Iain Smart- 17 Jan, 2025
Reproducing CVE-2024-9042: Command Injection in Windows Kubernetes Nodes
Recreating a vulnerability in log streaming via the Kubelet on Windows nodes
Read Article
David Cash
Richard Warren- 26 Dec, 2024
Delinea Protocol Handler - Remote Code Execution via Update Process (CVE-2024-12908)
The Delinea Protocol Handler suffers from a Remote Code Execution vulnerability in the sslauncher URL handler. This could be exploited by a malicious …
Read Article-
Richard Warren
-
David Cash
- 26 Nov, 2024
Introducing NachoVPN: One VPN Server to Pwn Them All
Is Your Corporate VPN Client Providing Access to More Than Just Your Employees?
Read Article-
David Cash
-
Richard Warren
- 26 Nov, 2024
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Read Article-
David Cash
-
Richard Warren
- 26 Nov, 2024
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
Read Article-
Richard Warren
- 08 Oct, 2024
Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)
Today, we are releasing the details of CVE-2024-37404, a zero-day vulnerability in the Ivanti Connect Secure product. This vulnerability allows an …
Read Article-
David Cash
-
Richard Warren
- 17 Sep, 2024
Skeleton Cookie: Breaking into Safeguard with CVE-2024-45488
Join us as we reveal how CVE-2024-45488 can let attackers gain access to your corporate password vault and uncover hidden secrets of Microsoft DPAPI.
Read Article-
David Cash
-
Richard Warren
- 04 Sep, 2024
One Identity SafeGuard for Privileged Passwords - Authentication Bypass (CVE-2024-45488)
SafeGuard for Privileged Passwords (SPP) virtual appliance images contain a hard-coded cryptographic key (CWE-321). An attacker can exploit this key …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
AmberWolf Uncovers Critical Vulnerabilities in Cato Client
As part of a recent client engagement, we conducted a product assessment of the Cato Client. During this assessment, we discovered significant …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato Client - Account Takeover Via Sensitive Log Data (CVE-2024-6977)
The Cato Client was found to store authentication data within the trace logs generated by the desktop client during SSO authentication.
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato Client - Local Privilege Escalation via OpenSSL Configuration File (CVE-2024-6975)
The OpenSSL implementation in the winvpnclient.cli.exe service executable is configured to load an openssl.cnf file from a location that does not …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato Client - Local Privilege Escalation via Self-Upgrade (CVE-2024-6974)
The Cato Client was found to use an insecure temporary folder for downloading and processing updates.
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato SSO - Open Redirect Leading to Config Theft
The web service used during the Cato SSO authentication flow was found to contain an Open Redirect issue, which could allow a remote attacker to …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Remote Code Execution via Crafted URLs (CVE-2024-6973)
The Cato Client suffers from a Remote Code Execution vulnerability which could be triggered via a URL handler, or via requests to the local webserver.
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato Client - Local Root Certificate Install as Low Privileged User (CVE-2024-6978)
The Cato Client allows a low-privileged, local user to install arbitrary Root CA Certificates in the computer’s certificate store.
Read Article