4 min
Vulnerability Disclosure
R7-2019-39 | CVE-2019-5648: LDAP Credential Exposure in Barracuda Load Balancer ADC (FIXED)
This post describes CVE-2019-5648, a vulnerability in the Barracuda Load Balancer ADC.
11 min
Vulnerability Disclosure
R7-2019-09 | CVE-2019-5617, CVE-2019-5643, CVE-2019-5644: C4G BLIS authentication and authorization vulnerabilities (FIXED)
This disclosure describes R7-2019-09, composed of three vulnerabilities in the
Basic Laboratory Information System (BLIS). Due to flawed authentication and
authorization verification, versions of BLIS < 3.5 are vulnerable to
unauthenticated password resets (R7-2019-09.1), and versions of BLIS < 3.51 are
vulnerable to unauthenticated enumeration of facilities and usernames
(R7-2019-09.2) as well as unauthenticated updates to user information
(R7-2019-09.3).
These vulnerabilities are summarized i
8 min
Vulnerability Disclosure
Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up
Today (October 29, 2018) we are sharing several vulnerabilities that have been fixed in Rapid7 products and supporting services.
3 min
Vulnerability Disclosure
R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)
This post describes CVE-2018-5553, a vulnerability in the Crestron Console
service that is preinstalled on the DGE-100. Due to a lack of input
sanitization, this service is vulnerable to command injection that can be used
to gain root-level access. DGE-100 devices running firmware versions
1.3384.00049.001 and lower with default configuration are vulnerable to
CVE-2018-5553.
CVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special
Elements used in an OS Command) [https://cwe.m
7 min
Vulnerability Disclosure
Shoring up the defenses together: 2018Q1 wrap-up
Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed
in Rapid7 products and supporting services. You won’t need to take any actions:
all of the issues have been addressed. We are disclosing these vulnerabilities
in order to be transparent, to thank those that take the time to report security
issues responsibly, and to provide a few reminders of security concerns that you
should audit for in your own organization.
Dynamically-generated web server access policies
Generat
2 min
Metasploit
Metasploit Wrapup: Oct. 27, 2017
Would you like to help Metasploit Framework and get a free t-shirt?
There is still a bit of October left, which means you can totally still sign up
for Hacktoberfest [https://hacktoberfest.com/]: a fun annual project to
encourage open source software contributions! Make four pull requests on any
open source GitHub project by Oct 31, and you might find yourself some joy and
fulfilment—but at least a free t-shirt.
Check out the Contribute section on the refreshed metasploit.com
[https://metasploi
2 min
Metasploit Weekly Wrapup
Metasploit Wrapup: Oct. 20, 2017
Exploits for hours. Gather 'round with a pocket full of shells.
4 min
Vulnerability Disclosure
R7-2017-08: BPC SmartVista SQL Injection Vulnerability
Important update: 2018/01/25
BPC informed Rapid7 that this vulnerability only impacted the specified version
of SmartVista Front-End (2.2.10, revision 287921), which had very limited
distribution. Once the vulnerability described below was discovered, BPC
released a patch on Jul 19, 2017, before the issuance of the public disclosure
by Rapid7 on Oct 17, 2017. We have no reason to believe that any other versions
of SmartVista Front-End are vulnerable to this issue. Rapid7 believed the issue
to st
6 min
Vulnerability Disclosure
Vulnerabilities Affecting Four Rapid7 Products (FIXED)
Today we are announcing four fixed vulnerabilities in four Rapid7 products,
summarized in the table below. These issues are low to medium severity (mostly
due to the high exploitation requirements), but we want to make sure that our
customers have all the information they need to make informed security
decisions. This article includes detailed descriptions of the vulnerabilities,
as well as how to ensure they are mitigated in your environment. Some of the
updates are automatic, but some may requ
8 min
Vulnerability Disclosure
Multiple vulnerabilities in Wink and Insteon smart home systems
Today we are announcing four issues affecting two popular home automation
solutions: Wink's Hub 2 and Insteon's Hub. Neither vendor stored sensitive
credentials securely on their associated Android apps. In addition, the Wink
cloud-based management API does not properly expire and revoke authentication
tokens, and the Insteon Hub uses an unencrypted radio transmission protocol for
potentially sensitive security controls such as garage door locks.
As most of these issues have not yet been addres
5 min
Authentication
R7-2017-07: Multiple Fuze TPN Handset Portal vulnerabilities (FIXED)
This post describes three security vulnerabilities related to access controls
and authentication in the TPN Handset Portal, part of the Fuze platform. Fuze
fixed all three issues by May 6, 2017, and user action is not required to
remediate. Rapid7 thanks Fuze for their quick and thoughtful response to these
vulnerabilities:
* R7-2017-07.1, CWE-284 (Improper Access Control)
[https://cwe.mitre.org/data/definitions/284.html]: An unauthenticated remote
attacker can enumerate through MAC addr
2 min
Vulnerability Disclosure
R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, Express, and Community editions (FIXED)
Summary
A vulnerability in Metasploit Pro, Express, and Community was patched in
Metasploit v4.14.0 (Update 2017061301)
[https://help.rapid7.com/metasploit/release-notes/archive/2017/06/#20170613].
Routes used to stop running tasks (either particular ones or all tasks) allowed
GET requests. Only POST requests should have been allowed, as the stop/stop_all
routes change the state of the service. This could have allowed an attacker to
stop currently-running Metasploit tasks by getting an authenti
4 min
Nexpose
R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms
Summary
Nexpose [https://www.rapid7.com/products/nexpose/] physical appliances shipped
with an SSH configuration that allowed obsolete algorithms to be used for key
exchange and other functions. Because these algorithms are enabled, attacks
involving authentication to the hardware appliances are more likely to succeed.
We strongly encourage current hardware appliance owners to update their systems
to harden their SSH configuration using the steps outlined under “Remediation”
below. In addition,
3 min
Vulnerability Disclosure
R7-2017-05 | CVE-2017-3211: Centire Yopify Information Disclosure
This post describes a vulnerability in Yopify (a plugin for various popular
e-commerce platforms), as well as remediation steps that have been taken. Yopify
leaks the first name, last initial, city, and recent purchase data of customers,
all without user authorization. This poses a significant privacy risk for
customers. This vulnerability is characterized as: CWE-213 (Intentional
Information Disclosure) [https://cwe.mitre.org/data/definitions/213.html].
Product Description
Yopify [https://yopi
4 min
Vulnerability Disclosure
R7-2017-01: Multiple Vulnerabilities in Double Robotics Telepresence Robot
This post describes three vulnerabilities in the Double Robotics Telepresence
Robot ecosystem related to improper authentication, session fixation, and weak
Bluetooth pairing. We would like to thank Double Robotics for their prompt
acknowledgement of the vulnerabilities, and in addressing the ones that they
considered serious. Two of the three vulnerabilities were patched via updates to
Double Robotics servers on Mon, Jan 16, 2017.
Credit
These issues were discovered by Rapid7 researcher Deral