Archive for January 13, 2020

Security Vulnerability In Millions Of Cable Modems Could Leave You Vulnerable To Pwnage By Hackers

Posted in Commentary with tags on January 13, 2020 by itnerd

Four Danish researchers have demonstrated how a hacker could exploit a  vulnerability in the firmware of some cable modems and completely hijack the modem to do whatever they want. The vulnerability which is called “Cable Haunt” is said to be present in way over 200 million cable modems worldwide and is described in this manner by the people who found it:

Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. The vulnerability enables remote attackers to execute abitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.

The vulnerable endpoint is exposed to the local network, but can be reached remotely due to improper websocket usage. Through malicious communication with this endpoint, a buffer overflow can be exploited to gain control of the modem.

The one thing that these cable modems have in common is that all the affected modems use Broadcom designed firmware. And updates to said firmware will be needed to close this vulnerability. The researchers note that there are presently no known attacks in the wild. But with the release of this report and the demonstration of how to exploit it, that is likely to change. Thus you have to hope that you haven’t been affected. To test if you could be vulnerable, there is a test script that you could run, but it’s not something that I would direct the general public to. Thus I am hoping that a more “user friendly” way to test for this vulnerability appears. That way it increases the pressure on ISP’s and modem manufacturers to get about fixing this.


If You Haven’t Patched Your Citrix Application Delivery Controller and Unified Gateway, You Might Already Be Pwned By Hackers

Posted in Commentary with tags , on January 13, 2020 by itnerd

Last month Citrix disclosed a critical security hole (CVE-2019-19781) in both its Application Delivery Controller and Unified Gateway (formerly known as Netscaler ADC and Netscaler Gateway). What’s bad about this security hole is that thousands of systems planet wide were thought to be at risk. BadPackets found a staggering 25000 of them without really trying too hard yesterday.

Well, if you haven’t patched this, then you might be in trouble. Researchers have now publicly shared working exploit code for the remote takeover bug. The proof-of-concept code can be used to trivially achieve arbitrary code execution with no account credentials. Which of course is bad. But what is worse is that attacks have apparently already begun. Which means that as I type this, you might already be pwned by hackers. Thus I would suggest that if you have a Citrix Application Delivery Controller and Unified Gateway, you might want to put down that coffee and check to see if you’re protected from this. And if you aren’t, I’d be apply patches ASAP. Plus I’d be taking a look at your IT infrastructure to see if the bad guys are already in and setting up shop.