SOTTO ATTACCO?
POSSIAMO AIUTARTI

Cyber Risk Report H1 2024

Il Tinexta Cyber Risk Report si propone di offrire un’analisi approfondita e rigorosa delle principali minacce informatiche emerse nel primo semestre del 2024, concentrandosi su quattro aree cardine:Common Vulnerabilities and Exposures (CVE), Malware, Phishing e Ransomware. Il report mira innanzitutto a monitorare e analizzare le minacce emergenti, fungendo da guida percomprendere l’evoluzione del panorama delle […]

Security Advisory: Oracle BI Publisher – Unauthenticated Remote Code Execution

Introduction In the course of a penetration test, performed under contract and conducted on a PaaS OAC instance of one of our customers, the researcher Davide Virruso, from the Offensive Security Team of Tinexta Cyber, identified the following four vulnerabilities: Advisory Vulnerabilities – CVE-2024-21082 – Authentication Bypass in XML Service – CWE-304 CVE-2024-21082 – Authentication […]

Security Advisory: Full Disclosure Cisco ISE Cross Site Scripting

Introduction In July 2022 the Tinexta Cyber advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Security Advisory: Full Disclosure Cisco ISE Multiple Vulnerabilities RCE with 1-Click

Introduction Initially three vulnerabilities were discovered, which are described here: Advisory Vulnerabilities CVE-2022-20964 – Command Injection – CWE-78 CVE-2022-20964 – Command Injection – CWE-78 PRODUCT LINE VERSION SCORE IMPACT Cisco Identity Services Engine 2.7 < 3.2 P1 CNA: 6.3NIST: 8.8 High OWASP CATEGORY OWASP CONTROL A03 – Injection WSTG-INPV-12 AFFECTED ENDPOINT – AFFACTED PARAMETER https://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/Starthttps://ciscoise.server/admin/rs/uiapi/mnt/tcpdump/DeleteFile […]

CVE Advisory – Full Disclosure Cisco ISE Broken Access Control

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine – 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one’s own network and not only, it allows the implementation and application in a dynamic and automated way of security and ‘management’ policies, simplifying […]

Security Advisory: Full Disclosure Cisco ISE Path Traversal

Introduction In July 2022 the Tinexta Cyber advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Cyber Incident Emergency Contact

Contact us for immediate support

Abilita JavaScript nel browser per completare questo modulo.
Accettazione GDPR