14 matches found
CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...
IBM Aspera Faspex 4.4.1 YAML Deserialization
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...
IBM Aspera Faspex 4.4.1 - YAML deserialization Remote Code Execution Exploit
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This file implements a...
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On January 26, 2023, IBM published an advisory for multiple security issues affecting its Aspera Faspex software. The most critical of these was CVE-2022-47986, which is a...
Exploit for Deserialization of Untrusted Data in Ibm Aspera_Faspex
CVE-2022-47986 Why This vulnerability is exploited in the...
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization...
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...
U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three security flaws to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of shortcomings is as follows - CVE-2022-47986 CVSS score: 9.8 - IBM Aspera Faspex Code...
CVE-2022-47986 IBM Aspera Faspex code execution
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...
CVE-2022-47986
Summary: CVE-2022-47986 affects IBM Aspera Faspex 4.4.2 PL1 and earlier due to a YAML deserialization flaw that allowed remote code execution. The vulnerability is triggered by a specially crafted obsolete API call; the obsolete call was removed in Faspex 4.4.2 PL2. IBM’s bulletin confirms remedi...
CVE-2022-47986
creationtimestamp| type| source ---|---|--- 2023-02-03 13:00:09+00:00| published-proof-of-concept| https://t.me/truesecator/4022 2023-02-15 19:15:55+00:00| exploited| https://t.me/informationsecuritychannel/49577 2023-02-16 14:35:07+00:00| exploited| https://t.me/truesecator/4076 2023-02-17...
Exploit for Deserialization of Untrusted Data in Ibm Aspera_Faspex
CVE-2022-47986 Aspera Faspex Pr...