| Ticket | Info |
|---|---|
| ATIBPS-16427 | Added new dynamic strike list "File Transfer Strikes" for FileTransfer based strikes that support transport protocols defined in test configuration. |
| Name | Info | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Word Macro DNS Tunneling Infection Procedure - 1 | Canned test simulating Word Macro DNS Tunneling Infection Procedure - 1.
It sends 2 strikes in the following order:
|
||||||||||||
| Word Macro HTTP exfiltration Infection Procedure - 1 | Canned test simulating Word Macro HTTP exfiltration Infection Procedure - 1.
It sends 2 strikes in the following order:
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E20-14zn1 |
CVE-2020-8515 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H URL |
Exploits | An unauthenticated remote command injection vulnerability exists in DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, Vigor300B 1.3.3_Beta, 1.4.2.1_Beta and 1.4.4_Beta routers, due to lack of user input sanitization. By sending a crafted 'keyPath' HTTP parameter, a remote unauthenticated attacker may execute commands as the system's superuser. |
| 10.0 | E20-157e1 |
CVE-2020-8794 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) CVSSV3-9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Exploits | An out-of-bounds read vulnerability exists in OpenSMTPD versions before 6.6.4 due to a logical flaw, causing a server to read multi-line error messages. The attacker-controlled message error may contain directives that get stored in an envelope file, then executed by the vulnerable server. An attacker may obtain command execution or escalate privileges by either causing a vulnerable server to bounce a message to a malicious server or by sending an email from the vulnerable host. |
| 6.8 | E20-3fd21 |
CVE-2017-13798 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) CVSSV3-8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H GOOGLE-1354 |
Exploits | This strike exploits a vulnerability in Apple Safari WebKit. Specifically the vulnerability exists in WebKit's WebCore::RenderObject::previousSibling method. An attacker can craft javascript in such a way that when invoking the create method in a form a use after free condition can occur. This can lead to a denial of service or potentially allow for remote code execution on the vulnerable system. |
| 6.8 | E20-3fef33 |
CVE-2017-13791 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) CVSSV3-8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H GOOGLE-1355 |
Exploits | This strike exploits a vulnerability in Apple Safari WebKit. Specifically the vulnerability exists in WebKit's WebCore::FormSubmission::create method. An attacker can craft javascript in such a way that when invoking the create method in a form a use after free condition can occur. This can lead to a denial of service or potentially allow for remote code execution on the vulnerable system. |
| 5.0 | E20-9smr1 |
CVE-2020-10931 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) CVSSV3-7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H URL |
Exploits | This strike exploits a stack-based buffer overflow vulnerability in Memcached. This vulnerability is due to a lack of bounds checking in the 'try_read_command_binary' function while processing binary commands. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in code execution in the context of the memcached daemon and/or trigger a denial-of-service condition. |
| Ticket | Info |
|---|---|
| ATIBPS-8064 | Fixed 'Invalid message length' error in BGP Update message action. |
| ATIBPS-16339 | Updated G09-4op17 with the right SIP request type within the SIP packet header. |
| ATIBPS-16451 | Fix bug for HTTP Ignore Headers Security Option that caused the engine to report some strikes as blocked, even if the option was enabled. |
| ATIBPS-16456 | Fixed bug where StrikeVariants Limit Evasion profile did not send correct number of strikes. |