R7-2017-28: Epson AirPrint XSS (CVE-2018-5550)
The Epson AirPrint web configuration page is vulnerable to a reflected cross-site scripting (XSS) issue in the INPUTT_GEOLOCATION parameter in the web administration console. This issue could be leveraged by an attacker with network access to the web UI to the printer to trick…
On Random Shell Generators
A couple days ago, AutoSploit.py was released by a person named Real__Vector. It’s safe to say that it’s made some waves in the security Twitterverse, and a few people have asked us here at Rapid7 what we think about it given…
Meltdown and Spectre: What you need to know (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
After waking up from a long winter’s nap, you may have heard the lamentations about the “Intel Kernel Leak” vulnerability, or the “Kernel Speculative Execution” vulnerability, or, now, the “Meltdown and Spectre” vulnerabilities. This is a quick post to let you know just how…
HaXmas: The True Meaning(s) of Metasploit
Rapid7 Research Director Tod Beardsley kicks off our storied "12 Days of HaXmas" series with a thrilling tale of browser 0day, exploit module development, and the true meaning(s) of Metasploit.…
On the Zero-eth Day of HaXmas...
I suppose it’s only fitting that this year, we introduce our storied 12 Days of HaXmas on the zero-eth day. Technically, Twelvetide doesn’t start until December 25th. This year, we’re focusing on the security events that grabbed our attention, metrics that piqued…
R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities
Summary of Issues Multiple vulnerabilities in Cambium Networks’ ePMP and cnPilot product lines were discovered by independent researcher Karn Ganeshen, which have, in turn, been addressed by the vendor. The affected devices are in use all over the world to provide wireless network connectivity in…
Attention Humans: The ROBOT Attack
What’s the ROBOT Attack? On the afternoon of December 12, researchers Hanno Böck, Juraj Somorovskym and Craig Young published a paper, website, testing tool, and CTF at robotattack.org detailing a padding oracle attack that affects the way cryptography is handled on secure websites.…
CVE-2017-16943: Exim BDAT Use-After-Free
Exim BDAT Use-After-Free (CVE-2017-16943): What You Need To Know Turns out, the Exim Internet Mailer team was busy over the Thanksgiving holiday, after security researcher “meh” reported a pair of vulnerabilities in the wildly popular open source email server. The first, a critical remote execution…
5 Tips for a Cyber Holiday Season
Five tips on how to approach security this holiday season with family and friends…
NCSAM Security Crash Diet: Wrap-up
Wow, it’s November 7 already, and I still have all my National Cyber Security Awareness Month decorations up! I really need to take care of those. But, before I get to taking down all my 2FA authentication token lawn decorations, I figured it’d…
NCSAM: How Hackable Are You?
Rapid7 partnered with The Today Show to offer a fun, fast self-assessment quiz to determine individual cybersecurity risk levels. How hackable are you?…
No-Priority, Post-Auth Vulnerabilities
In the course of collecting and disclosing vulnerabilities, I occasionally come across an issue that walks like a vuln, quacks like a vuln, but… it’s not exactly a vuln. As per our usual vulnerability disclosure process, we still report these issues to vendors. The…
NCSAM: A Personal Security Crash Diet
We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.…
Apache Struts S2-052 (CVE-2017-9805): What You Need To Know
Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502, is a somewhat well-known vulnerability pattern, and I would expect…
You've Got 0-Day!
Hey all, it feels like it's been forever since I wrote a blog post that wasn't about some specific disaster currently consuming the Internet, so I just wanted to drop a note here about how I'll be speaking at UNITED 2017, Rapid7's annual security summit…
