CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to servi...

Siemens CPCI85 Firmware of SICAM A8000 Devices Use of Hard-Coded Credentials (CVE-2023-36380)

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

Ubuntu 18.04 ESM : AsyncSSH vulnerability (USN-4854-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4854-1 advisory. Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client cou...

ShellBot Malware Evades Detection Using Hexadecimal IP Addresses

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ShellBot malware, targeting poorly managed Linux SSH servers, now employs hexadecimal IP addresses in its download URLs to evade detection. This change highlights the need for strong security measures an...

[SECURITY] Fedora 39 Update: ansible-core-2.16.0~b2-1.fc39

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed...

Siemens SICAM A8000 Device CPCI85 Firmware Hardcoded Credentials Vulnerability

The SICAM A8000 RTU Remote Terminal Unit series is a modular family of devices for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the CPCI85 firmware of the Siemens SICAM A8000 device, which can be exploited by an attacke...

Slackware: Security Advisory (SSA:2023-284-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 BIG-IP Next SPK Hardcoded Credentials Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A hard-coded credential vulnerability exists in F5 BIG-IP Next SPK, which can be exploited by an attacker with the ability to...

CVE-2023-45226

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

Hardcoded credentials

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-45226 BIG-IP Next SPK SSH vulnerability

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-45226

CVE-2023-45226 affects BIG-IP Next SPK, specifically the f5-debug-sidecar and f5-debug-sshd containers in SPK TMM. The issue is hardcoded credentials that could let an attacker intercept traffic and impersonate the SPK SSH server when ssh debug is enabled. Exposure is documented in multiple sourc...

CVE-2023-45226 BIG-IP Next SPK SSH vulnerability

The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is only exposed when ssh debug is...

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

Hardcoded credentials

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

CVE-2023-36380

The CVE-2023-36380 issue affects Siemens SICAM A8000 CP-8031 and CP-8050 MASTER MODULEs prior to CPCI85 V05.11 when debug support is activated. A hard-coded credential in the SSH authorized_keys configuration enables login if the attacker knows the corresponding private key. The vulnerability is ...

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

K000135874: BIG-IP Next SPK SSH vulnerability CVE-2023-45226

Security Advisory Description The BIG-IP SPK TMM Traffic Management Module f5-debug-sidecar and f5-debug-sshd containers contain hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell SSH server on those containers. This is expos...