Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Some security researchers have demonstrated three high risk vulnerabilities for exchange server systems. Microsoft has published information about the vulnerability today and even has a patch for the problem already in place.

«Exchange Pwn2Own Vulnerability April 2021 (Yes, a new one – it’s not Hafnium anymore!)» weiterlesen

Exchange Hafnium Vulnerability March 2021

Let’s mention the important things first: Please patch you vulnerable Exchange 2013, 2016 and 2019 immediately! The page msxfaq has published an infosite to this vulnerability including the instructions how to fix your Exchange.

Even though we, as Boll Engineering AG, are not associated in any way with the affected product, a lot of our customer reported, that they have vulnerable systems in place and may be affected by this bug. We have been asked if IPS signatures and WAF patches are already implemented. Therefore we decided to post this blog to raise the awareness of this vulnerability once more, even after the broad press has already published a lot of releases regarding this matter.

This blog post regards the following CVE reports:

«Exchange Hafnium Vulnerability March 2021» weiterlesen

FortiGate SSLVPN Update-Empfehlung

Update, Nov 2020:

More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.

Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.

«FortiGate SSLVPN Update-Empfehlung» weiterlesen

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.

The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.

«Upgrade your FortiMail now!» weiterlesen

 1,600 total views

FortiGate GUI «Addresses» Seite wird nicht angezeigt

Wir haben vermehrt die Meldung bekommen, dass unter FortiOS 5.2 und 5.4 im WebUI die Seite «Addresses» unter «Policy & Objects» nicht mehr angezeigt werden kann.

Der Header der Seite wird angezeigt, mehr allerdings nicht:

Nach Abklärungen mit Fortinet handelt es sich dabei um einen Bug in verschiedenen Releases.

Das Problem taucht dann auf, wenn eines dieser Adressobjekte genutzt wird:

«FortiGate GUI «Addresses» Seite wird nicht angezeigt» weiterlesen

OpenSSL Heartbleed Bug Informationen

Hier finden Sie Informationen zu der OpenSSL Schwachstelle und Herstellerinformationen.

«Offizielle» Webseiten
http://heartbleed.com/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Testseiten
http://filippo.io/Heartbleed/
https://www.ssllabs.com

Betroffene OpenSSL Versionen
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

«OpenSSL Heartbleed Bug Informationen» weiterlesen