Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

PT-2023-6511 · Unknown · Soft Serve

Name of the Vulnerable Software and Affected Versions: Soft Serve versions prior to 0.6.2 Description: A security issue in Soft Serve allows an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

Junos OS PHPRC Environment Variable Manipulation RCE

This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...

TeamCity Server < 2022.10.3 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2022.10.3. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible...

CVE-2023-43660

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

Authentication flaw

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

CVE-2023-42818

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

Authentication flaw

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-43660 SSH key password bypassed in warpgate

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

CVE-2023-43660 SSH key password bypassed in warpgate

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

CVE-2023-43660

Warpgate (Linux bastion for SSH/HTTPS/MySQL) contains an authentication bypass where an unsigned SSH key offer can bypass user key verification. The issue requires the attacker to know the username and a valid target name, and that only SSH public key authentication is used for the user account. ...

CVE-2023-43660 SSH key password bypassed in warpgate

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-42818

JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-43652

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...

Design/Logic Flaw

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...

CVE-2023-43652

CVE-2023-43652 affects JumpServer (open source bastion host). An unauthenticated user can authenticate to the core API using a username and an SSH public key without a password or private key, enabling access to the current user’s information and authorized actions. The vulnerability stems from a...

CVE-2023-43652 Non-MFA account takeover via using only SSH public key to login in jumpserver

JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used ...