Ixia ATI Update 2017-11 (308102)

Enhancements

Ticket Info
US68632 Added NEW Smart StrikeList called "ShadowBroker Strikes". This list includes strikes covering vulnerabilities targeted by ShadowBrokers exploit tools https://github.com/misterch0c/shadowbroker .
US66771 Updated strike CVE 2017-0199 (strikeID: E17-0bfb8) references to include URL with the public PoC published on gitHub. Also updated strike to generate 8 distinct attack variants.
US68635 Updated strike CVE 2002-1337 (strikeID: E02-11501) description to include mentioning the ShadowBroker leak and exploit name (EarlyShovel). Also updated strike to include EarlyShovel specific attack variant.

New Protocols & Applications (1)

Name Category Info
DropboxPaper May17 Data Transfer/File Sharing Simulates the use of the Dropbox Paper website as of May 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (2)

Name Category Info
Dropbox Paper May 17 Data Transfer/File Sharing Simulates the use of the Dropbox Paper website as of May 2017. All of the available actions for this flow are exercised.
Dropbox Paper Edit/Share File May 17 Data Transfer/File Sharing Simulates the use of the Dropbox Paper website as of May 2017 to edit and share a file online.

New Strikes (5)

CVSS ID References Category Info
9.3 E17-0bhu1 BID-98330
CVE-2017-0290
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
GOOGLE-1252
SCIP-100918
Exploits This strike exploits a vulnerability in Microsoft MpEngine. The vulnerability is due to failure to validate an object's message type while evaluating Javascript. An attacker could remotely execute arbitrary code on a target system by sending a malicious file via email or enticing a user to view the file in a web browser.
8.5 E17-m91t2 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)
SECURITYTRACKER-1038161
URL
ZDI-17-229
Exploits This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). The pac_file_name parameter, which is sent in HTTP POST requests to the /servlet/com.trend.iwss.gui.servlet.PacFileManagement uri, is vulnerable to command injection and is not sanitized. An attacker can send a specially crafted HTTP POST request to achieve arbitrary command execution. NOTE: By default the vulnerable services are accessed via SSL connection (port 8443)
7.8 E17-0fqt1 BID-97214
CVE-2017-5797
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
ZDI-17-192
Exploits This strike exploits an information disclosure vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center (IMC). Specifically, an authentication check is not made when processing HTTP requests sent to the URI /servicedesk/servicedesk/fileDownload. An unauthenticated attacker can specify a file and path as the value of the filePath parameter to disclose contents on the remote machine.
7.6 E17-0bde1 BID-96647
CVE-2017-0130
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a vulnerability in Microsoft Internet Explorer. Specifically, an attacker can craft javascript in such a way that overwrites the eval method and calls the Javascript function JoinToString with an object that is not of the expected writeableString type. This causes type confusion to occur and can lead to a denial of service condition in the browser or potentially remote code execution.
7.5 D17-1vlr1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Denial This strike exploits a DoS vulnerability in Windows Vista, Windows 7 and Windows 8.1 NTFS file system. The vulnerability can be triggered by accessing any directory name using the $MFT file name. Successful exploitation will result in system hang or crash.