Latest Articles

(ZOHO) ManageEngine Desktop Central - Path Traversal / Arbitrary File Write

Software: Zoho ManageEngine Desktop Central Affected Versions: Before 10.0.662 Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html CVE Reference: CVE-2021-46165 & CVE-2021-46166 Published: 09/01/2022 CVSS 3.1 Score: 8.8 High Attack Vector: SQL Injection / Arbitrary File Write Credits: Tom Ellson This is the second post in our two part series on ManageEngine Desktop Central. All of the reported issues have since been acknowledged and resolved by ManageEngine. JUMPSEC researchers have discovered multiple vulnerabilities in ManageEngine Desktop Central Application (MEDC). This is an endpoint management system that is used widely across the globe and is a prevalent vendor. Successful exploitation of these vulnerabilities would allow an adversary to execute code in the context of highest integrity (NT AUTHORITY / SYSTEM).

Read more →

August 2, 2022,Tom Ellison

(ZOHO) ManageEngine Desktop Central – SQL Injection / Arbitrary File Write

Software: Zoho ManageEngine Desktop Central Affected Versions: Before 10.0.662 Vendor page: https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html CVE Reference: CVE-2021-46164 Published: 09/01/2022 CVSS 3.1 Score: 8.8 High Attack Vector: SQL Injection / Arbitrary File Write Credits: Tom Ellson This is the first post in a two part series on Manage Engine Desktop Central. All of the reported issues have since been acknowledged and resolved by Managed Engine. Summary Whilst logged in as a user who has full control over the “reporting” module within Desktop Central, an attacker could directly query the underlying Postgres DB.

Read more →

August 2, 2022,Tom Ellison

Azure - Securing Shared Access Signatures (SAS)

Tom Ellson - Head of Offensive Security Summary / TLDR; During a recent client security assessment I came across a number of insecure Azure Storage Accounts. On delivery of the recommendations, it struck me that the client was somewhat unaware of the risks associated with their Azure Storage Accounts. Despite that, the client had a multi-cloud policy and had correctly deployed Amazon S3 buckets elsewhere in their network. This blog post is designed to raise awareness of the risks posed by insecure Azure Storage Accounts, analysing the features most interesting to an attacker in terms of exploitable functionality that may be introduced by misconfiguration. It is not intended to be exhaustive and should be used as an accompaniment to existing guidance released by Microsoft. 

Read more →

July 14, 2022,Tom Ellison