Allele Security Intelligence - Authenticated User

ASA-2019-00525 – MikroTik RouterOS: Authenticated Arbitrary File Deletion Vulnerability

Posted on September 2, 2019September 3, 2019 by Allele Security Intelligence in Alerts

An authenticated arbitrary file deletion vulnerability exists in the MikroTik's RouterOS. Successful exploitation of this vulnerability would allow a remote authenticated attacker to delete arbitrary file on the system, which could lead to privilege escalation.

ASA-2019-00474 – Mikrotik RouterOS: Stack exhaustion via recuring parsing of JSON

Posted on July 26, 2019July 26, 2019 by Allele Security Intelligence in Alerts

This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.

ASA-2019-00350 – Intel Open Cloud Integrity Technology (Open CIT): Insufficient password handling in the login routine

Posted on June 13, 2019June 14, 2019 by Allele Security Intelligence in Alerts

Insufficient password handling in the login routine for Intel Open Cloud Integrity Technology (Open CIT) may allow an authenticated user to potentially enable escalation of privilege via local access.

ASA-2019-00349 – Intel Open Cloud Integrity Technology (Open CIT): Insufficient password handling in the login routine

Posted on June 13, 2019June 14, 2019 by Allele Security Intelligence in Alerts

Insufficient password handling in the login routine for Open Cloud Integrity Technology (Open CIT) may allow an authenticated user to potentially enable escalation of privilege via local access.

ASA-2019-00348 – Intel Open Cloud Integrity Technology (Open CIT) and Intel OpenAttestation: Relative path traversal in the login routine

Posted on June 13, 2019June 13, 2019 by Allele Security Intelligence in Alerts

Relative path traversal in the login routine for Open Cloud Integrity Technology (Open CIT) and OpenAttestation may allow an authenticated user to potentially enable escalation of privilege via local access.

ASA-2019-00347 – Intel Open Cloud Integrity Technology (Open CIT) and Intel OpenAttestation: Improper input validation in the database

Posted on June 13, 2019June 14, 2019 by Allele Security Intelligence in Alerts

Identifier(s) ASA-2019-00347, CVE-2019-0181, INTEL-SA-00248 Title Improper input validation in the database Vendor(s) Intel Product(s) Intel Open Cloud Integrity Technology (Open CIT) Intel OpenAttestation Affected version(s) Intel Open Cloud Integrity Technology (Open CIT) all versions OpenAttestation all versions Fixed version(s) Intel recommends users of Intel Open Cloud Integrity Technology (Open CIT) and OpenAttestation discontinue use and move … Continue reading ASA-2019-00347 – Intel Open Cloud Integrity Technology (Open CIT) and Intel OpenAttestation: Improper input validation in the database →

ASA-2019-00346 – Intel OpenAttestation: Insufficient session validation in the attestation process

Posted on June 13, 2019June 14, 2019 by Allele Security Intelligence in Alerts

Insufficient session validation in the attestation process for OpenAttestation may allow an authenticated user to potentially enable escalation of privilege via local access.

ASA-2019-00345 – Intel Open Cloud Integrity Technology (Open CIT): Insufficient input validation in the attestation process

Posted on June 13, 2019June 13, 2019 by Allele Security Intelligence in Alerts

Insufficient input validation in the attestation process for Open Cloud Integrity Technology (Open CIT) may allow an authenticated user to potentially enable escalation of privilege via local access.