Home Security Essential RCE Vulnerability Found in Well-liked Cobalt Strike Hacking Software program

Essential RCE Vulnerability Found in Well-liked Cobalt Strike Hacking Software program

by crpt os


HelpSystems, the company behind the Cobalt Strike software platform, has released an out-of-band security update to address a remote code execution vulnerability that could allow an attacker to take control of targeted systems.

Cobalt Strike is a commercial red-team framework that’s mainly used for adversary simulation, but cracked versions of the software have been actively abused by ransomware operators and espionage-focused advanced persistent threat (APT) groups alike.

The post-exploitation tool consists of a team server, which functions as a command-and-control (C2) component, and a beacon, the default malware used to create a connection to the team server and drop next-stage payloads.

CyberSecurity

The issue, tracked as CVE-2022-42948, affects Cobalt Strike version 4.7.1, and stems from an incomplete patch released on September 20, 2022, to rectify a cross-site scripting (XSS) vulnerability (CVE-2022-39197) that could lead to remote code execution.

“The XSS vulnerability could be triggered by manipulating some client-side UI input fields, by simulating a Cobalt Strike implant check-in or by hooking a Cobalt Strike implant running on a host,” IBM X-Force researchers Rio Sherri and Ruben Boonen said in a write-up.

However, it was found that remote code execution could be triggered in specific cases using the Java Swing framework, the graphical user interface toolkit that’s used to design Cobalt Strike.

“Certain components within Java Swing will automatically interpret any text as HTML content if it starts with <html>,” Greg Darwin, software development manager at HelpSystems, explained in a post. “Disabling automatic parsing of html tags across the entire client was enough to mitigate this behavior.”

CyberSecurity

This means that a malicious actor could exploit this behavior by means of an HTML <object> tag, utilizing it to load a custom payload hosted on a remote server and inject it within the note field as well as the graphical file explorer menu in the Cobalt strike UI.

“It should be noted here that this is a very powerful exploitation primitive,” IBM researchers said, adding it could be used to “construct a fully featured cross-platform payload that would be able to execute code on the user’s machine regardless of the operating system flavor or architecture.”

The findings come a little over a week after the U.S. Department of Health and Human Services (HHS) cautioned of the continued weaponization of legitimate tools such as Cobalt Strike in attacks aimed at the healthcare sector.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex