Security research at cy//ective & give-aways to the community

The skill set of our employees is our most valuable asset. Thus, to support the continuous self-development and improvement of our practices we conduct security research.

The skill set of our employees is our most valuable asset. Thus, to support the continuous self-development and improvement of our practices we conduct security research.

We have multiple avenues of discovering new vulnerabilities and how we get to the stage of creating proof of concept exploits. The first one is during customer assessments. Many times we identify flaws in software used by customers. One example would be the privilege escalation in the Symantec Messaging Gateway discovered by Dave. Another way we discover & study flaws is by locating them in the source code of recently published security advisories, e.g. the ones posted to github.com/advisories.

We like for our work to be understood and interpreted in the most user-friendly way possible. That’s why we include Dockerfiles, patches and other supplementary elements with most of our PoCs - so that the vulnerable software can easily be be run locally, to test our exploits against it.

Meanwhile, cy//ective has created a plethora of PoC exploits, from 0-day to N-day vulnerabilities and reported many 0-day vulnerabilities to suppliers directly in a responsible disclosure process. Today, we’d like to give back something to the community and share three proof of concepts with you. We still need to decide what we will do with the rest of the arsenal and any future proof of concept exploits.

Are these exploits of interest to you? Would you like for us to keep sharing insights into our field of expertise? Feel free to tweet at us on twitter @cyllective.

cy//ective is always expanding the field and also itself. We will soon announce major changes and are looking forward to share the news with you.

CVE-2021-29440

Title: Twig allowing dangerous PHP functions by default in getgrav/grav
Advisory: https://github.com/advisories/GHSA-g8r4-p96j-xfxc
Affected: <= 1.7.10
PoC: https://github.com/cyllective/CVEs/tree/master/CVE-2021-29440

CVE-2021-26814

Title: Improper Input Validation (RCE) within the Wazuh API
Advisory: https://github.com/advisories/GHSA-w36g-q975-37rg
Patch(es): https://github.com/wazuh/wazuh/pull/7131/commits
Affected: >= 4.0.0, <= 4.0.3
PoC: https://github.com/cyllective/CVEs/tree/master/CVE-2021-26814

CVE-2021-21307

Title: Remote Code Exploit (RCE) in Lucee Admin
Advisory: https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
Affected: < 5.3.7.47
Patched: 5.3.5.96, 5.3.6.68, 5.3.7.47
PoC: https://github.com/cyllective/CVEs/tree/master/CVE-2021-21307