[0day] Digium Asterisk OS Command Injection Vulnerability Davy Douhine December 6, 2017 0day Abstract Last summer during a pentest for a client we came across a product made by an international provider of intercom systems which uses the very popular Asterisk communication software and found a trivial remote command execution vulnerability in its latest GUI (2.1.0). Continue reading
[0day] LogicalDOC - from guest to root Florent July 28, 2017 0day LogicalDOC is a DMS (Document Management System) available either in a community (and free) edition, or in a professional (and expensive) version. This type of product is normally used to share and access doc from « everywhere » as they say on their website: « Your documents – Always accessible, from anywhere, at any time » which means web interfaces widely open on the internet. Continue reading
TheHive pentest Davy Douhine April 20, 2017 Pentest Do you know TheHive and Cortex? TheHive is a free and open-source security incident response platform which relies on Cortex to analyze observables (IP, email addresses, domain names, etc…). Continue reading
[0day] Anonymous RCE on Geutebruck IP Cameras Davy Douhine February 15, 2017 0day Abstract Last summer during a pentest for a client we came across high-end IP cameras made by Geutebruck, a “leading German manufacturer and developer of high-quality, intelligent video security solutions” (source: [http://www.sourcesecurity.com/companies/enhanced-company-listing/geutebruck-gmbh.html] (http://www.sourcesecurity.com/companies/enhanced-company-listing/geutebruck-gmbh.html)) and found a trivial remote command execution vulnerability (0day) affecting version 1.11.0.12 and prior versions. We’ve choose to “responsible disclose” it, directly to Geutebruck and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). Probably the best option as the Mirai botnet was actively exploiting IP cams at that time. Since then a new firmware has been released (1.11.0.12) to patch that, ICS-CERT has released an advisory and a CVE (CVE-2017-5173) has been assigned. Continue reading
[0day] Authentication Bypass on Belden Hirschmann GECKO switches Davy Douhine February 2, 2017 0day Abstract Last summer during a pentest for a client we came across industrial switches made by Hirschmann: a Belden Brand, (which) provides the industry with leading Ethernet networking technology and sets the industrial networking standards for quality, reliability and service. (Source: http://www.belden.com/aboutbelden/brands/Hirschmann.cfm ) and found a few unknown vulnerabilities (0day) affecting version 2.0.00 and prior versions. We’ve choose to “responsible disclose” them, directly to Hirschmann and the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). Since then a new firmware has been released (2.0.01) to patch one of them (the most critical). ICS-CERT has released an advisory and a CVE (CVE-2017-5163) has been assigned. Continue reading
