7 Hot Cyber Threat Trends to Expect at Black Hat

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-3198
PUBLISHED: 2021-07-22

By abusing the ‘install rpm url’ command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

CVE-2021-3540
PUBLISHED: 2021-07-22

By abusing the ‘install rpm info detail’ command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0.

CVE-2021-3619
PUBLISHED: 2021-07-22

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velo…

CVE-2018-11662
PUBLISHED: 2021-07-22

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

CVE-2018-11663
PUBLISHED: 2021-07-22

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.