.3 are not vulnerable. "A new patc
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

February 15, 2022Ravie Lakshmanan
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution (RCE) on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog,  said  in a technical write-up published Tuesday. Apache Cassandra is an open-source, distributed, NoSQL database management system for managing very large amounts of structured data across commodity servers. Tracked as  CVE-2021-44521  (CVSS score: 8.4), the vulnerability concerns a specific scenario where the configuration for user-defined functions ( UDFs ) are enabled, effectively allowing an attacker to leverage the  Nashorn  JavaScript engine, escape the sandbox, and achieve execution of untrusted code. Specifically, it was fou
Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites

Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites

February 09, 2022Ravie Lakshmanan
Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that's used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is  used  to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system's Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows - CVE-2022-24663  - Remote Code Execution by Subscriber+ users via shortcode CVE-2022-24664  - Remote Code Execution by Contributor+ users via metabox, and CVE-2022-24665  - Remote Code Execution by Contributor+ users via gutenberg block Successful exploitation of the three vulnerabilities could result in the execution of malicious PHP code that could be leveraged to achieve a complete site takeover. WordPres
Critical Flaws Discovered in Cisco Small Business RV Series Routers

Critical Flaws Discovered in Cisco Small Business RV Series Routers

February 03, 2022Ravie Lakshmanan
Cisco has patched multiple critical  security vulnerabilities  impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers. Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even cause denial-of-service (DoS) conditions. The networking equipment maker acknowledged that it's "aware that proof-of-concept exploit code is available for several of the vulnerabilities" but didn't share any further specifics on the nature of the exploit or the identity of the threat actors that may be exploiting them. CVE-2022-20699
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

January 07, 2022Ravie Lakshmanan
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as  CVE-2021-42392 , is the "first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell vulnerability, namely JNDI remote class loading," JFrog researchers Andrey Polkovnychenko and Shachar Menashe  said . H2  is an open-source relational database management system written in Java that can be embedded within applications or run in a client-server mode. According to the  Maven Repository , the H2 database engine is used by 6,807 artifacts. JNDI, short for Java Naming and Directory Interface, refers to an API that provides naming and directory functionality for Java applications, which can use the API in conjunction with LDAP to locate a specific resource that it might
New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw

December 21, 2021Ravie Lakshmanan
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker," SophosLabs researchers Andrew Brandt and Stephen Ormandy  said  in a new report published Tuesday. CVE-2021-40444  (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021  Patch Tuesday updates , it has been put to use in  multiple attacks  ever since details pertaining to the flaw became public. That same month, the technology giant  uncov
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

December 12, 2021Ravie Lakshmanan
Threat actors are actively weaponizing unpatched servers affected by the newly identified " Log4Shell " vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo 360,  disclosed  threats such as  Mirai  and  Muhstik  (aka Tsunami) are setting their sights on vulnerable systems to spread the infection and grow its computing power to orchestrate distributed denial-of-service (DDoS) attacks with the goal of overwhelming a target and rendering it unusable. Muhstik was previously spotted exploiting a critical security flaw in Atlassian Confluence ( CVE-2021-26084 , CVSS score: 9.8) earlier this September. The latest development comes as it has emerged that the vulnerability has been under attack for at least more than a week prior to its public disclosure on D
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

November 18, 2021Ravie Lakshmanan
Networking equipment company Netgear has  released  yet  another round  of  patches  to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as  CVE-2021-34991  (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ( UPnP ) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet. Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices. Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRI
Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module

November 04, 2021Ravie Lakshmanan
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication ( TIPC ) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability "can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne  said  in a report published today and shared with The Hacker News. TIPC is a transport layer  protocol   designed  for nodes running in dynamic cluster environments to reliably communicate with each other in a manner that's more efficient and fault-tolerant than other protocols such as TCP. The vulnerability identified by SentinelOne has to do with insufficient validation of user-supplied sizes for a new message type called "
High-Severity RCE Flaw Disclosed in Several Netgear Router Models

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

September 21, 2021Ravie Lakshmanan
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as  CVE-2021-40847  (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700 (fixed in firmware version 1.0.2.26) R6700v3 (fixed in firmware version 1.0.4.120) R6900 (fixed in firmware version 1.0.2.26) R6900P (fixed in firmware version 3.3.142_HOTFIX) R7000 (fixed in firmware version 1.0.11.128) R7000P (fixed in firmware version 1.3.3.142_HOTFIX) R7850 (fixed in firmware version 1.0.5.76) R7900 (fixed in firmware version 1.0.4.46) R8000 (fixed in firmware version 1.0.4.76) RS400 (fixed in firmware version 1.5.1.80) According to GRIMM security researcher Adam Nichols, the vulnerability resides within Circle , a third-party component included in the firmware that offer
Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

Microsoft Warns of Another Unpatched Windows Print Spooler RCE Vulnerability

August 11, 2021Ravie Lakshmanan
A day after releasing  Patch Tuesday updates , Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it's working to remediate the issue in an upcoming security update. Tracked as  CVE-2021-36958  (CVSS score: 7.3), the unpatched flaw is the latest to join a  list  of  bugs  collectively known as  PrintNightmare  that have plagued the printer service and come to light in recent months. Victor Mata of FusionX, Accenture Security, who has been credited with reporting the flaw,  said  the issue was disclosed to Microsoft in December 2020. "A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations," the company said in its out-of-band bulletin, echoing the vulnerability details for  CVE-2021-34481 . "An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then
CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

July 17, 2021Ravie Lakshmanan
Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that's  used by 12.7% of all websites  on the internet. CDNJS is a free and open-source content delivery network (CDN) that serves about  4,041 JavaScript and CSS libraries , making it the  second most popular  CDN for JavaScript after Google Hosted Libraries. The weakness concerned an issue in the CDNJS library update server that could potentially allow an attacker to execute arbitrary commands, leading to a complete compromise. The vulnerability was discovered and reported by security researcher RyotaK on April 6, 2021. There is no evidence of in-the-wild attacks abusing this flaw. Specifically, the vulnerability works by publishing packages to Cloudflare's CDNJS using GitHub and npm, using it to trigger a  path traversal vulnerability , and ultimately trick the server into executing arbitrary code, thus achieving remote code execution. It's wor
Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days

July 13, 2021Ravie Lakshmanan
Microsoft rolled out  Patch Tuesday updates  for the month of July with fixes for a total of 117 security vulnerabilities, including nine zero-day flaws, of which four are said to be under active attacks in the wild, potentially enabling an adversary to take control of affected systems.  Of the 117 issues, 13 are rated Critical, 103 are rated Important, and one is rated as Moderate in severity, with six of these bugs publicly known at the time of release.  The updates span across several of Microsoft's products, including Windows, Bing, Dynamics, Exchange Server, Office, Scripting Engine, Windows DNS, and Visual Studio Code. July also marks a dramatic jump in the volume of vulnerabilities, surpassing the number Microsoft collectively addressed as part of its updates in  May  (55) and  June  (50). Chief among the security flaws actively exploited are as follows — CVE-2021-34527  (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability (publicly disclosed
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.