Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Vulnerability Disclosure  

Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know

CERT/CC has released an advisory regarding discovered behavior in the Microsoft Windows Remote Desktop Protocol (RDP), which can allow an attacker to bypass the lock screen on some remote sessions.…

Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)

Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.…

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.…

R7-2018-43: Username Enumeration in Okta SSO Del Auth through Response Timing

A vulnerability has been discovered in Okta SSO running in Delegated Authentication (Del Auth) mode, a popular configuration for Okta SSO.…

R7-2019-01: CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass (CVE-2019-5616)

The Sicon-8 ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user’s web browser.…

Understanding Ubiquiti Discovery Service Exposures

On Jan. 29, the Rapid7 Labs team was informed of a tweet by Jim Troutman indicating that Ubiquiti devices were being exploited and used to conduct denial-of-service attacks using a service on 10001/UDP.…

R7-2018-52: Guardzilla IoT Video Camera Hard-Coded Credential (CVE-2018-5560)

Most HaXmas posts are full of fun and frivolity, but this one is a routine vulnerability disclosure in a piece of IoT gear that you should know about.…

Lessons Learned Firsthand: Securing Corporate Voicemail PINs

On Thursday afternoon, Nov. 15, 2018, Rapid7 learned of a potential security issue with our corporate voicemail system, reported by security researcher Kristian Hermansen.…

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.…

Shoring Up the Defenses Together: 2018Q2 and Q3 Wrap-Up

Today (October 29, 2018) we are sharing several vulnerabilities that have been fixed in Rapid7 products and supporting services.…

R7-2018-15 | CVE-2018-5553: Crestron DGE-100 Console Command Injection (FIXED)

This post describes CVE-2018-5553, a vulnerability in the Crestron Console service that is preinstalled on the DGE-100. Due to a lack of input sanitization, this service is vulnerable to command injection that can be used to gain root-level access. DGE-100 devices running firmware versions 1.…

VPNFilter's Potential Reach — Malware Exposure in SMB/Consumer-grade Devices

(Many thanks to Rebekah Brown & Derek Abdine for their contributions to the post.) How does VPNFilter work? Over the past few weeks, Cisco’s Talos group has published some significant new research on a new malware family called VPNFilter. VPNFilter targets and compromises networking…

Shoring up the defenses together: 2018Q1 wrap-up

Today (April 10, 2018) we are sharing six vulnerabilities that have been fixed in Rapid7 products and supporting services. You won’t need to take any actions: all of the issues have been addressed. We are disclosing these vulnerabilities in order to be transparent, to…

R7-2017-27 | CVE-2017-8987: HPE iLO3 Unauthenticated Remote DoS (FIXED)

This post describes CVE-2017-8987, an unauthenticated remote Denial of Service vulnerability in HPE iLO3 firmware version 1.88. This vulnerability can be exploited by several HTTP methods; once triggered, it lasts for approximately 10 minutes until the watchdog service performs a restart of the iLO3…