TrendMicro – CVE-2021-28646

I was reviewing TrendMicro products as part of an engagement and I found a permissions issue whereby a log file wasn’t configured correct permissions, and additionally I could take control of the permissions of the file. I reported this issue to the Trend team who issued two bulletins for products which are affected. SECURITY BULLETIN:Continue reading TrendMicro – CVE-2021-28646

Zyxel – CVE-2020-27667

Zyxel OneNetwork Utility V2.1.4C0 Towards the end of last year I reported a privilege escalation vulnerability to Zyxel which was found in their OneNetwork Utility which has now been fixed. This issue was easy to find and demonstrates the importance of validating applications for low hanging privilege escalation vectors. On installation, the application has weakContinue reading Zyxel – CVE-2020-27667

Utimaco – CVE-2020-26155

During a pentest last year I found an issue which affected the Windows installation product packages for the following products from Utimaco SecurityServer 3.x, 4.x up to version 4.31.1PaymentServer 3.x, 4.x up to version 4.33.0PaymentServer Hybrid 3.x, 4.x up to version 4.33.0Block-safe 2.0.0, 3.0.0CryptoServer CP5 5.0.0.0, 5.1.0.0, incl. CryptoServer CP5 Supporting CD and CryptoServer CP5Continue reading Utimaco – CVE-2020-26155

Siemens – CVE-2020-25245, CVE-2020-28392

After reviewing some Siemens software, I found a couple of issues which related to Insecure Folder Permissions which I reported to their security team. The Siemens team was very responsive and kept me informed throughout their review process. The issues which I reported were remediated and Siemens released two CVE’s and bulletins for which IContinue reading Siemens – CVE-2020-25245, CVE-2020-28392

NTLM Credential Theft via malicious ODT Files

CVE-2018-10583 https://www.exploit-db.com/exploits/44564/ A couple of days ago a piece of research was published by Check Point showing how NTLM hashes can be leaked via PDF files with no user interaction or exploitation. Their work was following on from recent discoveries that MS Outlook using OLE can be used to steal credentials also. Now Microsoft doContinue reading NTLM Credential Theft via malicious ODT Files