Critical Security Bugs Uncovered In VoIPmonitor Monitoring Software

Critical Security Bugs Uncovered In VoIPmonitor Monitoring Software 

Description: 

Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. VoIPmonitor is an open-source network packet sniffer with a commercial frontend for SIP RTP and RTCP VoIP protocols.

CVE-IDs:  

  • CVE-2022-24259: An authentication bypass bug in the “cdr.php”, that enables an unauthenticated attacker to elevate privileges via a specially crafted request 
  • CVE-2022-24260: An SQL injection vulnerability that occurs in the “api.php” and “utilities.php” that allows attackers to escalate privileges to the administrator level and retrieve sensitive data
  • CVE-2022-24262: A remote code execution on configuration restore functionality due to a missing check for archive file formats, allowing a bad actor to execute arbitrary commands via a crafted file

Source:  

Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (thehackernews.com)

Impact:    

Successful exploitation could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands

If you are using PABX to connect to monitoring software, It could be based on VOIPmonitor. Make sure to check for this vulnerability  

Suggestions and Recommendations: 

Successful exploitation could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands 

 

Memory Corruption Vulnerabilities in PJSIP – A Popular Multimedia Library

Description: 

Several security vulnerabilities have been disclosed in the PJSIP open-source multimedia communication library that could be abused by an attacker to trigger arbitrary code execution and denial-of-service (DoS) in applications that use the protocol stack. 

PJSIP is an open-source embedded SIP protocol suite that supports audio, video, and instant messaging features for popular communication platforms such as WhatsApp and BlueJeans, a video conferencing software by Verizon

CVE-IDs:  

  • CVE-2021-43299,CVE-2021-43300,CVE-2021- 43301: Stack overflow in PJSUA API when calling pjsua_player_create(), pjsua_recorder_create(), pjsua_playlist_create() respectively. 
  • CVE-2021-43302: Read out-of-bounds in PJSUA API when calling pjsua_recorder_create() 
  • CVE-2021-43303 Buffer overflow in PJSUA API when calling pjsua_call_dump()

Source:  

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack (thehackernews.com)

Impact:    

By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library

Suggestions and Recommendations: 

By triggering these newly discovered vulnerabilities, an attacker can cause arbitrary code execution in the application that uses the PJSIP library

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform 

Description: 

CISA has warned of the active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform. Tracked as CVE2022-23131 and CVE-2022-23134, these flaw could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. These two flaws affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18, and 4.0.36

CVE-IDs:  

  • CVE-2022-23131
  •  CVE-2022-23134

Source:  

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform (thehackernews.com)

Impact:    

These flaws allow attackers to bypass authentication and execute arbitrary code

Suggestions and Recommendations: 

We strongly recommend upgrading the Zabbix to the latest version. For a quick fix, we suggest disabling SAML authentication

 Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container

Description: 

High-severity vulnerabilities in the Linux kernel have been exposed, that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The flaw lies in the Linux kernel feature call control groups referred to as cgroups version 1 (v1). cgroup allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network. cgroup is used by docker and other container software

CVE-IDs:  

  • CVE-2022-0492

Source:  

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container (thehackernews.com)

Impact:    

Successful exploitation of this flaw could escape a container in order to execute arbitrary commands on the container host

Suggestions and Recommendations: 

We strongly suggest applying the patch.



Monal Tech, Arjun Aryal 9 March, 2022
Share this post
Tags
Our blogs
Archive
Sign in to leave a comment

Vulnerable Microsoft SQL Servers targeted with Cobalt Strike