| Ticket | Info |
|---|---|
| DE8690 (1457461) | Updated /strikes/exploits/evasions/http_get_from_url_list.xml to read URLs from /resources/custom_url_list.txt, if present. Otherwise the strike will read from default /resources/url_list.txtCustom_url_list.txt is a file that will be uploaded by customer, as needed and url_list.txt is canned, and will be overwritten with each strikepack installation. |
| Ticket | Info |
|---|---|
| US75886 | Diameter Generic Command action was added on the server side. The 'Send From' parameter was removed as the actions already have a source. |
| US75889 | New parameter "Use Max Supported Version" for TLS Accept and Start actions. When set to true, the TLS version to be used will be the latest version available for the machine. When disabled, the Min Version and Max Version parameters will be taken into account. |
| US73073 | Added new strike list "Random Strikes 20" which will send 20 randomly chosen strikes. |
| Name | Category | Info |
|---|---|---|
| GoogleSlides Sept 17 | Data Transfer/File Sharing | Google Slides is a web application that allows user to create, edit, or share presentations with others using web browser only. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Google Slides Sept 17 | Data Transfer/File Sharing | The user performs the following actions - navigate to Google Slides site, signs in using his email address, starts a new presentation by choosing a template. The user works on the slides by typing in some text then replace the default image with an uploaded one. After naming the presentation and sharing the slide with another user, the user signs out of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E17-0hx82 |
BID-100034 CVE-2017-8620 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) SECURITY_TRACKER-1039091 URL |
Exploits | This strike exploits a Remote Code Execution vulnerability in Windows Search service of Microsoft Windows. The vulnerability can be triggered by sending a crafted request to the target system. By exploiting this vulnerability, an attacker could run arbitrary code under on the target system. NOTE: When run in OneArm mode, the strike requires /Users to be shared and Anonymous access enabled |
| 7.6 | E17-m9y61 |
BID-100738 CVE-2017-8734 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42759 SECURITYTRACKER-1039326 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists within edgehtml's COptionsCollectionCacheItem::GetAt function. When parsing html textarea, select, and optgroup elements, it is possible to create an out of bounds read condition that allows for the reading of heap buffer memory. This can cause a denial of service or potentially lead to remote code execution. |
| 7.5 | E17-3dbj2 |
CVE-2017-11151 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-42434 URL |
Exploits | This strike exploits an Arbitrary File Upload vulnerability in Synology Photo Station. The vulnerability is due to improper input validation of user controlled input. A remote, unauthenticated attacker can upload arbitrary files to the target server. |
| 7.5 | E17-m9w41 |
BID-100582 CVE-2017-14100 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SCIP-106090 SECURITYTRACKER-1039252 URL |
Exploits | This strike exploits a command execution vulnerability in Digium Asterisk. Userinfo portions of certain SIP parameters are passed as arguments without validation. An authenticated attacker could send specially crafted SIP messages to attain arbitrary command execution with privileges of the Asterisk service |
| 6.8 | E17-0f6m3 |
BID-98861 CVE-2017-5070 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists within Chrome's javascript engine V8. When javascript is encountered, the V8 engine sends the code to Crankshaft to be optimized. It is here where the vulnerability is found when validating two pointers. One pointer may point to a constant, and the other may point to a different unexpected object type. Further processing of this code can lead to type confusion. This will cause a denial of service in the browser, and can potentially lead to remote code execution. |
| 5.0 | E17-3dbk1 |
CVE-2017-11152 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N) EXPLOITDB-42434 URL |
Exploits | This strike exploits a Directory Traversal vulnerability in Synology Photo Station. The vulnerability is due to improper input validation of the path parameter and incorrect session management. A remote, unauthenticated attacker can write arbitrary files to the target server and log in using a fake authentication mechanism. |
| 5.0 | E17-3dbn1 |
CVE-2017-11155 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-42434 URL |
Exploits | This strike exploits an Information Exposure vulnerability in Synology Photo Station. A remote, unauthenticated attacker can obtain sensitive system information. |
| 5.0 | E15-003v1 |
BID-75935 CVE-2015-5531 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-38383 SCIP-77264 URL |
Exploits | This strike exploits a directory traversal vulnerability in Elasticsearch before 1.6.1. The vulnerability allows attackers to read arbitrary files with JVM process privileges, through the Snapshot API. |
| 5.0 | D17-3fag1 |
BID-101085 CVE-2017-13704 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a denial of service vulnerability in DNSMasq. When processing a DNS message containing an OTP-RR where the actual length of the packet is greater than the length provided by the OPT-RR or an arbitrary message larger than the DNSmasq configured maximum size (default 512 bytes), a segmentation fault will occur, resulting in abnormal termination of the dnsmasq daemon. Successful exploitation results in a denial of service condition. |
| 4.3 | E15-zyex1 |
BID-74353 CVE-2015-3337 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) EXPLOITDB-37054 SCIP-75175 URL |
Exploits | This strike exploits a directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2. The vulnerability allows attackers to read arbitrary files when the site plugin is enabled. |
| 4.3 | E17-0huz1 |
BID-98704 CVE-2017-8539 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) GOOGLE-1260 URL |
Exploits | This strike exploits a vulnerability in Microsoft MpEngine. The vulnerability is due to failure to validate user controlled input while scanning files. An attacker could crash the Microsoft MpEngine process on a target system by sending a malicious file via email or enticing a user to view the file in a web browser. |
| N/A | E17-8l0r1 |
URL |
Exploits | This strike sends a crafted Microsoft Word document file (.doc) containing an embedded Dynamic Data Exchange (DDE) command. By enticing a user to open a crafted file and confirm that external data can be accessed, an attacker can cause arbitrary code to be executed on the victim's system. * NOTE: Files using these DDE commands were seen in the wild during October 2017. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| N/A | E12-p8k01 |
URL |
Exploits | Updated /strikes/exploits/evasions/http_get_from_url_list.txt to read URLs from /resources/custom_url_list.txt, if present. Otherwise the strike will read from default /resources/url_list.txtCustom_url_list.txt is a file that will be uploaded by customer, as needed and url_list.txt is canned, and will be overwritten with each strikepack installation. |