Former NSO Group Employee Steals, Sells Spy Tools

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-13108
PUBLISHED: 2018-07-06

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the…

CVE-2018-13109
PUBLISHED: 2018-07-06

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the T…

CVE-2018-13110
PUBLISHED: 2018-07-06

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.

CVE-2018-13405
PUBLISHED: 2018-07-06

The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigg…

CVE-2018-13406
PUBLISHED: 2018-07-06

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

Read More HERE

Leave a Reply