CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2022/03/29 7:50 a.m.•26 views

New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. In a set of screenshots posted on Twitter, Bill Demirkapi publish...

0.2AI score

Wired Threat Level•added 2022/03/28 8:31 p.m.•16 views

New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre

Documents shed some light on how Okta and its subprocessor Sitel reacted to a breach, but they don’t explain the apparent lack of urgency...

0.4AI score

ThreatPost•added 2022/03/28 6:28 p.m.•235 views

Okta Says It Goofed in Handling the Lapsus$ Attack

On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover ATO at one of its...

8.9AI score

Exploits0References7

The Hacker News•added 2022/03/24 8:45 a.m.•47 views

Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer. The company added...

7.5AI score

CNVD•added 2021/05/24 12:0 a.m.•7 views

Unspecified Vulnerability in Sitel CAP/PRX

Sitel CAP/PRX is an operating system from Sitel France. It is used for central processing units that have a 180 MHz ARM9 architecture. A security vulnerability exists in SITEL CAP/PRX firmware 5.2.01, which can be exploited by an attacker to gain access to the device's local network to obtain...

6.5CVSS7.2AI score0.00042EPSS

CNVD•added 2021/05/24 12:0 a.m.•5 views

Sitel CAP/PRX Information Disclosure Vulnerability

Sitel CAP/PRX is an operating system from Sitel France. It is used for central processing units that have a 180 MHz ARM9 architecture. An information disclosure vulnerability exists in SITEL CAP/PRX firmware 5.2.01, which can be exploited by an attacker to access the device's internal configurati...

6.5CVSS6.2AI score0.0005EPSS

NVD•added 2021/05/17 6:15 p.m.•8 views

CVE-2021-32456

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic...

6.5CVSS0.00042EPSS

NVD•added 2021/05/17 6:15 p.m.•7 views

CVE-2021-32454

SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded password. An attacker with access to the device could modify these credentials, leaving the administrators of the device without access...

9.6CVSS0.00087EPSS

OSV•added 2021/05/17 6:15 p.m.•2 views

CVE-2021-32456

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic...

6.5CVSS6.6AI score

Prion•added 2021/05/17 6:15 p.m.•20 views

Authentication flaw

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic...

3.3CVSS6.4AI score0.00042EPSS

Prion•added 2021/05/17 6:15 p.m.•11 views

Hardcoded credentials

5.8CVSS8.5AI score0.00087EPSS

CVE•added 2021/05/17 5:58 p.m.•57 views

CVE-2021-32456

CVE-2021-32456 affects SITEL CAP/PRX firmware 5.2.01. Affected component: firmware networking/cleartext handling that allows a local-network attacker to obtain authentication passwords by analyzing traffic. Impact: confidentiality of credentials is HIGH per CVSS-3.1 (base score 6.5); exploitation...

6.5CVSS6.4AI score0.00042EPSS

Cvelist•added 2021/05/17 5:58 p.m.•10 views

CVE-2021-32456 SITEL CAP/PRX cleartext transmission of sensitive information

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic...

6.5CVSS6.6AI score0.00042EPSS

CVE•added 2021/05/17 5:36 p.m.•42 views

CVE-2021-32454

The CVE-2021-32454 entry describes a vulnerability in SITEL CAP/PRX firmware version 5.2.01 where a hardcoded password is used. Affected component: SITEL CAP/PRX firmware 5.2.01. Root cause: hardcoded credentials that can be modified by an attacker with access to the device, potentially depriving...

9.6CVSS8.7AI score0.00087EPSS

Cvelist•added 2021/05/17 5:36 p.m.•9 views

CVE-2021-32454 SITEL CAP/PRX hardcoded credentials

9.6CVSS9.4AI score0.00087EPSS

OSV•added 2021/05/17 5:15 p.m.•2 views

CVE-2021-32453

SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configurati...

3.3CVSS5.8AI score