All articles tagged with #exploit code
Malicious actors are embedding obfuscated exploit code inside SVG files on adult websites, which, when decoded, deploy JavaScript that hijacks Facebook 'Like' actions without user consent, exploiting known vulnerabilities and recurring abuse on WordPress sites.
Cisco has disclosed a high-severity vulnerability in its Integrated Management Controller (IMC) that allows local attackers to escalate privileges to root using public exploit code. The vulnerability, tracked as CVE-2024-20295, is caused by insufficient validation of user-supplied input and affects various Cisco devices running vulnerable IMC versions in default configurations. Cisco has released patches to address the issue and warned of the availability of proof-of-concept exploit code, although there have been no reported attacks exploiting the vulnerability yet. This disclosure follows previous security patches for zero-day vulnerabilities and a warning about a large-scale credential brute-forcing campaign targeting VPN and SSH services on various devices.
Cisco has warned of four critical remote code execution vulnerabilities affecting multiple Small Business Series Switches, with almost maximum severity ratings. The vulnerabilities allow unauthenticated attackers to execute arbitrary code with root privileges on compromised devices. Proof-of-concept exploit code is available for these security flaws, which could lead to active exploitation if motivated threat actors create their own. Cisco is working on patching the vulnerabilities and has already released firmware updates for some affected switches.
Netgear's Orbi mesh wireless system has critical vulnerabilities in older versions that can be exploited by hackers to remotely execute commands. Researchers on Cisco's Talos security team discovered four vulnerabilities last year, and the most severe of them, tracked as CVE-2022-37337, can be exploited by sending specially crafted HTTP requests to the device. Netgear released firmware updates in January that patched the vulnerability, but Talos has now published a proof-of-concept exploit code along with technical details, so users should ensure their Orbi routers are running the latest firmware.