0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Tufin Secure Change Remote Code Execution Exploit
Author
Risk
![](/img/risk/critlow_4.gif)
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
#################################################################################### # # Product: Secure Change # Vendor: Tufin # Subject: Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE) # CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (base score 10.0) # Finder: Raphael Arrouas (https://www.linkedin.com/in/raphaelarrouas/) # Coord: Stephane Grundschober (csirt _at_ swisscom.com) # Date: July 15 2019 # Advisory URL: https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/scbb-2986-tufin-secure-change.txt # Vendor advisory: https://portal.tufin.com/articles/SecurityAdvisories/RichFaces-Expression-Language-Injection-27-5-2019 # CVE: No CVE requested by Tufin # #################################################################################### Description ----------- An unauthenticated Remote Code Execution vulnerability exists in Tufin SecureChange, allowing an attacker to take control of the SecureChange server and potentially affect all managed firewalls. Affected Product ---------------- All TOS versions with SecureChange deployments are affected. SecureTrack deployments are not affected for any TOS version. Vulnerability ------------- The SecureChange application uses Richfaces in version 4.3.5, which is vulnerable to CVE-2015-0279, an unauthenticated RCE by expression language injection within a serialized Java object. A web page exposing the vulnerability is accessible without authentication, allowing unauthenticated attacker to execute arbitrary Java code and compromise the server. Remediation ----------- TOS R19-1: The vulnerability fix is included in R19-1 HF1.1, released on May 27. TOS R18-3: The vulnerability fix is included in R18-3 HF3.1, released on May 27. TOS R18-2 and TOS R18-1: please contact support at support@tufin.com Earlier versions of TOS: upgrade to R19-1 HF1.1 and above or R18-3 HF3.1 and above Milestones ---------- 2019-04-18 Discovery of the vulnerability, PoC and details communicated with Swisscom CSIRT 2019-04-21 Swisscom opens a support ticket at Tufin 2019-05-22 Tufin sends a security announcement to its customers 2019-05-27 Tufin releases Hotfixes correcting the issue 2019-05-29 Embargo agreed until 8th of July 2019 2019-07-15 Advisory published Credits ------- We would like to thank Raphaël Arrouas for his research and responsible disclosure through Swisscom's Bug Bounty program https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html as well as Tufin for the development of the hotfix. # 0day.today [2024-07-05] #