0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Tufin Secure Change Remote Code Execution Exploit
Author
Risk
[Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
#################################################################################### # # Product: Secure Change # Vendor: Tufin # Subject: Tufin SecureChange uses Richfaces 4.3.5, vulnerable to CVE-2015-0279 (unauthenticated RCE) # CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (base score 10.0) # Finder: Raphael Arrouas (https://www.linkedin.com/in/raphaelarrouas/) # Coord: Stephane Grundschober (csirt _at_ swisscom.com) # Date: July 15 2019 # Advisory URL: https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/scbb-2986-tufin-secure-change.txt # Vendor advisory: https://portal.tufin.com/articles/SecurityAdvisories/RichFaces-Expression-Language-Injection-27-5-2019 # CVE: No CVE requested by Tufin # #################################################################################### Description ----------- An unauthenticated Remote Code Execution vulnerability exists in Tufin SecureChange, allowing an attacker to take control of the SecureChange server and potentially affect all managed firewalls. Affected Product ---------------- All TOS versions with SecureChange deployments are affected. SecureTrack deployments are not affected for any TOS version. Vulnerability ------------- The SecureChange application uses Richfaces in version 4.3.5, which is vulnerable to CVE-2015-0279, an unauthenticated RCE by expression language injection within a serialized Java object. A web page exposing the vulnerability is accessible without authentication, allowing unauthenticated attacker to execute arbitrary Java code and compromise the server. Remediation ----------- TOS R19-1: The vulnerability fix is included in R19-1 HF1.1, released on May 27. TOS R18-3: The vulnerability fix is included in R18-3 HF3.1, released on May 27. TOS R18-2 and TOS R18-1: please contact support at support@tufin.com Earlier versions of TOS: upgrade to R19-1 HF1.1 and above or R18-3 HF3.1 and above Milestones ---------- 2019-04-18 Discovery of the vulnerability, PoC and details communicated with Swisscom CSIRT 2019-04-21 Swisscom opens a support ticket at Tufin 2019-05-22 Tufin sends a security announcement to its customers 2019-05-27 Tufin releases Hotfixes correcting the issue 2019-05-29 Embargo agreed until 8th of July 2019 2019-07-15 Advisory published Credits ------- We would like to thank Raphaël Arrouas for his research and responsible disclosure through Swisscom's Bug Bounty program https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html as well as Tufin for the development of the hotfix. # 0day.today [2024-07-05] #