Remote access vulnerability “Devil’s Ivy” set millions of networking equipment at risk – Penetration Testing

According to foreign media reported on July 18, networking security company Senrio researchers recently gSOAP Kit (Simple Object Access Protocol) open source software development library found an important vulnerability Devil’s Ivy (CVE-2017-9765), allowing the attacker Remotely destroys the SOAP Web service daemon and executes arbitrary code on the victim device. At present, the vulnerability has set millions of networked devices in dangerous territory to.

It is reported that gSOAP is a high-level c / c + + automatic coding tool for the development of XML Web services and XML applications. Researchers found the vulnerability when analyzing the Axis webcam. Once successfully used, an attacker will be able to remotely access the video source or deny user access. In view of the special features of the camera, the vulnerability can lead to attackers to steal sensitive data or clear the crime information.

At present, Axis has confirmed that the existing 250 cameras in the prevalence of the loopholes, and on July 6 quickly released firmware upgrade patch, urging partners and customers to upgrade as soon as possible to repair loopholes. Taking into account the Canon, Siemens, Cisco, Hitachi and other companies are using the same section of the affected software, the attacker is likely to use other manufacturers networking equipment.

Axis immediately contacted the Electronics Industry Alliance ONVIF to ensure that potential victims, including the above companies, are aware of the seriousness of the problem and fix the vulnerability in a timely manner. Researchers said that things networking equipment is the weakest link in network communications, timely update network equipment, away from the public network is the most sensible approach.

The post Remote access vulnerability “Devil’s Ivy” set millions of networking equipment at risk appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s