Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
CVE: CVE-2021-20035
Last updated: Sept. 23, 2021, 9:29 p.m.
Month: September 2021
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE: CVE-2021-20034
Last updated: Sept. 23, 2021, 9:24 p.m.
A weakness in the SMA100 Series exists when High Availability (HA) pair is active, potentially permitting an operation at a privilege's level that is higher than the minimum level required. If a malicious actor obtains a 'nobody' user shell on an impacted SMA100 device, this can potentially lead to commands being executed with root-level privilege. This is a SMA100 series security weakness, not a vulnerability that can be exploited remotely.
CVE: N/A
Last updated: Sept. 23, 2021, 9:20 p.m.
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts 4.10.5 installer and earlier.
CVE: CVE-2021-20037
Last updated: Sept. 21, 2021, 12:20 a.m.
Describes the Microsoft .NET Framework 4.7.1 Language Pack for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.
Hello everybody!
Sometimes, when the proven solutions can’t be applied to your problem, you need to change the approach and experiment a little. Let’s discuss the alternative method of data recovery from a burnt SSD.
Several years ago our company switched our way of working with SSDs from the PC-3000 Flash to PC-3000 SSD. Why did we do it?
The reason was that recovering data with the chip-off method from SSDs was difficult and time-consuming. It took around 1 week to detect the correct order of the memory chips, fix the ECC errors, eliminate all the controller preparations and, finally, build the image.
It was a real pain even back then, but nowadays it is even more complicated to recover data from SSDs using the chip-off method due to the full encryption of the data inside the NAND memory chip or encryption with the AES-128 key.
These issues can be easily solved and bypassed via the PC-3000 SSD Software for the PC-3000 Express/UDMA/Portable III tools. We add more and more SSDs an..
Hello everybody!
Sometimes, when the proven solutions can’t be applied to your problem, you need to change the approach and experiment a little. Let’s discuss the alternative method of data recovery from a burnt SSD.
Several years ago our company switched our way of working with SSDs from the PC-3000 Flash to PC-3000 SSD. Why did we do it?
The reason was that recovering data with the chip-off method from SSDs was difficult and time-consuming. It took around 1 week to detect the correct order of the memory chips, fix the ECC errors, eliminate all the controller preparations and, finally, build the image.
It was a real pain even back then, but nowadays it is even more complicated to recover data from SSDs using the chip-off method due to the full encryption of the data inside the NAND memory chip or encryption with the AES-128 key.
These issues can be easily solved and bypassed via the PC-3000 SSD Software for the PC-3000 Express/UDMA/Portable III tools. We add more and more SSDs an..
Describes how to resolve a security feature bypass vulnerability exists in the way the Key Distribution Center (KDC) determines whether a Kerberos service ticket can be used for delegation through Kerberos Constrained Delegation (KCD).