theDocumentId => 1336537 VPN Flaw Allows Criminal Access to Everything on ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/5/2019
04:00 PM
100%
0%

VPN Flaw Allows Criminal Access to Everything on Victims' Computers

Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.

A VPN vulnerability that provided both initial access to a victim's computer and privilege escalation once access was granted has been disclosed. The vulnerability in the Aviatrix VPN client, used by large organizations such as NASA and Shell, has been patched in all versions and is available for download.

Immersive Labs researcher and content engineer Alex Seymour discovered the vulnerability in early October. After noting evidence that a pair of Web servers were launched during the VPN client's open sequence, he found the servers and the Python used to create them had known issues, especially with the very lax permissions given the servers during the sequence.

Seymour was able to show proof of the privilege escalation that would allow an attacker to run essentially any random code desired on the targeted machine. Aviatrix responded to the notice of the breach and patched the vulnerability in less than a month. Both Aviatrix and Seymour recommend that all Aviatrix VPN client users update to the latest version as soon as possible.

Read more here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "10 Security 'Chestnuts' We Should Roast Over the Open Fire."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dr1983
50%
50%
dr1983,
User Rank: Apprentice
2/18/2020 | 4:03:56 AM
Kudos!
This article opened my eyes to the number of ways I leave myself and my information vulnerable to cyber attacks. Just recently I subscribed to a VPN for my travels in another country with no second thought. Scary stuff!!! Thanks for the article!  - Donny R. 
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25790
PUBLISHED: 2021-07-23
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
CVE-2021-25791
PUBLISHED: 2021-07-23
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVE-2021-23412
PUBLISHED: 2021-07-23
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
CVE-2021-3159
PUBLISHED: 2021-07-23
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
CVE-2021-25203
PUBLISHED: 2021-07-23
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.