Author Archives: CERT

Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for users to view,create,and modify scheduled tasks. The… Continue reading VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability→

CVE-2019-1649:Secure Boot Tampering,also known as Thrangrycat The logic that handles Cisco’s Secure Boot improperly checks an area of code that manages the Field Programmable Gate Array(FPGA). The secure boot feature is a proprietary FPGA based impleme… Continue reading VU#400865: Cisco Trust Anchor module (TAm) improperly checks code and Cisco IOS XE web UI does not sanitize user input→

PrinterLogic versions up to and including 18.3.1.96 are vulnerable to multiple attacks. The PrinterLogic agent,running as SYSTEM,does not validate the PrinterLogic Management Portal’s SSL certificate,validate PrinterLogic update packages,or sanitize we… Continue reading VU#169249: PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.→

Quarkslab has researched and reported multiple vulnerabilities affecting Broadcom WiFi drivers. Vulnerabilities in the open source brcmfmac driver: CVE-2019-9503:If the brcmfmac driver receives a firmware event frame from a remote source,the is_wlc_eve… Continue reading VU#166939: Broadcom WiFi chipset drivers contain multiple vulnerabilities→

CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous”implementation”vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as Dragonf… Continue reading VU#871675: WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant→

Virtual Private Networks(VPNs)are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files. CWE-311:Missing Encryption of … Continue reading VU#192371: VPN applications insecurely store session cookies→

MyCar is a small aftermarket telematics unit from AutoMobility Distribution Inc. MyCar add smartphone-controlled geolocation,remote start/stop and lock/unlock capabilities to a vehicle with a compatible remote start unit. The MyCar Controls mobile appl… Continue reading VU#174715: MyCar Controls uses hard-coded credentials→

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,88W8897,and 88W8997). The presentation provides some detail about a block pool memory overflow. During Wi-Fi ne… Continue reading VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities→

Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscriptionRequest,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscr… Continue reading VU#465632: Microsoft Exchange server 2013 and newer are vulnerable to NTLM relay attacks→

CWE-122:Heap-based Buffer Overflow – CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that”an attacker who successfully exploited the vulnerability could run arbitrary code i… Continue reading VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow→