Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143PUBLISHED: 2023-03-27In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145PUBLISHED: 2023-03-27Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655PUBLISHED: 2023-03-27Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.
User Rank: Moderator
8/30/2017 | 10:11:28 AM
One more thing that I would like to know from you guys is: Where can I find a list of the Android PlayStore apps that were taken down as part of this WireX forensic investigation?
(I sure would like to know if I have any of these apps installed on my android devices, and I would like to advise my clients, family and friends about these poisoned apps.)
After the who, what , where, when, why and how, there is also an imperative to find out what ACTIONS to take next. Uninstalling infected apps is a clear next step, but where is the information & guidance on this?
Thanks for a very informative article. I always look forward to reading your work!
Regards,
Big Al