Latest Updates Shipped to Core Impact: Mid-Year Round Up

June 1, 2018

Here is the summary of all exploits released since April 2nd, the last Dot Release:

  • 16 Updates overall
  •  9 Remote exploits
  • 4 Client-Side exploits
  • 3 Product updates

Here is the list of published updates:

Remote Exploits:

  • Disk Pulse Enterprise GET Buffer Overflow Exploit
  • Disk Savvy Enterprise Buffer Overflow Exploit
  • DiskBoss Enterprise Buffer Overflow Exploit
  • DiskBoss Enterprise Remote Buffer Overflow Exploit
  • Easy File Sharing Web Server POST Request Buffer Overflow Exploit
  • VX Search Command Name Buffer Overflow Exploit
  • Dell EMC Data Protection Advisor Remote OS Command Injection ExploitTp-link EAP Controller Exploit
  • Drupal Form API Ajax Requests Remote OS Command Injection Exploit

Client-Side Exploits:

  • ALLPlayer M3U Buffer Overflow Exploit
  • OMRON CX-One CX-FLnet Cdmapi32 Buffer Overflow Exploit
  • OMRON CX-One CX-Programmer Buffer Overflow Exploit
  • Rockwell Automation RSLogix Micro Starter Lite Project File Exploit

Product Updates:

  • Speculative Store Bypass Checker (CVE-2018-3639)
  • AV Evasion Improvements_V6
  • Supported services list update

Some important updates to highlight:
The introduction of the Speculative Store Bypass Checker (related to CVE-2018-3639) now enables you to identify assets that are likely susceptible to this industry-wide issue.  Susceptibility to this issue could allow unauthorized disclosure of information to an attacker via a side-channel analysis. Another important fact to highlight is that we shipped this update the same week that this vulnerability was disclosed.

The addition of the latest round of AV evasion updates helps you continue to get better results from your testing as it is enabling the Impact agents to be effective and avoid detection by anti-virus engines. This helps you avoid hassles of having to whitelist traffic, or better help you highlight how an attacker could move through the network undetected.
Message Input

 

  • Penetration testing

Suggested reads

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!