13 matches found
EUVD-2017-4360
Malware in sbrugna...
Unspecified vulnerability in wolfSSL (CNVD-2024-37448)
wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 5.7.0, which can be exploited by an attacker to cause ECDSA key disclosure...
Unspecified vulnerability in wolfSSL (CNVD-2024-37453)
wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...
SA44508 - 2020-06: Out-of-Cycle Advisory: Multiple Vulnerabilities in Treck TCP/IP Embedded Software
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Treck IP network stack software is designed and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source,...
Reverse Engineering Keys from Firmware. A how-to
TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...
Kaspersky Embedded Systems Security Buffer Overflow Vulnerability
Kaspersky Embedded Systems Security is a security protection software for embedded systems developed by the Russian Kaspersky Lab. A buffer overflow vulnerability exists in the driver in Kaspersky Embedded Systems Security versions 1.2.0.300 and 2.0.0.385. The vulnerability can be exploited by an...
Memory corruption
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
CVE-2017-12823
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation...
CVE-2017-12823
CVE-2017-12823 affects Kaspersky Embedded Systems Security (ESES); a kernel pool memory corruption in a driver leads to local privilege escalation. Connected sources indicate vulnerable versions include 1.2.0.300 (and 2.0.0.385 per CNVD). The root cause is memory corruption/buffer overflow in the...
PT-2017-04: Security Restrictions Bypass in Kaspersky Embedded Systems Security
The specialists of the Positive Research center have detected a Security Restrictions Bypass vulnerability in Kaspersky Embedded Systems Security. Vulnerability in the Application Control component of Kaspersky Embedded Systems Security allows attackers to gain privileges and execute arbitrary...
Embedded Lockdown Manager
Embedded Lockdown Manager...