CVEs

Intro

The Common Vulnerabilities and Exposures (CVE) system is designed to provide a reference method for publicly known information security vulnerabilities. Each CVE number represents a security flaw. CVEs help IT professionals to coordinate their efforts in fixing these vulnerabilities and make computer systems secure.

Note that vulnerabilities found in a customer context are not part of the CVE system most of the time. When performing a security assessment on a product for a vendor, security flaws uncovered during the assessment are usually addressed internally. Additionally, common non-disclosure and confidentiality agreements do not allow for public disclosure of vulnerabilities.

Broadcom Automic Automation (UC4)

• CVE-2022-33750: RCE via Authentication Bypass
• CVE-2022-33751: Memory Disclosure
• CVE-2022-33752: Unauthenticated RCE via Custom Protocol Message
• CVE-2022-33753: Privilege Escalation
• CVE-2022-33754: Unauthenticated RCE via Stack-Based Buffer Overflow
• CVE-2022-33755: System User Enumeration
• CVE-2022-33756: Low-entropy cryptographic keys

The corresponding security notice from Broadcom can be found here, and a blogpost describing the issues here. Some of the vulnerabilities were also presented at Troopers 2022.

Solarwinds MSP N-Central

• CVE-2020-25617: RCE in N-Central Administration Console
• CVE-2020-25618: Local Privilege Escalation from nable User to root
• CVE-2020-25619: Access to Internal Services through SSH Port Forwarding
• CVE-2020-25620: SolarWinds Support Account with Default Credentials
• CVE-2020-25621: Local Database does not require Authentication
• CVE-2020-25622: CSRF in N-Central Administration Console

A blogpost describing the issues can be found here. Additionally, some of the vulnerabilities were presented at Troopers 2022.

Note that Solarwinds separated the managed server provider (MSP) business in 2021. N-Central is now a part of N-able.

Nagios XI

• CVE-2020-15901: Authenticated RCE via Command Injection in Web Interface
• CVE-2020-15902: Cross Site Scripting (XSS)
• CVE-2020-15903: Local Privilege Escalation

A blogpost describing the issues can be found here. Additionally, some of the vulnerabilities were presented at Troopers 2022.

Neato / Vorwerk

• CVE-2018-17176: Authentication Bypass by Capture-replay in Neato BotVac Connected
• CVE-2018-17178: Authentication Bypass in Neato BotVac Connected
• CVE-2018-19442: RCE via Buffer Overflow in Vorwerk Kobold and Neato BotVac Connected
• CVE-2018-19441: Weak Cryptography in Vorwerk Kobold and Neato BotVac Connected

Additional CVEs

• CVE-2020-12441: DoS in Ivanti Service Manager HEAT Remote Control 7.4. A brief blog post about the issue can be found here
• CVE-2019-8998: Privilege Escalation in Blackberry QNX Operating System (Vendor Statement)
• CVE-2017-1000120: SQL Injection in Frappe ERPNext (more info)